Copy Link
Add to Bookmark
Report
hwa-hn47
[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99/2000=] Number 47 Volume 1 1999 Dec 19th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
"This newsletter/ezine has been Declassified for the phearing impaired"
____
/ ___|_____ _____ _ __ __ _ __ _ ___
| | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
| |__| (_) \ V / __/ | | (_| | (_| | __/
\____\___/ \_/ \___|_| \__,_|\__, |\___|
|___/
This is #47 covering Dec 13th to Dec 19th
==========================================================================
"ABUSUS NON TOLLIT USUM"
==========================================================================
Mailing list members: 468 Can we bump this up somewhat? spread the word!
==========================================================================
Today the spotlight may be on you, some interesting machines that
have accessed these archives recently...
_ _ _
| | | | ___ | |_
| |_| |/ _ \| __|
| _ | (_) | |_
|_| |_|\___/ \__|
_ _ _ _
| | | (_) |
| |__| |_| |_ ___
| __ | | __/ __|
| | | | | |_\__ \
|_| |_|_|\__|___/
.gov and .mil activity
proxy.gintic.gov.sg
doegate.doe.gov
sunspot.gsfc.nasa.gov
gate1.mcbh.usmc.mil
homer.nawcad.navy.mil
maggie.nawcad.navy.mil
lisa.nawcad.navy.mil
msproxy.transcom.mil
b-kahuna.hickam.af.mil
sc034ws109.nosc.mil
infosec.se
gate2.mcbutler.usmc.mil
sc034ws109.nosc.mil
shq-ot-1178.nosc.mil
dhcp-036190.scott.af.mil
mcreed.lan.teale.ca.gov
dodo.nist.gov
mc1926.mcclellan.af.mil
kwai11.nsf.gov
enduser.faa.gov
vasfw02,fdic.gov
lisa.defcen.gov.au
ps1.pbgc.gov
guardian.gov.sg
amccss229116.scott.af.mil
sc022ws224.nosc.mil
sheppard2.hurlburt.af.mil
marshall.us-state.gov
digger1.defence.gov.au
firewall.mendoza.gov.ar
ipaccess.gov.ru
gatekeeper.itsec-debis.de
fgoscs.itsec-debis.de
fhu-ed4ccdf.fhu.disa.mil
citspr.tyndall.af.mil
kelsatx2.kelly.af.mil
kane.sheppard.af.mil
relay5.nima.mil
host.198-76-34-33.gsa.gov
ntsrvr.vsw.navy.mil
saic2.nosc.mil
wygate.wy.blm.gov
mrwilson.lanl.gov
p722ar.npt.nuwc.navy.mil
ws088228.ramstein.af.mil
car-gw.defence.gov.au
unknown-c-23-147.latimes.com
nytgate1.nytimes.com
There are some interesting machines among these, the *.nosc.mil boxes are
from SPAWAR information warfare centres, good Is It Worth It Followup to see
our boys keeping up with the news... - Ed
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_ ___ ___ _ ___
| | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____
| |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __|
| _ | \ V V / ___ \ _| | | | (_| |> <| |_| | |_ | | | | __/\ V V /\__ \
|_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
http://welcome.to/HWA.hax0r.news/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
# #
@ The HWA website is sponsored by CUBESOFT communications I highly @
# recommend you consider these people for your web hosting needs, #
@ @
# Web site sponsored by CUBESOFT networks http://www.csoft.net #
@ check them out for great fast web hosting! @
# #
# http://www.csoft.net/~hwa @
@ #
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_ _ _ _ _____ _ _ _
| | | | __ _ ___| | _____ _ __( )__| ____| |_| |__ (_) ___
| |_| |/ _` |/ __| |/ / _ \ '__|/ __| _| | __| '_ \| |/ __|
| _ | (_| | (__| < __/ | \__ \ |___| |_| | | | | (__
|_| |_|\__,_|\___|_|\_\___|_| |___/_____|\__|_| |_|_|\___|
Sadly, due to the traditional ignorance and sensationalizing of the mass
media, the once-noble term hacker has become a perjorative.
Among true computer people, being called a hacker is a compliment. One of
the traits of the true hacker is a profoundly antibureaucratic and
democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
This ethic was best formulated by Steven Levy in his 1984 book Hackers:
Heroes of the Computer Revolution. Its tenets are as follows:
1 - Access to computers should be unlimited and total.
2 - All information should be free.
3 - Mistrust authority - promote decentralization.
4 - Hackers should be judged by their hacking not bogus criteria such as
degrees, age, race, or position.
5 - You create art and beauty on a computer,
6 - Computers can change your life for the better.
The Internet as a whole reflects this ethic.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
_____ _ _ _
| ___|__ _ __ _ __ ___ __ _| |_| |_(_)_ __ __ _
| |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` |
| _| (_) | | | | | | | | (_| | |_| |_| | | | | (_| |
|_| \___/|_| |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, |
|___/
A Comment on FORMATTING:
Oct'99 - Started 80 column mode format, code is still left
untouched since formatting will destroy syntax.
I received an email recently about the formatting of this
newsletter, suggesting that it be formatted to 75 columns
in the past I've endevoured to format all text to 80 cols
except for articles and site statements and urls which are
posted verbatim, I've decided to continue with this method
unless more people complain, the zine is best viewed in
1024x768 mode with UEDIT.... - Ed
BTW if anyone can suggest a better editor than UEDIT for
this thing send me some email i'm finding it lacking in
certain areas. Must be able to produce standard ascii.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
__ __ _
| \/ (_)_ __ _ __ ___ _ __ ___
| |\/| | | '__| '__/ _ \| '__/ __|
| | | | | | | | | (_) | | \__ \
|_| |_|_|_| |_| \___/|_| |___/
New mirror sites
*** http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***
http://datatwirl.intranova.net * NEW *
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://net-security.org/hwahaxornews
http://www.sysbreakers.com/hwa
http://www.attrition.org/hosted/hwa/
http://www.ducktank.net/hwa/issues.html.
http://hwazine.cjb.net/
http://www.hackunlimited.com/files/secu/papers/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
* http://hwa.hax0r.news.8m.com/
* http://www.fortunecity.com/skyscraper/feature/103/
* Crappy free sites but they offer 20M & I need the space...
** Some issues are not located on these sites since they exceed
the file size limitations imposed by the sites :-( please
only use these if no other recourse is available.
*** Most likely to be up to date other than the main site.
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
thanks to airportman for the Cubesoft bandwidth. Also shouts out to all
our mirror sites! and p0lix for the (now expired) digitalgeeks archive
tnx guys.
http://www.csoft.net/~hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
http://www.attrition.org/hosted/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa. *DOWN*
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.projectgamma.com/archives/zines/hwa/
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
____ _
/ ___| _ _ _ __ ___ _ __ ___(_)___
\___ \| | | | '_ \ / _ \| '_ \/ __| / __|
___) | |_| | | | | (_) | |_) \__ \ \__ \
|____/ \__, |_| |_|\___/| .__/|___/_|___/
|___/ |_|
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ...
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
**************************************************************************
____| _| |
__| | __ \ _ \ __|
| __| | | __/ |
_____|_| _| _|\___|\__|
Eris Free Net #HWA.hax0r.news
**************************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed ***
*** ***
*** please join to discuss or impart news on from the zine and around ***
*** the zine or just to hang out, we get some interesting visitors you ***
*** could be one of em. ***
*** ***
*** Note that the channel isn't there to entertain you its purpose is ***
*** to bring together people interested and involved in the underground***
*** to chat about current and recent events etc, do drop in to talk or ***
*** hangout. Also if you want to promo your site or send in news tips ***
*** its the place to be, just remember we're not #hack or #chatzone... ***
**************************************************************************
=--------------------------------------------------------------------------=
_____ _ _
/ ____| | | | |
| | ___ _ __ | |_ ___ _ __ | |_ ___
| | / _ \| '_ \| __/ _ \ '_ \| __/ __|
| |___| (_) | | | | || __/ | | | |_\__ \
\_____\___/|_| |_|\__\___|_| |_|\__|___/
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
ABUSUS NON TOLLIT USUM?
This is (in case you hadn't guessed) Latin, and loosely translated
it means "Just because something is abused, it should not be taken
away from those who use it properly). This is our new motto.
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. Creator of Melissa Virus Hired by Rutgers While on Bail .........
04.0 .. Freedom Officially Launched .....................................
05.0 .. Free Linux Firewall Available ...................................
06.0 .. Piratecity Being Sued by Fortunecity ............................
07.0 .. Hacker Stereotyping Continues ...................................
08.0 .. Australian Government Site Defaced In Protest of New Law ........
09.0 .. Russian News Agency, Itar-Tass, Defaced .........................
10.0 .. Irish Web Sites Defaced .........................................
11.0 .. New US Crypto Export Rules Delayed Until January ................
12.0 .. PGP Cryptography Exportable .....................................
13.0 .. Police Fear Freedom .............................................
14.0 .. The NSA, Soon To Not Be So Secret? ..............................
15.0 .. How Much Privacy do You Have? ...................................
16.0 .. Distributed Competition for Eliptic Curve .......................
17.0 .. Slashdot Lists Top Ten Greatest Hacks ...........................
18.0 .. Feds Plead For Mercy ............................................
19.0 .. Etoys in Simple Domain Dispute ..................................
20.0 .. Is It Y2K or Coincidence? .......................................
21.0 .. More information on the PhoneMasters ............................
22.0 .. RST Breaks Netscape Mail in Eight Hours .........................
23.0 .. White House May Further Relax Crypto Controls ...................
24.0 .. Status of Bills Before Congress .................................
25.0 .. Winkler Updates Estimates .......................................
26.0 .. Cryptogram.......................................................
27.0 .. Hong Kong Blondes Give Extremely Rare Interview .................
28.0 .. Netscape Password Issue is Not New ..............................
29.0 .. No E-Commerce Sites Offer Even Basic Privacy Protection .........
30.0 .. Newspaper Fingers Potential Cyber Intruder ......................
31.0 .. Internet Watchdog Defaced For Third Time ........................
32.0 .. Security Focus Newsletter #19....................................
33.0 .. Security Focus Newsletter #22....................................
=-------------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: POSTPONED til further notice, place: TBA..........
Ha.Ha .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _
| | ___ __ _ __ _| |
| | / _ \/ _` |/ _` | |
| |__| __/ (_| | (_| | |
|_____\___|\__, |\__,_|_|
|___/
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _
/ ___|___ _ __ | |_ __ _ ___| |_ ___
| | / _ \| '_ \| __/ _` |/ __| __/ __|
| |__| (_) | | | | || (_| | (__| |_\__ \
\____\___/|_| |_|\__\__,_|\___|\__|___/
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas2@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
____
/ ___| ___ _ _ _ __ ___ ___ ___
\___ \ / _ \| | | | '__/ __/ _ Y __|
___) | (_) | |_| | | | (_| __|__ \
|____/ \___/ \__,_|_| \___\___|___/
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. http://www.antionline.com/
Back Orifice/cDc..................http://www.cultdeadcow.com/
News site (HNN) .....,............http://www.hackernews.com/
Help Net Security.................http://net-security.org/
News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
NewsTrolls .(daily news ).........http://www.newstrolls.com/
News + Exploit archive ...........http://www.rootshell.com/beta/news.html
CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
News site+........................http://www.zdnet.com/
News site+Security................http://www.gammaforce.org/
News site+Security................http://www.projectgamma.com/
News site+Security................http://securityhole.8m.com/
News site+Security related site...http://www.403-security.org/ s
News/Humour site+ ................http://www.innerpulse.com
News/Techie news site.............http://www.slashdot.org
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
http://www.ottawacitizen.com/business/
http://search.yahoo.com.sg/search/news_sg?p=hack
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
http://www.zdnet.com/zdtv/cybercrime/
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
http://freespeech.org/eua/ Electronic Underground Affiliation
http://ech0.cjb.net ech0 Security
http://axon.jccc.net/hir/ Hackers Information Report
http://net-security.org Net Security
http://www.403-security.org Daily news and security related site
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _ _
/ ___| _ _| |__ _ __ ___ (_)___ ___(_) ___ _ __ ___
\___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
|____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
ATTRITION.ORG's Website defacement mirror and announcement lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.attrition.org/mirror/attrition/
http://www.attrition.org/security/lists.html
--
defaced [web page defacement announce list]
This is a public LOW VOLUME (1) mail list to circulate news/info on
defaced web sites. To subscribe to Defaced, send mail to
majordomo@attrition.org with "subscribe defaced" in the BODY of
the mail.
There will be two types of posts to this list:
1. brief announcements as we learn of a web defacement.
this will include the site, date, and who signed the
hack. we will also include a URL of a mirror of the hack.
2. at the end of the day, a summary will be posted
of all the hacks of the day. these can be found
on the mirror site listed under 'relevant links'
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: mcintyre@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
(1) It is low volume on a normal day. On days of many defacements,
traffic may be increased. On a few days, it is a virtual mail
flood. You have been warned. ;)
-=-
--
defaced summary [web page defacement announce list]
This is a low traffic mail list to announce all publicly
defaced domains on a given day. To subscribe to Defaced-Summary, send mail to
majordomo@attrition.org with "subscribe defaced-summary" in the BODY of
the mail.
There will be ONE type of post to this list:
1. a single nightly piece of mail listing all reported
domains. the same information can be found on
http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
-=-
defaced GM [web page defacement announce list]
This is a low traffic mail list to announce all publicly
defaced government and military domains on a given day. To subscribe to
Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm"
in the BODY of the mail.
There will be ONE type of post to this list:
1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
--
defaced alpha [web page defacement announce list]
This is a low traffic mail list to announce via alpha-numeric
pagers, all publicly defaced government and military domains
on a given day. To subscribe to Defaced-Alpha, send mail to
majordomo@attrition.org with "subscribe defaced-alpha" in
the BODY of the mail.
There will be ONE type of post to this list:
1. sporadic pieces of mail for each government (.gov)
or military (.mil) system defaced. the information
will only include domain names. the same information
can be found on http://www.attrition.org/mirror/attrition/
via sporadic updates.
This list is designed primarily for government and military
personell charged with tracking security incidents on
government run networks. Further, it is designed for
quick response and aimed at law enforcement agencies like
DCIS and the FBI.
To subscribe to this list, a special mail will be sent to YOUR
alpha-numeric pager. A specific response must be made within
12 hours of receiving the mail to be subscribed. If the response
is not received, it is assumed the mail was not sent to your
pager.
This list is for informational purposes only. Subscribing
denotes your acceptance of the following:
1. we have nothing to do with the hacks. at all.
2. we are only mirroring the work of OTHER people.
3. we can not be held liable for anything related to these
hacks.
4. all of the points on the disclaimer listed below.
Under no circumstances may the information on this list be used
to solicit security business. You do not have permission to forward
this mail to anyone related to the domain that was defaced.
enjoy.
List maintainer: jericho@attrition.org
Hosted by: majordomo@attrition.org
Relevant Links:
Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
ATTRITION Mirror: http://www.attrition.org/mirror/
-=-
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not
"CC" the bugtraq reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that
reproduction of those words without your permission in any medium outside the distribution of this list may be
challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am pleased to inform you of several changes that will be occurring
on June 5th. I hope you find them as exciting as I do.
BUGTRAQ moves to a new home
---------------------------
First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
below. Other than the change of domains nothing of how the list
is run changes. I am still the moderator. We play by the same rules.
Security Focus will be providing mail archives for BUGTRAQ. The
archives go back longer than Netspace's and are more complete than
Geek-Girl's.
The move will occur one week from today. You will not need to
resubscribe. All your information, including subscription options
will be moved transparently.
Any of you using mail filters (e.g. procmail) to sort incoming
mail into mail folders by examining the From address will have to
update them to include the new address. The new address will be:
BUGTRAQ@SECURITYFOCUS.COM
Security Focus also be providing a free searchable vulnerability
database.
BUGTRAQ es muy bueno
--------------------
It has also become apparent that there is a need for forums
in the spirit of BUGTRAQ where non-English speaking people
or people that don't feel comfortable speaking English can
exchange information.
As such I've decided to give BUGTRAQ in other languages a try.
BUGTRAQ will continue to be the place to submit vulnerability
information, but if you feel more comfortable using some other
language you can give the other lists a try. All relevant information
from the other lists which have not already been covered here
will be translated and forwarded on by the list moderator.
In the next couple of weeks we will be introducing BUGTRAQ-JP
(Japanese) which will be moderated by Nobuo Miwa <n-miwa@lac.co.jp>
and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
from Argentina <http://www.core-sdi.com/> (the folks that brought you
Secure Syslog and the SSH insertion attack).
What is Security Focus?
-----------------------
Security Focus is an exercise in creating a community and a security
resource. We hope to be able to provide a medium where useful and
successful resources such as BUGTRAQ can occur, while at the same
time providing a comprehensive source of security information. Aside
from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
herself!) have moved over to Security Focus to help us with building
this new community. The other staff at Security Focus are largely derived
from long time supporters of Bugtraq and the community in general. If
you are interested in viewing the staff pages, please see the 'About'
section on www.securityfocus.com.
On the community creating front you will find a set of forums
and mailing lists we hope you will find useful. A number of them
are not scheduled to start for several weeks but starting today
the following list is available:
* Incidents' Mailing List. BUGTRAQ has always been about the
discussion of new vulnerabilities. As such I normally don't approve
messages about break-ins, trojans, viruses, etc with the exception
of wide spread cases (Melissa, ADM worm, etc). The other choice
people are usually left with is email CERT but this fails to
communicate this important information to other that may be
potentially affected.
The Incidents mailing list is a lightly moderated mailing list to
facilitate the quick exchange of security incident information.
Topical items include such things as information about rootkits
new trojan horses and viruses, source of attacks and tell-tale
signs of intrusions.
To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBS INCIDENTS FirstName, LastName
Shortly we'll also be introducing an Information Warfare forum along
with ten other forums over the next two months. These forums will be
built and moderated by people in the community as well as vendors who
are willing to take part in the community building process.
*Note to the vendors here* We have several security vendors who have
agreed to run forums where they can participate in the online communities.
If you would like to take part as well, mail Alfred Huger,
ahuger@securityfocus.com.
On the information resource front you find a large database of
the following:
* Vulnerabilities. We are making accessible a free vulnerability
database. You can search it by vendor, product and keyword. You
will find detailed information on the vulnerability and how to fix it,
as well are links to reference information such as email messages,
advisories and web pages. You can search by vendor, product and
keywords. The database itself is the result of culling through 5
years of BUGTRAQ plus countless other lists and news groups. It's
a shining example of how thorough full disclosure has made a significant
impact on the industry over the last half decade.
* Products. An incredible number of categorized security products
from over two hundred different vendors.
* Services. A large and focused directory of security services offered by
vendors.
* Books, Papers and Articles. A vast number of categorized security
related books, papers and articles. Available to download directly
for our servers when possible.
* Tools. A large array of free security tools. Categorized and
available for download.
* News: A vast number of security news articles going all the way
back to 1995.
* Security Resources: A directory to other security resources on
the net.
As well as many other things such as an event calendar.
For your convenience the home-page can be personalized to display
only information you may be interested in. You can filter by
categories, keywords and operating systems, as well as configure
how much data to display.
I'd like to thank the fine folks at NETSPACE for hosting the
site for as long as they have. Their services have been invaluable.
I hope you find these changes for the best and the new services
useful. I invite you to visit http://www.securityfocus.com/ and
check it out for yourself. If you have any comments or suggestions
please feel free to contact me at this address or at
aleph1@securityfocus.com.
Cheers.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
visit http://www.counterpane.com/unsubform.html. Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW. He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Poof Reader: Etaion Shrdlu, Jr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
UPDATED Sept/99 - Sent in by Androthi, tnx for the update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--[ New ISN announcement (New!!)
Sender: ISN Mailing List <ISN@SECURITYFOCUS.COM>
From: mea culpa <jericho@DIMENSIONAL.COM>
Subject: Where has ISN been?
Comments: To: InfoSec News <isn@securityfocus.com>
To: ISN@SECURITYFOCUS.COM
It all starts long ago, on a network far away..
Not really. Several months ago the system that hosted the ISN mail list
was taken offline. Before that occured, I was not able to retrieve the
subscriber list. Because of that, the list has been down for a while. I
opted to wait to get the list back rather than attempt to make everyone
resubscribe.
As you can see from the headers, ISN is now generously being hosted by
Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
machine, and listserv that runs the list now.
Hopefully, this message will find all ISN subscribers, help us weed out
dead addresses, and assure you the list is still here. If you have found
the list to be valuable in the past, please tell friends and associates
about the list. To subscribe, mail listserv@securityfocus.com with
"subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
As usual, comments and suggestions are welcome. I apologize for the down
time of the list. Hopefully it won't happen again. ;)
mea_culpa
www.attrition.org
--[ Old ISN welcome message
[Last updated on: Mon Nov 04 0:11:23 1998]
InfoSec News is a privately run, medium traffic list that caters
to distribution of information security news articles. These
articles will come from newspapers, magazines, online resources,
and more.
The subject line will always contain the title of the article, so that
you may quickly and effeciently filter past the articles of no interest.
This list will contain:
o Articles catering to security, hacking, firewalls, new security
encryption, products, public hacks, hoaxes, legislation affecting
these topics and more.
o Information on where to obtain articles in current magazines.
o Security Book reviews and information.
o Security conference/seminar information.
o New security product information.
o And anything else that comes to mind..
Feedback is encouraged. The list maintainers would like to hear what
you think of the list, what could use improving, and which parts
are "right on". Subscribers are also encouraged to submit articles
or URLs. If you submit an article, please send either the URL or
the article in ASCII text. Further, subscribers are encouraged to give
feedback on articles or stories, which may be posted to the list.
Please do NOT:
* subscribe vanity mail forwards to this list
* subscribe from 'free' mail addresses (ie: juno, hotmail)
* enable vacation messages while subscribed to mail lists
* subscribe from any account with a small quota
All of these generate messages to the list owner and make tracking
down dead accounts very difficult. I am currently receiving as many
as fifty returned mails a day. Any of the above are grounds for
being unsubscribed. You are welcome to resubscribe when you address
the issue(s).
Special thanks to the following for continued contribution:
William Knowles, Aleph One, Will Spencer, Jay Dyson,
Nicholas Brawn, Felix von Leitner, Phreak Moi and
other contributers.
ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
ISN Archive: http://www.landfield.com/isn
ISN Archive: http://www.jammed.com/Lists/ISN/
ISN is Moderated by 'mea_culpa' <jericho@dimensional.com>. ISN is a
private list. Moderation of topics, member subscription, and
everything else about the list is solely at his discretion.
The ISN membership list is NOT available for sale or disclosure.
ISN is a non-profit list. Sponsors are only donating to cover bandwidth
and server costs.
Win2k Security Advice Mailing List (new added Nov 30th)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To subscribe:
send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
to listserv@listserv.ntsecurity.net
Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
questions or comments about the list please feel free to contact the list
moderator, Steve Manzuik, at steve@win2ksecadvice.net.
To see what you've missed recently on the list, or to research an item
of interest, be sure to visit the Web-based archives located at:
http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
==============
NTSecurity.net brings the security community a brand new (Oct 99) and
much-requested Windows security mailing list. This new moderated mailing list,
Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
discussion of Windows-related security issues.
With a firm and unwavering commitment towards timely full disclosure, this
new resource promises to become a great forum for open discussion
regarding security-related bugs, vulnerabilities, potential exploits, virus,
worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
and we openly invite all security minded individuals, be they white hat,
gray hat, or black hat, to join the new mailing list.
While Win2KSecAdvice was named in the spirit of Microsoft's impending product
line name change, and meant to reflect the list's security focus both now and
in the long run, it is by no means limited to security topics centered around
Windows 2000. Any security issues that pertain to Windows-based networking are
relevant for discussion, including all Windows operating systems, MS Office,
MS BackOffice, and all related third party applications and hardware.
The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
a security risk, it's relevant to the list.
The list archives are available on the Web at http://www.ntsecurity.net,
which include a List Charter and FAQ, as well as Web-based searchable list
archives for your research endeavors.
SAVE THIS INFO FOR YOUR REFERENCE:
To post to the list simply send your email to
win2ksecadvice@listserv.ntsecurity.net
To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
listserv@listserv.ntsecurity.net
Regards,
Steve Manzuik, List Moderator
Win2K Security Advice
steve@win2ksecadvice.net
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
__ ___ ___
\ \ / / |__ ___ __ _ _ __ _____ ____|__ \
\ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ /
/ _ \/ /
\ V V / | | | | (_) | (_| | | | __/\ V V / __/_|
\_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_)
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/programming/IRC+ man in black
sas2@usa.net .............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
twisted-pair@home.com......: currently active/programming/IRC+
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
HWA members ......................: World Media
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sla5h.............................: Croatia
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Wyze1.............................: South Africa
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
Sla5h's email: smuddo@yahoo.com
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ ___ ___ _____ _ ___
| | | \ \ / / \ | ___/ \ / _ \
| |_| |\ \ /\ / / _ \ | |_ / _ \| | | |
| _ | \ V V / ___ \ _| _/ ___ \ |_| |
|_| |_| \_/\_/_/ \_(_)_|/_/ \_\__\_\
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck, where the fuck, when the fuck etc ..
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _
/ ___|_ __ ___ ___| |_ ___
| | _| '__/ _ \/ _ \ __/ __|
| |_| | | | __/ __/ |_\__ \
\____|_| \___|\___|\__|___/
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix Vortexia Wyze1
Pneuma Raven Zym0t1c duro
Repluzer astral BHZ ScrewUp
Qubik gov-boi _Jeezus_ Haze_
thedeuce ytcracker
Folks from #hwa.hax0r,news and #fawkerz
Ken Williams/tattooman ex-of PacketStorm,
& Kevin Mitnick
kewl sites:
+ http://www.hack.co.za NEW
+ http://blacksun.box.sk. NEW
+ http://packetstorm.securify.com/ NEW
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ AMD demostrates 900 MHz chips
December 17, 1999
"Advanced Micro Devices Inc. has demonstrated two different versions of its Athlon microprocessor running at 900
MHz. One uses the company's standard 0.18-micron process with aluminum interconnects, while the second is
produced at the same line width but comes from AMD's Dresden, Germany, fab and features copper interconnects."
Thanks to myself for providing the info from my wired news feed and others from whatever
sources, also to Spikeman for sending in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yeah we have a message board, feel free to use it, remember there are no stupid questions...
well there are but if you ask something really dumb we'll just laugh at ya, lets give the
message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org
domain comes back online (soon) meanwhile the beseen board is still up...
==============================================================================
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* Ok i'm nearly caught up here, that sick period really
* fucked up all my scheduling, thats what happens when
* ya do something all yerself. Anyways enjoy .... next
* ish, Christmas/New years issue.
*
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
-= start =--= start =--= start =--= start =--= start =--= start =--= start
____ _ _
/ ___|___ _ __ | |_ ___ _ __ | |_
| | / _ \| '_ \| __/ _ \ '_ \| __|
| |__| (_) | | | | || __/ | | | |_
\____\___/|_| |_|\__\___|_| |_|\__|
/ ___|| |_ __ _ _ __| |_
\___ \| __/ _` | '__| __|
___) | || (_| | | | |_
|____/ \__\__,_|_| \__|
-= start =--= start =--= start =--= start =--= start =--= start =--=
03.0 Creator of Melissa Virus Hired by Rutgers While on Bail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by nvirb
Rutgers University Foundation hired David L. Smith, the
creator of the Melissa Virus, while he was free on
$100,000 bail. The University said that he went through
the normal hiring process, submitted a resume and had
references checked but that he was not recognized as
the creator of the virus. (Proves that you never know
who works for whom. Remember that the next time
you hear someone say 'We don't hire hackers'.)
Reuters - via Detroit Free Press
http://www.freep.com/news/nw/virus12_19991212.htm
Rutgers hired Melissa virus
creator
December 12, 1999
REUTERS
NEW BRUNSWICK, N.J. -- David Smith, the
New Jersey computer programmer who pleaded
guilty Thursday to creating the destructive Melissa
computer virus, was hired as a computer technician
by the Rutgers University Foundation while he was
on bail, the university said Saturday.
A spokeswoman said that
when the foundation hired
him, it did not recognize
Smith as the suspected
author of the virus, which
infected e-mail systems
around the world in March.
Smith, 31, submitted a
resume in answer to a
newspaper advertisement
and was hired Sept. 20 while out on $100,000 bail
following his arrest in April. He went about his
work quietly and unrecognized for two months,
trouble-shooting computers in foundation offices.
He quit Dec. 3, a week before his court
appearance, citing personal reasons. "Now we
know what they were," Rutgers spokeswoman
Pamela Blake said.
Smith went through a normal hiring process,
providing credentials supporting his qualifications
and references that were checked. "He wasn't
recognized," Blake said. "People did not make that
connection when he was hired. At no time during
the process was the Melissa virus mentioned. None
of his references mentioned the virus."
None of the foundation's 100 employees or
administrators whom Smith worked among
recognized him.
Interviewers did not ask Smith if he had ever been
arrested or was awaiting trial because it is illegal to
do so.
Smith, of Aberdeen, N.J., faces a maximum five
years in prison and $250,000 in fines on the federal
charge of knowingly unleashing the virus on more
than a million computer networks and e-mail
systems and causing $80 million in damage.
The foundation is the public university' fund-raising
arm that brought in $60.6 million for the fiscal year
ending in June. In his position, Smith had access to
foundation accounts. An initial review of the
foundation's computer system did not turn up any
viruses or irregularities, but it continues to be
monitored. "Obviously, we're concerned," Blake
said.
Smith did not have access to the computer systems
of the university itself.
He is free on bail pending his May 15 sentencing in
Newark, N.J., by U.S. District Court Judge Joseph
Greenaway. His sentencing in Freehold, N.J., on a
state charge of disrupting public communications
systems will follow.
@HWA
04.0 Freedom Officially Launched
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Anonymous
HNN readers got advance notice almost two weeks ago
but Zero-Knowledge is set to officially unveil Freedom
today. If your looking for complete anonymity while
using the Internet then you need Freedom.
C|net
http://news.cnet.com/news/0-1005-200-1491501.html?tag=st.ne.1002.thed.1005-200-1491501
Freedom 1.0
http://www.zks.net/clickthrough/click.asp?partner_id=542
New product guarantees online anonymity
By Courtney Macavinta
Staff Writer, CNET News.com
December 13, 1999, 3:40 a.m. PT
Zero-Knowledge Systems will unveil an online privacy tool today to let Net
users conceal their true identities.
And just like the company's name implies, it won't know who they are,
either.
Under a limited release of 10,000 copies per week, Zero-Knowledge's
Freedom allows users to create pseudonyms to surf the Web, register at
sites, send email, post to newsgroups and chat. But online shoppers, who
give up droves of personal information, probably won't use the
current version of Freedom because most e-commerce sites rely on credit
cards for payment and physical addresses to deliver products.
Many people who use the Net to express opinions, meet people, and collect
articles and music think they are acting anonymously. But the fact is that
their Internet service providers can keep track of them, as can Web sites
that employ technologies such as cookies.
Moreover, online consumers are routinely asked to hand over their names,
ages, home addresses, incomes, credit card numbers and details about their
shopping habits. Many comply, adding to data repositories that make it
possible for companies to build profiles of people, track their online
activities with greater accuracy, and target them with Web advertising.
But for those who want to troll the Net incognito,
Montreal, Canada-based Zero-Knowledge is about to
offer one of the most advanced privacy protection
tools.
Most products on the market today, such as tools
offered by Enonymous and Novell's Digitalme, are
personal-information managers that let Net users
create various profiles with home or business
information that can be used to automatically fill
in Web registration forms. Lucent Technologies'
ProxyMate also lets people fill in online forms
using their true identities or aliases.
But with Freedom, users' online activities are
encrypted and routed through a globally distributed
network of servers that make it impossible to know
where users are physically located or who they
really are. To ensure that people's actual
identities are not linked to their Freedom
pseudonyms, they will buy $10 tokens and cash them
in for "nyms." So all Zero-Knowledge ever knows
about a person is that he or she purchased a token,
according to the company.
"Zero-Knowledge has no data that can be used to
compromise a user's privacy," said Austin Hill, the
company's president.
Zero-Knowledge Systems, which has raised $14
million in venture capital, also won't be hindered
by White House encryption export controls.
The U.S. rules require licenses for the strong encryption products, and
the FBI is constantly lobbying for so-called key-recovery features that
could give them access to a person's private key to unlock their encrypted
data.
Law enforcement and powerful intellectual property owners--such as the
record and music industries--don't want Net users to be completely
anonymous because obviously, that makes them harder to bust if they are
suspected of trafficking pirated material or committing other
Net-based crimes.
"I'm not worried about it. We're not exporting or building encryption
[from within] the United States," Hill said. "We took an active stance to
educate law enforcement [such as] the Department of Justice. Generally the
conversation is: 'Can you build in a backdoor?' and we say 'No.'"
If presented with a subpoena, however, Zero-Knowledge can shut off a
pseudonym if it's being used to allegedly commit crimes.
@HWA
05.0 Free Linux Firewall Available
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Kim
Phoenix Adaptive Firewall, the first Linux firewall on the
market, will be given away for personal use starting
today. Phoenix has been certified by the International
Computer Security Association (ICSA).
Progressive Systems, Inc.
http://www.progressive-systems.com
@HWA
06.0 Piratecity Being Sued by Fortunecity
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/ and Piratecity staff
contributed by Overlord
Piratecity.com, which offers free web space for
underground sites, is being sued by free web page giant
Fortunecity.com. The suit claims that Piratecity.com is
infringing on Fortunecity.com's copyright without
authorization which results in unfair competition, name
brand dilution and causes confusion among customers.
Piratecity.com intends to contest this litigation and is
asking for support.
PirateCity.com
http://www.piratecity.com/news.htm
On behalf of Piratecity. We report receipt of Legal Papers actioned by
Fortunecity.com against us claiming copyright infringement. (see below)
They bleat on about, no authorization and unfair competition, dilution and
causing confusion among customers. This is rich, coming from an
organization that systematically allowed the Internet Underground
H/V/P/C/A, to upload sites and publicize URLs which guaranteed huge
amount of traffic for Fortunecity.
Once the site was popular, hit-wise, the site was then removed and the
"ERROR 404" traffic was directed to the Fortunecity Homepage.
This information was passed directly to John Stevens by a former employee
of Fortunecity and this inspired the creation of Piratecity with its
"Content Violation Free" concept based on a Fortunecity style Web-based
Community catering for the Internet Undergound, now the Underground
is flocking to Piratecity and we are signing up 500 new members per week.
We intend to contest this litigation and ask for support and help in any
way possible and for hackers worldwide to boycott Fortunecity. This is
not about copyrights, it is about hits.
Please see the letter below.
December 9, 1999
BY FACSIMILE AND FEDERAL EXPRESS
Dear Mr. Congleton:
We are counsel for FortuneCity.com , Inc. (FortuneCity), the long
time owner of the copyrights, trademarks, trade dress and other
intellectual property interests for various graphics, images, marks
and trade dress contained on FortuneCitys web site (collectively,
the Proprietary Interests).
It has recently come to our clients attention that your web site,
uses FortuneCitys Proprietary Interests without authorization.
The posting of FortuneCitys graphics, images, marks and other
Proprietary Interests onto PirateCity.coms (Pirate City) web
site constitutes blatant copyright infringement, trademark
infringement, unfair competition, dilution, violation of FortuneCitys
trade dress, and other causes of action under state and federal law.
Furthermore, the use of FortuneCitys Proprietary Interests on Pirate
Citys web site is likely to cause confusion among consumers, and
dilutes the distinctive quality of FortuneCitys trademarks and
trade dress, among other wrongs.
Accordingly, on behalf of our client, we hereby demand that you
immediately cease all use of FortuneCitys Proprietary Interests on or
in connection with your web site, or otherwise, that infringes our
clients rights in the Proprietary Interests, and that you relinquish
all rights you may have sought over the graphics, images, marks and
other Proprietary Interests.
In the absence of your response in accordance with the foregoing by
December 20, 1999, appropriate action will be taken against Pirate City
to enjoin Pirate Citys use of the Proprietary Interests. We will also
consider seeking temporary, preliminary and permanent injunctive relief,
as well as damages for the harm suffered and which continues to be
suffered by our client, together with attorneys fees because of the
wrongful deprivation caused by your clearly intentional illegal use of
our clients Proprietary Interests. It is our intention to take action
against all persons, jointly and severally, who have acted with respect
to the illegal use of these Proprietary Interests.
The foregoing does not purport to constitute a complete statement of the
position of FortuneCity in connection with this matter, and any and all
rights, remedies, claims or defenses otherwise available to us under the
circumstances are expressly reserved.
Very truly yours,
Michael S. Elkin
Our Official statement in regard to this matter is as follows:
"On behalf of Piratecity.com, I hereby declare that we intend to fight this
litigation both inside and outside the Courts. We believe in fair competition,
and disagree with allegations to the effect that we are in some way interfering
with Fortunecity.com This is wholly untrue, our domain names are completely
different.
Since these threats came to light, we have been overwhelmed with support from
the hacker community. It is independently the intention of these supporters to
"destroy" interests of Fortunecity.com by any means possible, should litigation
continue".
John Stevens. Piratecity.com
@HWA
07.0 Hacker Stereotyping Continues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by no0ne
Holywood never gets it right, and now Broadway (or off
Broadway in this case) screws it up as well. Arthur
Kopit's new off Broadway play 'Y2K' changes the
traditional hacker stereotype from nerdy computer geek
to evil doer out to take over the world. Mass media
should just give up in trying to pigeon hole a culture.
NY Times - yes registration is required
http://www.nytimes.com/library/review/121299hackers-image-review.html
($$)
@HWA
08.0 Australian Government Site Defaced In Protest of New Law
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by no0ne
The Australian Broadcasting Authority's (ABA) web site
was defaced over the weekend. The main page was
replaced with one containing an obscene rant against
the new Online Services Amendments law, which will be
administered by the ABA. The new law is set to take
effect next month.
Australian Broadcasting Corporation
http://www.abc.net.au/news/science/internet/1999/12/item19991210163329_1.htm
Wired
http://www.wired.com/news/politics/0,1283,33010,00.html
A spokesperson for Electronic Frontiers Australia said
that they also oppose the new laws but that defacing
web pages does not help the anti-censorship cause.
Australian Broadcasting Corporation
http://www.abc.net.au/news/science/internet/1999/12/item19991211105245_1.htm
ABC #1
Hacker slams Net censorship laws
A security breach at a Federal Government Internet
website has allowed a computer hacker to post a vitriolic
attack on the Federal Government's new Internet
censorship laws, which come into place next month.
The hacker, calling himself Ned R, overwrote the
Australian Broadcasting Authority's (ABA) website with an
obscene diatribe against the new laws, which will be
administered by the ABA.
The hacker described the Australian Government as
"clueless' over the provisions of the Online Services
Amendments law which have been widely condemned by
the Internet industry as "unworkable".
Kimberly Heitman, from Electronic Frontiers Australia,
says his organisation also opposes the new law, but hacks
like that on the ABA website are "misdirected anger".
Mr Heitman says the ABA, as public servants, are not
responsible for the law and computer hacking of computer
websites "doesn't help the cause at all".
-=-
Wired;
Cracker Defiles Aussie Authority
by Stewart Taggart
8:30 a.m. 10.Dec.1999 PST
SYDNEY, Australia -- For almost half a
day, the censor itself was censored.
After a cracker defaced and placed
obscenities on the homepage of the
Australian Broadcasting Authority (ABA)
early Friday morning, the regulatory
agency was forced to take its Web site
offline.
See also: All About Aussie Online Laws
"We're investigating, and awaiting a
report from our ISP," said ABA
spokeswoman Anne Hewer.
The vandalism was done as a protest
against the nation's controversial new
online censorship laws, which go into
effect 1 January. The ABA is the
government agency responsible for
regulating and licensing the nation's
broadcasting industry and is required to
uphold the new law.
The Web site crack appears to have
occurred sometime in the early hours of
Friday morning. In a rambling, jumbled
diatribe placed at the bottom of the
homepage, the hacker -- identified only
as "Ned R." -- taunted the organization.
The site remained offline for most of the
day Friday, but has since been
reactivated.
"You can't [^%$#($^] censor me," the
cracker wrote. "If a message wants to
get out, it will."
"People only now can get connectivity
the USA has enjoyed for years. And now
one of the greatest resources we gave
for free speech and free learning will be
stifled by a vocal minority with no
understanding of the underlying
technology."
The message ended with the cracker
apologizing for his various typos and bad
spelling because "I was high on
methyldioxymethamphetamines and
crack."
Passed by Australia's legislature 30 June,
Australia's new online content laws
institute a complaint-driven system of
Internet content regulation that
ultimately empowers the ABA to legally
force content providers to take down
material from Web servers located in
Australia.
After the ABA investigates a complaint
about the content on any Web site
regardless of location, it can request that
the nation's classification authority for
books and movies rate the content. If the
content is deemed excessively sexually
explicit, violent, or offensive, it can be
ordered to be taken down if it is hosted in
Australia. ISPs will be required to offer
subscribers home filtering software that
can block access to similarly offensive
sites that are located outside Australia.
Free speech advocates have opposed the
new law as at best, unworkable and at
worst, part of a trend toward
circumscribing citizens' rights to think
independently. For its part, the Australian
government acknowledges the law isn't
perfect, but stresses something must be
done to protect children against the
Internet's more unsavory corners.
Ms. Hewer said the ABA has outsourced
technical management of its Web site to
a commercial ISP, which it has used for
about the last 18 months. She said this
morning's attack was the second
substantive disruption to the site in
recent months by opponents of the new
online content law, but that the previous
attack didn't force the ABA to take its
Web site offline.
"Last time we didn't shut down the site,
but just altered the page," she said. "This
time we shut the site down for security
reasons."
-=-
ABC #2
EFA 'understands' hacker's attack
on Internet laws
An organisation promoting freedom of speech on the
Internet says it can understand the motives of a hacker
who posted an attack on new censorship laws on a
government website.
The hacker, calling himself Ned R, targeted the Australian
Broadcasting Authority's (ABA) site, writing an obscene
attack on new Internet censorship laws, which will come
into effect on January 1.
Kimberly Heitman, from Electronic Frontiers Australia,
says he too opposes the laws but the hacker has not
helped the anti-censorship cause through his actions.
"It's very much like a graffiti operation," Mr Heitman said.
"But ... I think this criticism and indeed the hack is a very
misplaced effort by reason of the fact that this is a
government or indeed a political decision and not one
which the bureaucrats in the ABA can really be held
responsible for."
@HWA
09.0 Russian News Agency, Itar-Tass, Defaced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Underprivileged User
Russian news agency, Itar-Tass, had its web site
defaced yesterday by people opposed to the Russian
military campaign in Chechnya. Administrators took the
site off line for over an hour to repair the damage.
BBC
http://news.bbc.co.uk/hi/english/world/europe/newsid_561000/561576.stm
Australian Broadcasting Corporation
http://www.abc.net.au/news/newslink/weekly/newsnat-13dec1999-51.htm
(404)
Reuters - via Yahoo
http://dailynews.yahoo.com/h/nm/19991212/wr/russia_website_1.html
Sunday, 12 December, 1999, 18:15 GMT
Hackers attack Russian
news site
The Russian offensive has caused widespread
misery
Hackers opposed to the Russian military
campaign in Chechnya have attacked the
website of the Russian news agency
Itar-Tass.
The site was out of action
for more than an hour
while computer technicians
repaired the damage.
The hackers left a message on the Tass
site, which said: "We're here to fight evil
and our power is growing."
Tass said the hackers had sent an e-mail
protesting against the "murder of peaceful
Chechens".
A spokesman said: "They called
themselves 'Princes of Darkness' and
'Angels of Freedom'. They demanded that
Russia stop the war in Chechnya."
Identity unknown
The agency, referring to the hackers as
"computer terrorists", reported that it did
not know who was responsible for the
attack.
Russia says its campaign in Chechnya is
targeting terrorists responsible for a series
of bomb attacks in Russia.
But the West, which has widely
condemned Russia's actions, says
innocent civilians are being killed.
The Russian media, including Itar-Tass,
have been largely supportive of the
campaign, which also enjoys widespread
public support, and the tactics being
employed.
The Chechens accuse Russia's media of
unquestioningly publishing government
and military propaganda.
They have their own website, which they
use to report news from the various front
lines in Chechnya, and which the Russians
say is little more than a forum for
misinformation.
-=-
Reuters
Sunday December 12 11:05 AM ET
Hackers Raid Tass Agency Web site in Chechen Protest
MOSCOW (Reuters) - Russia's Itar-Tass news agency said Sunday
its Internet site had been hacked into by ``computer terrorists''
demanding that Russia halt its military campaign in Chechnya.
``They called themselves 'princes of darkness' and 'angels of
freedom' and demanded that Russia stop the war in Chechnya,''
a spokesman for the agency said by telephone.
Tass said the site raiders had sent an e-mail protesting over the
``murder of peaceful Chechens.''
It added that the identity of the hackers was unknown and that it
was working to repair the damage.
The West has fiercely criticized Moscow's military campaign to
clear the breakaway North Caucasus region of Islamic separatist
fighters it calls ``international terrorists,'' saying that innocent
people are suffering.
Russian media have strongly backed Russia's tactics and the campaign
enjoys widespread public support.
@HWA
10.0 Irish Web Sites Defaced
~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by John
The website for Irish Telecom's company Eircom ISP was
defaced at around noon local time last Friday. Earlier
last week an Irish radio station FM104 was also
defaced.
Hack Watch News
http://www.iol.ie/~kooltek/welcome.html
@HWA
11.0 New US Crypto Export Rules Delayed Until January
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Blaupause
The Clinton administration will delay by about a month
the release of new rules easing export of encryption
products, missing the previously announced Dec 15th
deadline. A draft of the new rules has drawn widespread
criticism and it appears it's going to take a bit longer to
work out the revised crypto legislation.
Reuters - via San Jose Mercury News
http://www.sjmercury.com/svtech/news/breaking/merc/docs/044439.htm
Posted at 2:34 p.m. PST Monday, December 13, 1999
U.S. to delay until January encryption export rules
WASHINGTON (Reuters) - The Clinton administration will delay by about
a month the release of new rules easing export of computer data-scrambling
products, missing a previously announced December 15 deadline, sources
familiar with the rules said Monday.
In September, the administration announced it would dramatically
relax export restrictions on encryption products, which have become an
increasingly critical means of securing global communications and
electronic commerce on the Internet.
The announced easing of export restrictions reflected the growing
importance of encryption in commercial, non-military industries, as well
as the growth of non-U.S. companies willing and able to meet market demand
for encryption products.
But a draft of the new administration rules issued last month drew
widespread criticism from high-tech companies and Internet advocacy
groups, who complained the proposal was unworkable and fell short of the
promises announced in September.
Sources familiar with the new rules said the administration needed more
time than expected to revise the draft rules.
Software vendors like Microsoft Corp. and Network Associates Inc., hardware
makers like IBM Corp. and Cisco Systems along with privacy and Internet
advocacy groups have been lobbying for years for easier encryption exports.
@HWA
12.0 PGP Cryptography Exportable
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
Network Associates has been granted an export license
for the popular PGP software. This allows NAI to ship its
full strength encryption software almost anywhere.
Specific details regarding the export license and its
restrictions where not provided.
Info World
http://www.infoworld.com/articles/en/xml/99/12/13/991213enpgp.xml
Network Associates Inc.
http://www.nai.com/asp_set/about_nai/press/releases/pr_template.asp?PR=/PressMedia/12131999.asp&Sel=647
From InfoWorld.com
United States grants PGP encryption export
license
By Nancy Weil
The U.S. government has granted Network Associates a license to export its PGP encryption software -- a
move that the company termed "landmark" in an announcement Monday.
The license will allow Network Associates to ship its full-strength PGP (Pretty Good Privacy) encryption
software to most nations worldwide without restriction. Exports to some countries -- such as Cuba and Iraq --
remain off limits even as the Clinton administration moves toward loosening restrictions.
The decision to grant the license precedes the expected new export control policy from the White House,
another fact hailed by Network Associates in its written announcement Monday. The move will "point the
way" for other U.S. companies, including those who sell products online, the Santa Clara-Calif.-based security
software vendor said.
Additional details regarding the license and its conditions were not provided.
The Clinton administration last month circulated a draft of its new proposed regulations for encryption export.
Although the new policy proposal loosens restrictions, some members of Congress were chagrined that the
draft calls, for example, for export of shrink-wrapped encryption software through retail outlets independent of
the manufacturer.
That language, according to some critics, would allow traditional retail stores an advantage over e-commerce
merchants. U.S. Rep. Zoe Lofgren, a California Democrat, criticized the draft language, but said that she had
talked to Clinton and also wrote a follow-up letter to him regarding her concerns, and was assured that he and
his staff will work to resolve the remaining issues.
The final encryption plan is expected to be released on Wednesday.
Network Associates Inc., in Santa Clara, Calif., is at www.nai.com .
Nancy Weil is a Boston correspondent for the IDG News Service, an InfoWorld affiliate.
@HWA
13.0 Police Fear Freedom
~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
New software from Zero-Knowledge Systems has police
concerned. Freedom software lets people remain
anonymous while sending e-mail, chatting and visiting
Web sites. A spokesperson for the National Association
of Chiefs of Police has said "It's going to make it a little
more difficult to trace wrongdoers."
Nando Times
http://www.nandotimes.com/technology/story/body/0,1634,500142292-500169082-500633455-0,00.html
Freedom 1.0
http://www.zks.net/clickthrough/click.asp?partner_id=542
(Sure get a lot of publicity don't they? - Ed)
Internet anonymity service raises abuse concerns
Copyright © 1999 Nando Media
Copyright © 1999 Associated Press
By DAVID E. KALISH
NEW YORK (December 14, 1999 7:05 a.m. EST http://www.nandotimes.com) -
A service intended to give Web users anonymity concerns authorities,
who fear it could compromise their ability to track illegal activity on
the Internet.
The service from Zero-Knowledge Systems Inc., based in Montreal, would
let people remain anonymous while sending e-mail, chatting and visiting
Web sites. Such thoroughness could frustrate law enforcement officials
trying to track down shady Web users who send abusive e-mail and exchange
such material as child pornography and pirated software.
"It's going to make it a little more difficult to trace wrongdoers," said
Bob Wallace, a spokesman for the Miami-based National Association of Chiefs
of Police.
To use the service, Web surfers go to Zero-Knowledge's site, www.freedom.net,
and download special software that scrambles information and also lets them
use up to five pseudonyms instead of their real e-mail addresses.
The Zero-Knowledge technology obscures the sender's Web trail by identifying
just the final portion of the computer network used to transmit the information.
The service, which works only with Windows 95 and 98 systems, costs $50,
though a free 30-day trial is available. The company is limiting the offer
to 10,000 users a week through February to make sure it's reliable.
"The system has been purposely designed to make sure we have nothing of
substance" to identify a user, said Austin Hill, the company's president
and co-founder.
Zero-Knowledge says it developed the software to address an increasing concern
among users that Internet companies are using technology to track people's
personal information - everything from buying habits to home addresses to
age.
Privacy advocates agree that Zero-Knowledge's product fills a demand for greater
anonymity.
"Anonymous speech is inconvenient and sometimes has bad consequences, but if
you removed it we would be living in a very dangerous world," said Jason Catlett,
president of Junkbusters Corp., a privacy advocacy and consulting firm
in Green Brook, N.J.
Zero-Knowledge says it is based in Canada in part because the nation has rules
that are less restrictive than the United States in governing the export of
encryption technology. But it has met with officials at the U.S. Department of
Justice and plans to meet with the Federal Bureau of Investigation to brief them
on the service.
The company says it has taken steps to minimize the chances its service could be
abused. For example, a user can send only a limited number of e-mails, limiting
the service's appeal to "spammers" who want to anonymously bombard
consumers with marketing messages.
@HWA
14.0 The NSA, Soon To Not Be So Secret?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
Where has the NSA been and what is its future? Wired
takes a look at some of the past shenanigans of the
agency and what lies before it in possible upcoming
congressional hearings.
Wired
http://www.wired.com/news/politics/0,1283,33026,00.html
Spies Left Out in the Cold
by Declan McCullagh
3:00 a.m. 13.Dec.1999 PST
It's enough to spook any spy. Congress plans to hold hearings next year that will,
for the first time in a quarter century, investigate whether the National Security
Agency is too zealous for our own good.
Much has changed since those hearings in 1975. Instead of being a place so secretive
that the Department of Justice once abandoned a key prosecution rather than reveal
the National Security Agency's existence in court, "the Fort" has become enmeshed in
popular culture.
Techno-thrillers like Enemy of the State, Mercury Rising, Sneakers, and even
cut-rate TV series like UPN's 7 Days regularly depict NSA officials -- to their
chagrin -- as eavesdrop-happy Nixonites.
But one thing has remained the same. The agency is barred from spying inside the
United States and is supposed to snoop only on international communications. Through
a system reportedly named Echelon, it distributes reports on its
findings to the US government and its foreign allies.
Do those findings include intercepted email messages and faxes sent by Americans to
Americans? Maybe, and that's what's causing all the fuss.
News articles on Echelon have captured the zeitgeist of the moment, spurred along by
PR stunts like "Jam Echelon" day. Newsweek reported this week that the NSA is going
to "help the FBI track terrorists and criminals in the United States." (The agency
denied it.) A 6 December New Yorker article also wondered about the future of Fort
George Meade.
That future could look a lot like the past: congressional action that, in the end,
doesn't amount to much. For this article, Wired News reviewed the original documents
and transcripts from the Church committee hearings that took place in the Watergate
-emboldened Senate in 1975. The Select Committee to Study Governmental Operations
with Respect to Intelligence Activities published its final report in April 1976.
It wasn't an easy process. NSA defenders tried their best to kick the public out of
the hearing room and hold the sessions behind closed doors. "I believe the release of
communications intelligence information can cause harm to the national security,"
complained Senator Barry Goldwater, a Republican who voted against disclosing
information on illicit NSA surveillance procedures and refused to sign the final
report.
"The public's right to know must be responsibly weighed against the impact of
release on the public's right to be secure.... Disclosures could severely cripple
or even destroy the vital capabilities of this indispensible safeguard to our
nation's security," said another senator.
But Democratic Senator Frank Church and his allies on the committee prevailed, and
disclosed enough information to give any Americans the privacy jitters. Among the
findings:
Shamrock: In 1945, the NSA's predecessor coerced Western Union, RCA, and ITT
Communications to turn over telegraph traffic to the Feds. The project was codenamed
Shamrock. "Cooperation may be expected for the complete intercept coverage of this
material," an internal agency memo said.
James Earl Ray: When the Feds wanted to find the suspect in the Martin Luther King
Jr. assassination, they turned to the NSA. Frank Raven, chief of the G Group,
received a direct order in May 1968 to place Ray's name on the watch list. It turned
up nothing and Ray was eventually nabbed in London, Raven said when interviewed for
the book The Puzzle Palace. At another point the FBI demanded complete NSA surveillance
of all Quakers, in the mistaken
belief that the group was shipping food to Vietnam.
Huston plan: Tom Charles Huston, an aide to H.R. Haldeman, organized a
meeting in June 1970 between Nixon and his agency chiefs, including the FBI,
CIA, NSA, and Defense Intelligence Agency. According to the Nixon papers, the
president wanted to collected intelligence about "revolutionary activism." The
presidential directive that came out of that meeting ordered the NSA to expand
its surveillance and evaluate "domestic intelligence."
Peace activists: At the Pentagon's request, the NSA monitored the communications
of '60s peace activists. The order came from the military unit responsible for
quelling "civil disturbances," which wanted to know if foreign agents
were "controlling or attempting to control or influence activities of US 'peace'
groups and 'black power' orgs." An internal NSA memo creating the Minaret project
said it would focus on people involved in "anti-war
movements/demonstrations."
Drug war: Civil libertarians like to say that any "war" results in eroded freedom,
and they seem to have been right in this case. "This is to express my desire to
receive information produced by your agency which will assist the BNDD to
more effectively combat the illicit traffic in narcotics and dangerous drugs,"
wrote John Ingersoll, head of the then-Bureau of Narcotics and Dangerous Drugs.
The NSA complied. Ingersoll's April 1970 request appears to have been
prompted by President Nixon's public declaration of the so-called war on drugs.
The Church committee eventually prepared an exhaustive -- and damning -- 396-page
report that detailed how the NSA and other agencies had run amok for the previous
few decades. One conclusion by the panel's chairman:
Congress has a "particular obligation to examine the NSA, in light of its tremendous
potential for abuse.... The danger lies in the ability of NSA to turn its awesome
technology against domestic communications."
But it's not clear how much has changed. Some experts believe that not even top
NSA officials know everything that happens at the agency, and it's a fair bet
that the Senate committee didn't get all the information it wanted.
That might be happening again. Widespread rumors that the NSA regularly engages
in illegal surveillance of US citizens -- a rumor fueled by the Echeleon buzz --
gained more credibility this year when the agency refused to turn over
important information to Congress.
Citing attorney-client privilege, the NSA declined to reveal information about
its internal operating procedures.
In an angry response, the House Select Committee on Intelligence drafted a
requirement forcing the NSA and the attorney general to prepare a report by the
end of January. Committee members expect "a detailed analysis of the legal
standards employed by elements of the intelligence community in conducting
signals intelligence [electronic or radio communication] activities, including
electronic surveillance."
President Clinton signed the measure as part of a spending bill, and the chairman
of the House Government Reform Committee pledged to hold hearings in 2000.
Since then, the NSA has managed to soothe hurt feelings on Capitol Hill, and the
House Intelligence committee seems to be trying to limit public scrutiny of the
agency by other legislators.
The Intelligence committee, headed by Representative Porter Goss (R-Florida),
"may seek to either stall hearings before the Government Reform Committee or
dissuade intelligence community officials from testifying before it," according
to a report in the 2 December issue of Intelligence Newsletter.
Not likely, replies a committee staffer. "Chairman [Dan] Burton has pledged to
hold the hearings so there will be hearings. A date has not been set yet," said
Mark Corallo, a spokesman for the Government Reform committee.
Corallo said the law does not allow NSA officials to ignore subpoenas from a
non-intelligence committee.
One legislator intent on seeing the hearings happen is Representative Bob Barr
(R-Georgia), a prominent privacy advocate and former CIA employee who earlier
this year asked Burton to schedule them.
One Hill source said the hearing is more likely to happen in the second half of
the year.
Barr said he hopes the hearings will "determine if changes need to be made to
existing [law] to ensure that it fits modern technology."
"I don't know why anyone would object to hearings to determine if the NSA is
operating within the bounds of US law. I would certainly hope not," Barr said
in an interview Friday evening.
"Oversight has to be a once-in-a-generation.... If Congress doesn't exercise
regular as well as periodic oversight, then agencies are going to get away with
as much as they can," he said.
As preparation, Barr asked the Congressional Research Service, part of the
Library of Congress, to prepare a report on the authority of the NSA to intercept
electronic communiations -- both inside and outside the country.
The conclusion was, well, inconclusive.
"We have found no explicit statutory or Executive Order language giving the
National Security Agency express authority to engage in interception of wire,
oral, or electronic communiations," the 10 November report said. But the
researchers said the Foreign Intelligence Surveillance Act (FISA) "appears to
anticipate" electronic snooping.
Look for that uncertain justification for surveillance to be a big focus of
the hearings -- assuming they occur.
Advocates haven't been quiet. The ACLU and other groups recently launched
echelonwatch.org to focus public attention on the NSA and Echelon.
"The hearings are necessary so Congress can determine whether the NSA is
listening in on conversations that Congress intended be private absent a
court order," said Greg Nojeim, ACLU legislative counsel. "We also hope
the hearings
would expose any holes in the court order requirement of the FISA that need to
be plugged."
Marc Rotenberg, director of the Electronic Privacy Information Center, said he
hopes for four things: "public hearings, review, reform, and accountability."
@HWA
15.0 How Much Privacy do You Have?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Zorro
After two months the researchers at Agora, a group of
information managers were able to find numerous
privacy violating items on the manager of information
security at the Regence Group, Kirk Baily. The
researchers found a scannable sample of his signature;
his speaking schedule over the last two years, copies of
his home phone bills, learned the value of his home and
even discovered that he had been born by Caesarean
section on April 30, 1951, and got a C in English at the
University of Washington. (Gives you a sense of the
state of privacy in this country today. And people
wonder why I use a pseudonym.)
NY Times
http://www.nytimes.com/library/tech/99/12/biztech/articles/13kirk.html
($$)
@HWA
16.0 Distributed Competition for Eliptic Curve
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by McIntyre
A team of mathematicians from France's INRIA research
lab have brought together Net users from around the
world to crack the 8th and hardest problem to
Certicom's ECC challenge. The same team has already
won the first seven problems but the 8th requires much
more computing power. Certicom is offering a prize of
$10000 for the first correct solution. If this team wins
it, $1000 will go to each of the two people who find the
match and the remaining $8000 will be donated to the
Apache Software Foundation.
Elliptic Curve Discrete Logarithms - download your client today!
http://cristal.inria.fr/~harley/ecdl7/readMe.html
@HWA
17.0 Slashdot Lists Top Ten Greatest Hacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
We mention this only under a feeling of obligation not
because it is newsworthy. Slashdot.org has created a
list of what it feels to be the Top 10 Hacks of All Time.
To save you the grief of reading it they are, Orson Wells
War of the Worlds, Mars Pathfinder, Ken Thompson's cc
hack, The AK-47, Bombes and Colossus, Perl, Second
Reality, The Apple II, the SR-71 and the Apollo 13
Mission Rescue. HNN does not particularly agree with
the /. readership which just goes to show how widely
varied the definition of the word 'hack' has become.
Slashdot.org
http://slashdot.org/article.pl?sid=99/12/13/0943241&mode=thread
@HWA
18.0 Feds Plead For Mercy
~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by p_d_coleman and turtlex
John Koskinen, chairman of the President's Council on
Year 2000 Conversion, has pleaded for mercy. He has
asked that those people who pierce computer network
security as a 'public service' to withhold their attacks
until after New Years. Michael Vatis, head of the
National Infrastructure Protection Center, said they had
no hard evidence of any planned attacks. (Again we
hear the claim of no evidence yet the government
continues to spread FUD (Fear Uncertainty and
Doubt.))
Reuters - via Yahoo
http://dailynews.yahoo.com/h/nm/19991214/tc/yk_hackers_1.html
C|Net
http://news.cnet.com/news/0-1009-200-1495563.html
Tuesday December 14 12:58 PM ET
U.S. to Computer Hackers: Give U.S. a Y2K Break
By Jim Wolf
WASHINGTON (Reuters) - President Clinton's top aide on Y2K matters has
urged computer hackers to exercise self-restraint until after year 2000
technology fears largely have passed.
In an unusual plea for mercy, John Koskinen, chairman of the President's
Council on Year 2000 Conversion, said that some people regard piercing
computer network security to be a ``great public service'' because it calls
attention to security cracks.
``Hopefully those people will recognize we're going to have enough things
going on that (New Year's) weekend that this will not be a particularly good
weekend to demonstrate the need for more information security,'' he said on
Monday.
``If you want to, in fact, make those points, my hope is (you'll) make them
the following weekend,'' when Y2K confusion is expected to have subsided,
Koskinen said in reply to a reporter's question.
One major concern of authorities is that confusion during the century date
change could mask a wide range of malicious anti-U.S. activity, including
possible computer-based attacks by hostile nations or guerrillas.
Michael Vatis, the FBI agent who serves as the nation's top ''cyber-cop,''
said last week that the interagency outfit he heads -- the National
Infrastructure Protection Center -- would be on alert although it had no
hard evidence of any planned attacks.
``It's natural to expect there might be people doing stupid things with
computers,'' he said of possible cyber attacks timed to exploit any high-tech
confusion sparked by the century date change.
``Increased Vigilance'' Urged
Bruce McConnell, a former White House information technology expert who now
runs the U.N.-sponsored International Y2K Cooperation Center, said viruses
timed to trigger on Jan. 1 appeared to be spreading, notably hidden in e-mail
attachments.
``Clearly the end of the year is a time for increased vigilance with respect
to computer security,'' McConnell said in a telephone interview.
Adding to the confusion may be so-called denial-of-service attacks aimed at
swamping government or private sector Web sites, according to Clark Staten,
executive director of the Chicago-based Emergency Response and Research Institute.
Last week, the U.S. Office of Personnel Management announced it would interrupt
its Internet services for ``several hours'' during the New Year's weekend as a
guard against hackers, power surges and other possible Y2K headaches. The agency
said it would bar access during that limited period to the many data banks normally
available on its Web site.
The Defense Department and the U.S. Agriculture Department said last week they
also were considering such precautions.
Growing Number Of Computer Viruses Seen
Anti-virus software makers have reported a growing number of computer viruses
timed to go off on or about Jan. 1, when systems engineered to recognize only
the last two digits in a date field may confuse 2000 with 1900.
``We are starting to see an increased frequency of viruses related to the year
2000. Some of them are timed to trigger on January first,'' said Narendar Mangalam,
director of security strategy for Computer Associates, an Islandia, New York-based
business computing firm.
The CERT Coordination Center, a Defense Department-funded computer security project
at Carnegie Mellon University in Pittsburgh, said it did not consider Y2K viruses a
greater threat than the many others it has tracked.
``There may be viruses that are particularly virulent that I'm not familiar with
that are set to go off on January first,'' Shawn Hernan, CERT's team leader for
vulnerability handling, said in a telephone interview.
``In general, though, if you are susceptible to viruses that are spreading to be
triggered on January first, you're going to be susceptible to those that are
triggered to go off on January second and January third, and so on and so forth,''
he said.
The best defense, Hernan said, was keeping up to date with anti-virus software
updates, avoiding running programs of unknown origin, maintaining backups, paying
attention to anomalies and reporting them to network security administrators.
@HWA
19.0 Etoys in Simple Domain Dispute
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Bronc
Etoys.com is currently in a simple domain dispute with
the holder of etoy.com a California art group. While this
matter may be of interest to law makers and people who
worry about where the Net is going this is a matter best
left up to the courts. Unfortunately Ernest Lucha, a
spokesperson for the protest group RTMark doesn't feel
that way. He and his group have called for the complete
destruction of Etoys.com by any means necessary. He
claims to have a group of 'hackers' who are working on
destroying the company.
ZD Net
http://www.zdnet.com/intweek/stories/news/0,4164,2408451,00.html
The last time anyone set out to electronically destroy
anything an international coalition of the worlds most
permanent underground groups condemned the action
with almost universal support from around the globe.
This is nothing more than a simple domain dispute best
left up to the courts to decide, calling for a 'complete
destruction' is nothing more than an act of terrorism
using sensationalistic tactics. By claiming to have
'hackers' on your side you are doing nothing but
continuing the stereotype of hackers as bad evil people
bent on destruction.
LoU-China-Iraq War Histogram - The last group to want 'complete destruction'
http://www.hackernews.com/special/1999/louwar/louhist.html
International Hacker Coalition Joint Statement - and what happened to them
http://www.hackernews.com/special/1999/louwar/jointstat.html
ZDNet;
Protest Group Out To "Destroy" eToys
By Connie Guglielmo, Inter@ctive Week
Post Date: December 13, 1999 6:06 PM ET
Updated: December 14, 1999 8:51 PM ET
A protest group calling for the destruction of online toy
seller eToys said it already has a group of hackers
working on ways to interfere with site traffic counts and
the toy seller's server operations.
In a press release sent out Dec. 12, RTMark, a group
describing itself as a "machine to improve its
shareholders' culture and life - sometimes to the
detriment of corporate wealth - put out a call to Internet
users to "destroy" eToys by joining in a series of
"sabotage" projects intended to lower the company's
stock market value as "quickly as possible."
Those projects, which RTMark has referred to
collectively as a "mutual fund" - the "etoy Fund" - range
from a boycott of the eToys site to e-mail campaigns to
calling on hackers to interfere with site operations and
traffic counts in moves RTMark hopes will cripple the
company's servers during the 10 busy shopping days
leading up to Christmas.
RTMark spokesman Ernest Lucha said the campaign is
intended to protest a trademark infringement suit eToys
is waging against a European conceptual artist group
called "etoy." A Los Angeles judge last month issued a
preliminary injunction ordering the award-winning art
group to stop using the domain name www.etoy.com or
risk fines of up to $10,000 per day.
What's raising the ire of protesters, Lucha said, is the
fact that 5-year-old etoy registered the domain name in
October 1995 - two years before eToys registered its
domain name in the U.S.
The next court hearing in the trademark infringement suit
is scheduled for Dec. 27. Published reports said the two
are working on settling the case.
RTMark - pronounced "art mark" - is not the only group
to protest against the eToys suit. A number of other
sites have been established to contest the top toy
seller's methods, including Toywar.com and Eviltoy.com.
But RTMark recognizes its campaign, launched last
week, calls for the most violent action.
EToys spokesman Jonathan Cutler said Monday that the
toy seller was not aware of RTMark's plans.
"Our aim is to destroy the company," said Lucha,
acknowledging that this is the first time the 8-year-old
group, which has created parodies of George W. Bush's
campaign site, has solicited funding for one of its
sabotage projects against a specific company. The
group, which Lucha said seeks to publicize the
widespread corporate abuse of democratic institutions
such as courts and elections, is funded through
donations that typically average $100.
But the etoy Fund is different. "We've got volunteers
working on a program that will fake the Web access
counts for eToys. We think if we make enough trouble, it
will start affecting what investors think of the company
and bring down their stock price."
But Lucha acknowledged the likely result of the etoy
Fund is that it will merely bring attention to the case. He
added that RTMark is not working for or on behalf of
etoy, and that the art group is not participating in
RTMark's efforts.
"It's sensationalism," he admitted. "We're trying to call
attention to what's going on and make it clear that a lot
of people are not happy with the case and what it
represents . . . to show how outrageous it is. It fits into a
long tradition of corporate bullying, where big
corporations are able to use the court system to
maintain their power."
Asked if he was worried about possible legal reprisals
against the group, whose members remain anonymous,
Lucha noted RTMark is prepared for the possibility.
"This is the first time we've gone after the destruction of
a company. The only way it's strictly illegal is if we do
damage to them," Lucha said. "We've always known
there's a chance that we will be sued or destroyed. If we
do, we will go down in a ball of fire with as much noise
and publicity as we can."
@HWA
20.0 Is It Y2K or Coincidence?
~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Maggie
Concerned that any technical failure after the New Year
will be blamed on the Year 2000 computer problem, the
White House plans to release figures today showing how
often some systems typically break down. On a daily
basis ATMs run out of cash, cellular calls won't go
through and cable TV is showing static. It is hoped that
by releasing these figures people won't freak out when
things that normally break down continue to do so.
Washington Post
http://washingtonpost.com/wp-srv/WPlate/1999-12/13/116l-121399-idx.html
Y2K Bug, or Just Coincidence?
U.S. to Release Figures on Everyday System Breakdowns
Associated Press
Monday, December 13, 1999; Page A04
Lights go out. Computers crash. Flights are delayed, baggage is lost. ATMs
run out of cash, cellular calls won't go through and cable TV is showing
static.
Sound like the nation's worst Y2K fears? In the increasingly complex world
of technology, those disasters can occur individually all in a day's
work--whether or not that day is the coming New Year's.
Concerned that any technical failure in the earliest hours of Jan. 1 will be
blamed on the Year 2000 computer problem, the White House plans to
release figures today showing how often some systems typically break
down.
The move is precautionary, to avert public panic at the first sign of a
disruption in electricity or another essential service that may coincide with
the date rollover but one not caused by the computer glitch.
Some failures may take weeks of study before Y2K can be blamed or
dismissed as the cause.
"Every day, things go wrong, and nobody pays much attention to them,
nobody thinks twice about it," said John Koskinen, President Clinton's top
Y2K adviser. "But any of those things that happen on January 1st will
immediately be presumed to be the indication of a Y2K problem."
Even though the nation's electrical utilities are rated more than 99 percent
reliable, winter storms can darken neighborhoods and entire regions.
Koskinen puts odds at 50-50 that a major ice storm or blizzard will strike
America during that critical New Year's weekend.
In 1989, for example, a failed switch shut down electricity on New Year's
Eve for 90,000 citizens in Maine.
The Washington-based Edison Electric Institute said in a report for the
White House that any power failure over the Jan. 1 weekend "is almost
certain to have occurred because of one of the usual reasons" rather than
the Y2K bug.
"We have interruptions in the power grid all the time," said Sen. Robert F.
Bennett (R-Utah), chairman of the Senate's Special Committee on the Year
2000 Technology Problem. "We have interruptions in the flow of oil around
the world all the time. We have all kinds of accidents that take place in
computerland, and those that happen on January 1st, people will say were
caused by Y2K."
Computers and their programming code are at the heart of the Year 2000
problem, over which devices that aren't sufficiently tested or repaired could
misinterpret the year "00" as 1900. That could corrupt important electronic
records, miscalculate utility bills and interest rates, or cause a variety of
havoc with automated systems.
But software already is so enormously complex that computers sometimes
fail for many other reasons. Microsoft Corp., whose Windows software runs
most of the world's personal computers, fields about 29,000 phone calls daily
from customers using more than 4,000 programs, who complain that their
PCs aren't working right.
Consumer Internet connections over phone lines can be infamously feeble,
and even the most popular Web destinations experience crashes. Hackers
routinely vandalize Web sites that have poor security, frequently attacking
dozens of high-profile targets over a holiday weekend.
The government has assured travelers that airlines in the United States will
be safe, though it has also warned of possible delays and lost baggage.
The most recent figures from the Federal Aviation Administration show that
only four of every five flights of the nation's largest carriers arrive on
schedule, and that for every 1,000 passengers, more than four temporarily
lose their luggage en route. That translated into nearly 185,000 mishandled
pieces in October.
About 10 percent of all credit transactions fail routinely because equipment
breaks down or consumers are overextended or forget their ATM password,
said Paul Schmelzer, an executive vice president for Orlando-based Star
Systems Inc., which process about 2 billion financial transactions annually.
He expects those same problems to show up on New Year's.
Koskinen said government officials will be looking to see whether the
problems detected exceed what is expected. And he noted that it won't be
immediately obvious what caused each of the problems.
"The focus of the people whose systems aren't working will be to get the
systems working," he said. "You're not going to be quite as focused on
whether this is Y2K or not."
© Copyright 1999 The Associated Press
@HWA
21.0 More information on the PhoneMasters
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Michael
Although they where busted almost four years ago the
PhoneMasters are only now making headlines. After
completely rummaging through the nation's phone
systems the FBI was able to bring them down with a
unique Data Tap. A pretty thorough article on the
PhoneMasters has been published by CNN. This article
also tries to examine why this story has not received
much public attention.
CNN
http://www.cnn.com/1999/TECH/computing/12/14/phone.hacking/index.html
Large-scale phone invasion
goes unnoticed by all but FBI
December 14, 1999
Web posted at: 3:39 p.m. EST (2039 GMT)
In this story:
Calling card numbers, credit reports, and more
Giving the FBI the "pager treatment"
FBI agents turn the tables
Not as sexy, but more dangerous
Phonemasters' skills gave them a 'power trip'
Larger hacks slip under radar
By D. Ian Hopper, CNN Interactive Technology Editor
and Richard Stenger, CNN Interactive Writer
(CNN) - Where have all the hackers gone?
That's an understandable question considering the actions that currently pass
for a news-making "hack." One might think that the days of Kevin Mitnick's
phone hijinks or Robert Morris's computer worm, which disrupted the
operations of over 6,000 computers nationwide in 1988, are gone.
Sure, there's malignant code like the Melissa virus which struck computers
earlier this year, but so many viruses rely on users to knowingly or
unknowingly pass them on until they finally strike. When they do strike, they
usually just wipe out the user's hard drive - not so horrible, on a global scale.
But how about stories of intelligent hackers who download calling card
numbers straight out of the data banks of giant phone companies in order to
use or resell them, download and resell credit reports or have the ability to
reroute or even take down entire telephone networks at will? Those guys are
gone, right?
Not so fast. They're far from done; they've just
gone out of fashion.
Calling card numbers, credit
reports, and more
A group of crackers called the Phonemasters, for example, stole tens of
thousands of phone card numbers, found and called private White House
telephone lines and rooted around in high-security FBI computer files in the
mid-1990s.
But the gang behind ones of the largest hacks ever failed to see their names
on one FBI list, a request to tap their lines. Some four years after U.S. agents
busted the group, the last of three ringleaders now awaits sentencing in federal
court.
Jonathon Bosanac pleaded guilty to two counts of computer-related fraud in a
U.S. court in San Diego last week. The self-proclaimed "Gatsby" faces
sentencing on March 2.
Two other reputed ringleaders were sentenced in September. Corey "Tabbas"
Lindsley received a prison term of 41 months; Calvin "Zibby" Cantrell was
given 24 months.
The hacker gang downloaded thousands of calling cards from AT&T, Sprint
and MCI to sell on the black market, according to federal prosecutors. Some
of the reported retail customers included the Sicilian Mafia.
"One of the most valuable skills is to be a phone phreaker. If you 'own' the
phone system, you have the keys to the kingdom: you can listen to anyone you
want to, call forward, switch numbers and route calls," said Matthew
Yarbrough, the assistant U.S. attorney in Dallas who served as lead
prosecutor in the case.
The scope of their activities was astounding. They could listen in on phone
calls, alter secure databases and penetrate computer systems of credit report
company Equifax and the FBI's National Crime Information Center.
Giving the FBI the "pager treatment"
The ringleaders even contemplated downloading every calling card in the
United States, according to prosecutors.
A federal judge estimated that the group caused $1.85 million in business
losses over three months.
The Phonemasters reportedly performed high-tech
pranks, forwarding an FBI phone number to a sex
chat line that left the bureau with a $200,000 tab.
Some victims -- including a Pennsylvania police
department that gave one Phonemaster a ticket --
received the "pager treatment," in which their
phone numbers were each sent to thousands of
pagers.
The Phonemasters, a name coined by authorities,
even sold for hundreds of dollars copies of
personal credit reports, state motor-vehicle
records and addresses or phone numbers of celebrities like Madonna and
Danny Bonaduce.
"The information, because of the confidential nature, had a lot of value,"
Yarbrough said.
Looking through confidential databases, they warned targets of FBI
surveillance that their phones were being tapped. But they never checked to
see if their own phones were under surveillance.
The Phonemasters went to great measures to avoid detection during their
long-distance conference calls, never using their real names and speaking in
code, referring to the calling card numbers as "tortillas," prosecutors said.
FBI agents turn the tables
But they were often aware of the risk. In the transcript of one 1995
conversation, Bosanac hears a strange noise on the line.
"What the hell happened?" he asked.
"That was the FBI tapping in," Cantrell joked.
"You know how ironic that's going to be when they play those tapes in court?"
Lindsley said.
The FBI was listening, using a unique $70,000 prototype device that recorded
every word and keystroke that moved along the phone line in Cantrell's home
in Grand Prairie, Texas.
It marked the first time the FBI successfully eavesdropped on computer data
traveling through telephone lines, federal prosecutors said.
In February 1995 a hacker friend told Cantrell his number was on a database
of phone numbers under FBI watch. Soon FBI agents raided Cantrell's home,
Lindsley's dorm room at the University of Pennsylvania in Philadelphia, and
Bosanac's bedroom in his parents' house in Rancho Santa Fe, California.
It took more than four years before the three pleaded guilty to counts related
to theft and possession of unauthorized calling-card numbers and unauthorized
access to computer systems.
Lindsley who received one of the longest prison sentences in hacking history,
refused to identify the voices of other hackers on tape.
Bosanac faces a maximum sentence of 15 years. His attorney Peter Hughes
said that Bosanac will likely receive around 20 months in prison, in part
because of his plea.
After the 1995 raid, Bosanac worked for a San Diego Internet company
owned by AT&T, a Phonemaster victim. The company fired him after
learning he had had hacked into their system, a federal prosecutor said.
Bosanac, who remains free on a $25,000 bond, now works for a San
Francisco firm that is aware of his case, Hughes said.
Not as sexy, but more dangerous
It's understandable if you haven't heard of the Phonemasters. With the
exception of local newspapers reporting on hometown criminals or the
so-called hacker media reports, the national media has largely ignored the
Phonemasters and others like them.
"Lately the media has been caught up in Web defacement," said Yarbrough,
who also leads the FBI's cyber crimes task force in Dallas.
The actions of Web defacers are typically confined to replacing the "home
pages," or index files of a Web site with text and images that either - in the
case of "hacktivism" - reflect a political or social viewpoint, or simply boast
that the hacker had access to the site. Frequently, in an attempt to show no
actual malice toward the site administrators, the hacker saves a copy of the
original home page on the server or even leaves a text file containing a
blueprint of how the hacker got access.
In its most common form, Web site defacement causes very little actual
damage when compared to a large-scale intrusion like the ones made by the
Phonemasters. But the site that has "I own you" scrawled on it is a lot more
obvious and brash than illegal charges made on thousands of calling cards.
Hence, the graffiti artist gets what many of them want most: publicity.
That's not only a shame, say some computer crime observers, but it's also very
dangerous.
"The web graffiti kids really affect public perception," says Brian Martin,
administrator of the Attrition.org site, which logs and comments on computer
hacks. "Because of vague wording and unfounded comments, journalists often
imply that because a Web page was defaced, an entire network was
compromised. That is hardly the truth. Most of the time these kids couldn't
touch the internal network."
Phonemasters' skills gave them a 'power trip'
To Martin, the public should be more worried about people with the skills of
the Phonemasters.
"The level of knowledge they possess about computer systems, phone systems
in particular, is amazing. In many cases they know more than highly paid and
specialized technical operators of the systems they are into."
Martin suggests the Phonemasters were driven by two quests common to
hackers: "learning and exploration." Then the just as common third purpose, a
power trip. "They liked having access to any and all kinds of information."
Martin has written several essays urging "script-kiddies," a demeaning term
for hackers who use ready-made programs written by others for breaking into
systems, to cease defacing Web sites. He writes that it's not worth the almost
inevitable discovery and punishment by authorities for such little
accomplishment as inconveniencing a site administrator for a few hours and
scaring some customers.
"It disgusts me to see media attention being given to kids with scripts," Martin
says. "Their annoying kiddie messages are a waste of time for all involved.
Their weak justifications for hacking are only there to make them feel better
about their activities and give it some sense of righteousness. The media
dutifully inflates their egos when they get lucky and find some big corporate or
military server vulnerable to the latest script they got."
Larger hacks slip under radar
Space Rogue is an employee of Boston-based L0pht Heavy Industries, a
hacker think tank, and is the editor of Hacker News Network. He suggests
that the Phonemasters have slipped under the national media radar because
their intrusions are phone-based, and don't specifically involve the Internet.
"The Internet is the hot technology topic at the moment and has been for some
time. If it does not involve the Internet, people don't want to report on it. But
this is a major crime and should be reported on. I just don't understand it," he
says.
Like Martin, Space Rogue thinks the skills of the Phonemasters go far beyond
the abilities of the Web graffiti artists.
"The Phonemasters can not be compared to script-kiddies in any way. The
first are knowledgeable people who have learned systems inside and out.
Script-kiddies can click a mouse on a button that says 'run'. There is absolutely
no comparison."
Those "script-kiddies" shouldn't feel like their acts are being ignored by
authorities, though. As the Internet continues being a vehicle for commerce,
Web site defacements are increasingly having economic consequences.
Attacks against electronic business and government sites "both carry big
problems. It's not the equivalent anymore to spray painting billboards on the
highway," U.S. Attorney Yarbrough warns.
If e-commerce sites have to be closed to repair defacements, those companies
can lost tens of millions a day in lost revenue, he said.
Martin, who mentions that the Phonemasters taught him some tricks as well,
praises the Phonemasters for their restraint.
"They had the power to destroy entire companies, crash phone networks and
more. Yet they didn't."
"The real evil is guys with the Phonemasters' skillset, but a lot less ethics,"
Martin says.
@HWA
22.0 RST Breaks Netscape Mail in Eight Hours
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by eprime and John
Reliable Software Technologies, a Sterling, Va.,
software-security company, needed just eight hours
break the encryption Netscape Mail uses to scramble
users' passwords. The problem affects all current
versions of Netscape. Chris Saito, the senior director for
product management at Netscape, said that the option
to save a password locally was included for
convenience. Saito added that Netscape didn't use a
stronger encryption algorithm to protect passwords so
that "computer experts could still access the
information, in case someone forgot their password."
(Damn, now that's a Cover Your Ass maneuver if I ever
saw one. Netscape must be taking spin lessons from
Microsoft.)
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2409537,00.html?chkpt=zdnntop
RST Corp - Press Release
http://www.rstcorp.com/news/bad-crypto.html
ZDNet;
Netscape security flaw revealed
Researchers have found a potentially serious
security flaw in the e-mail system used by
Netscape's Web browser.
By Sharon Cleary, WSJ Interactive Edition
December 15, 1999 5:50 AM PT
A software-security firm warned that its researchers
have found a potentially serious security flaw in the
e-mail system used by Netscape's Web browser.
Reliable Software Technologies, a Sterling, Va.,
software-security company, said Tuesday that two RST
engineers needed just eight hours to duplicate the
mathematical algorithm Netscape Mail uses to scramble
users' passwords. The company said the problem affects
all current versions of Netscape.
Gary McGraw, vice president for
corporate technology at RST, said
the Netscape algorithm was "not
an obvious sitting duck -- [the
password] appears to be
scrambled up in a good way, but
it's not cryptographically strong."
That would allow a determined
hacker to reverse-engineer the
algorithm and figure out the
password.
According to RST, the engineers who found the security
hole came upon it inadvertently. They were writing a
program "to look for badly protected key material, like
passwords," says Dr. McGraw, adding that to test the
program's validity, they ran it against Netscape's e-mail
system because it's a highly popular software system
that millions of people use.
According to Dr. McGraw, the engineers ran their
program against their own e-mail accounts and noticed
scrambled versions of their passwords in the "registry"
files maintained by the Windows operating system.
Algorithm not secure
The passwords recorded in the Windows registry weren't
saved verbatim, but scrambled by a proprietary algorithm
of Netscape's. But that algorithm isn't secure, RST said.
By changing their passwords and then checking the
registry file repeatedly, RST's engineers were able to
decipher the pattern Netscape used to scramble them.
"We entered in passwords like
'a' and waited to see what
would come out," Dr. McGraw
said. "Then we kept changing
it. Now it's 'a,' now it's 'b,' now
it's 'ab.' "
Officials of Netscape, now a
division of Dulles, Va.-based
America Online Inc. (NYSE: AOL, were concerned by the
news but said the unit has no plans to change its
algorithm.
Chris Saito, the senior director for product management
at Netscape, said that the option to save a password
locally was included for convenience. Saito added that
Netscape didn't use a stronger encryption algorithm to
protect passwords so that "computer experts could still
access the information, in case someone forgot their
password."
A key contention between RST and Netscape is whether
the scrambled password could be retrieved remotely
using code written with the Javascript language.
According to RST, a user running Netscape Navigator
versions 4.0 through 4.04 could have their vulnerable
password stripped by a Javascript run by a rogue Web
site. That could be particularly dangerous given that many
computer users use only one password for many or all
applications that they run: In a worst-case scenario, the
discovery of a user's e-mail password could give an
unscrupulous hacker easy entry into that user's company
intranet, online trading account or bank account.
At odds over existance
Netscape and RST remained at odds late Tuesday about
whether the Javascript vulnerability really existed.
Netscape's Saito said the
company wasn't aware of
the vulnerability and added
that a "security fix" would
be forthcoming if that
vulnerability were proved to
exist. If the Javascript
vulnerability doesn't exist, a password stealer would have
to have physical access to a user's computer to figure out
the algorithm.
Saito noted that Netscape already has numerous safety
features, including a Secure Sockets Layer, which
enables users to communicate securely with Web
servers, and a protocol for encrypting e-mail messages
sent.
Barring the presence of the Javascript vulnerability alleged
by RST, Saito said Netscape didn't view the password
problem as a security issue, adding that "we can't be
responsible for physical access to people's machines."
"As it stands now, we view this as a machine problem,
not a Netscape problem," he said.
@HWA
23.0 White House May Further Relax Crypto Controls
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Simple Nomad
After receiving complaints from various companies and
privacy watchdog groups regarding the White House's
November 19 proposal on relaxing crypto rules, it looks
like the White House is ready to actually live up to the
promises made last September when they announced
relaxing controls for crypto export.
USA Today
http://www.usatoday.com/life/cyber/tech/ctg899.htm
12/15/99- Updated 01:36 PM ET
White House ready to relent on crypto
By Will Rodger, USATODAY.com
Clinton administration officials said Tuesday they intend to further relax
export controls over privacy technologies that experts say will make the
Internet a safer place.
The action comes in the wake of protests lodged by industry and
congressional critics alike since the White House released its last proposal
Nov. 19.
Critics complained then that the White House had backtracked on a Sept. 16
announcement that seemed to promise liberalization across the board.
Commerce Undersecretary William Reinsch said Tuesday that his
department is preparing new drafts that should address the disputed items.
"These are drafts that we intend to share with industry. Well be getting
those to them shortly."
Large Internet companies including Cylink Corp., America Online and RSA
Inc. have long pushed for further export liberalization in order to increase
sales abroad. Liberalization, they argue, will not just increase US sales, but
add greater security to an Internet which is increasingly subject to attacks
by hackers and thieves.
Privacy activists, likewise, promote encryption to protect email
communications and customer databases from snooping on the Internet.
Both groups say differing standards around the world have slowed
much-needed integration of cryptographic features into word processors,
e-mail programs and the like.
But the FBI and National Security Agency have long encouraged existing
restrictions because they fear that criminals, spies and terrorists will use
encryption to thwart their eavesdropping efforts. Those arguments have
been seriously undermined by the rapid growth of overseas encryption
makers, many of which can produce products equal to the best the US has
to offer.
The new proposal would:
Relax regulations that previously restricted sales to telecom companies
with government investors.
Treat online and telephone sales of encryption software the same as
products sold through brick-and-mortar stores.
Let developers of encryption development tools sell their wares abroad
without going through an often-cumbersome licensing process.
Treat mass-market computer chips used for encryption the same as
software products.
Free export of "Open Source" computer code for non-proprietary
encryption software as long as exporters give notice they are sending the
software abroad.
The proposals, however, would continue the long-standing practice of
requiring industry to apply for export licenses when selling to fore+ign
governments.
But the proposed changes should cover almost every objection industry
lodged last month.
"Its very encouraging and fundamentally quite good because it aims at
opening up the market for commercial applications," Cylink Corp. President
and CEO William Crowell says. "All of us are pleased that this is an honest
effort to move in a less restrictive direction. This is a good process."
Roszel Thomsen, a Washington lawyer who represents a wide variety of
encryption producers says hes hopeful if not yet convinced.
"The regulatory drafts appear to be heading in the right direction as far as
industry is concerned," he says. "The question is whether they will be
similarly transparent and faithfully implement the Sept. 16 announcement."
@HWA
24.0 Status of Bills Before Congress
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Maggie
A new report containing a brief summary of the status
of 29 bills proposed during the First Session of the 106th
Congress has been released. Some of the topics
covered by these bills include Digital Signatures,
Encryption, Privacy, Security,
Telecommunication/Electronic Commerce and others.
Some of these bills are already law and others will be a
priority for the second session of the 106th Congress.
Status of Key IT Legislation
http://www.itpolicy.gsa.gov/mks/regs-leg/legover1.htm
@HWA
25.0 Winkler Updates Estimates
~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
Ira Winkler wrote, in his 1997 book "Corporate
Espionage," that there were fewer than 200 'computer
geniuses' in the world who actually could find software
vulnerabilities and another 1,000 talented individuals
who could take those findings and use them to attack
computer networks. He has since updated those
numbers to 500 to 1,000 computer "geniuses" capable of
finding vulnerabilities in software, 5,000 talented people
capable of taking advantage of that information and
100,000 'clueless' script kiddies.
Washington Post - via Spokane Review
http://www.spokane.net/news-story-body.asp?Date=121499&ID=s719168&cat=
December 14, 1999
Cyber 'geniuses' help CIA find
vulnerabilities
Washington Post -
WASHINGTON -- In his 1997 book "Corporate
Espionage," Ira Winkler, a former analyst and
computer expert at the National Security Agency,
wrote that there probably were fewer than 200
"computer geniuses" in the world who actually could
find software vulnerabilities and another 1,000 hackers
talented enough to take those findings and use them
to attack computer networks.
Another 35,000 to 50,000 "clueless" hackers merely
take attacks that already have been published on the
Internet and fire away.
Winkler updated his estimates recently, saying there
now are probably 500 to 1,000 computer "geniuses"
capable of finding vulnerabilities in operating systems,
5,000 talented hackers and 100,000 "clueless"
cybergeeks hacking around.
For anybody in charge of securing large data
systems, it's not a pretty picture.
But the good news, from a U.S. intelligence
perspective, is that 60 or 70 of those computer
geniuses -- and possibly more -- work for the CIA, the
National Security Agency or the Defense Department.
They are on top of most major known vulnerabilities,
Winkler said, and presumably have identified others
that no one else knows about.
The problem, he says, is that many of those geniuses
are doing other things besides developing information
warfare strategies.
"It's not that hard at all," Winkler said. "The process of
finding bugs -- it's just a matter of good software
testing."
@HWA
26.0 Cryptogram
~~~~~~~~~~
(Sorry about formatting of this section, wp problems. - Ed)
Crypto-Gram
December 15, 1999
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
http://www.counterpane.com
A free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography.
Back issues are available at http://www.counterpane.com. To subscribe or unsubscribe, see below.
Copyright (c) 1999 by Bruce Schneier
In this issue:
"Security Is Not a Product; It's a Process"
Sarah Flannery's Public-Key Algorithm
ECHELON Technology
Counterpane -- Featured Research
News
New U.S. Crypto Export Regulations -- Draft
Counterpane Internet Security News
The Doghouse: Egg
Fast Software Encryption 2000
European Cellular Encryption Algorithms
Comments from Readers
"Security Is Not a Product; It's a Process"
In April 1999, someone discovered a vulnerability in Microsoft Data Access Components (MDAC) that could let an attacker take control of a remote Windows NT system. This vulnerability was initially reported on a public mailing list. Although the list moderator
withheld the details of that risk from the public for more than a week, some clever hacker reverse-engineered the available details to create an exploit.
Then, an exploit script (written in PERL) was publicly posted on the Internet. At about the same time, Microsoft created a patch and work-around to prevent attackers from exploiting the vulnerability on users' systems. Microsoft also issued a security bulletin on the
topic, as did several other security news outlets.
But patches don't magically fix security vulnerabilities. Over Halloween weekend, hackers attacked and defaced more than 25 NT-based Web sites. Seems like a bunch of security administrators didn't bother updating their configurations.
This sort of thing goes on all the time. Another example: Microsoft issued a bulletin and a patch for a data access vulnerability in Internet Information Server (IIS) last year. Recently, experts demonstrated that Compaq, Dell, CompuServe, PSINet, and
NASDAQ-AMEX never bothered installing the patch and were still vulnerable.
A vulnerability is reported and a patch is issued. If you believe the news reports, that's the end of the story. But in most cases patches never get installed. This is why most systems on the Internet are vulnerable to known attacks for which fixes exist.
Security is not a product; it's a process. It's the process of paying attention to vendor updates for your products. Not only network and network security products -- browsers, firewalls, network operating systems, Web server software -- but every piece of software
you run. Vulnerabilities in your word processor can compromise the security of your network.
It's the process of watching your systems, carefully, for signs of attack. Your firewall produces audit logs. So do your UNIX and NT servers. So do your routers and network servers. Learn to read them, daily. Learn what an attack looks like and how to recognize it.
No security product acts as magical security dust; they all require time and expertise to make work properly. You have to baby-sit them, every day.
The Microsoft bug mentioned above:
http://www.microsoft.com/security/bulletins/ms99-025.asp
http://www.microsoft.com/security/bulletins/ms99-025faq.asp
News report:
http://www.fcw.com/pubs/fcw/1999/1101/fcw-newsfedwire-11-01-99.html
Why vulnerabilities don't get fixed:
http://www.computerworld.com/home/print.nsf/all/991122CD52
Sarah Flannery's Public-Key Algorithm
In January 1999, a 16-year old Irish woman named Sarah Flannery made international news by announcing a new public-key algorithm, called Cayley-Purser, that was supposedly faster and better than RSA and ElGamal.
The only problem is that no one knew what the algorithm was.
Well, it's finally public.
Flannery's paper, describing the Cayley-Purser algorithm, has been published on the Internet by an unknown source. It's interesting work, but it's not secure. Flannery herself publishes a break of the algorithm in an appendix.
To me, this makes Flannery even more impressive as a young cryptographer. As I have said many times before, anyone can invent a new cryptosystem. Very few people are smart enough to be able to break them. By breaking her own system, Flannery has shown
even more promise as a cryptographer. I look forward to more work from her.
Flannery's paper:
http://cryptome.org/flannery-cp.htm
News stories from January:
http://www.zdnet.com/zdnn/stories/news/0,4586,2189301,00.html?chkpt=zdnnsmsa
http://www.wired.com/news/technology/0,1282,17330,00.html
ECHELON Technology
The NSA has been patenting, and publishing, technology that is relevant to ECHELON.
ECHELON is a code word for an automated global interception system operated by the intelligence agencies of the U.S., the UK, Canada, Australia and New Zealand. (The NSA takes the lead.) According to reports, it is capable of intercepting and processing many
types of transmissions, throughout the globe.
Over the past few months, the U.S. House of Representatives has been investigating ECHELON. As part of these investigations, the House Select Committee on Intelligence requested documents from the NSA regarding its operating standards for intelligence
systems like ECHELON that may intercept communications of Americans. To everyone's surprise, NSA officials invoked attorney-client privilege and refused to disclose the documents. EPIC has taken the NSA to court.
I've seen estimates that ECHELON intercepts as many as 3 billion communications everyday, including phone calls, e-mail messages, Internet downloads, satellite transmissions, and so on. The system gathers all of these transmissions indiscriminately, then sorts and
distills the information through artificial intelligence programs. Some sources have claimed that ECHELON sifts through 90% of the Internet's traffic.
How does it do it? Read U.S. Patent 5,937,422, "Automatically generating a topic description for text and searching and sorting text by topic using the same," assigned to the NSA. Read two papers titled "Text Retrieval via Semantic Forests," written by NSA
employees.
Semantic Forests, patented by the NSA (the patent does not use the name), were developed to retrieve information "on the output of automatic speech-to-text (speech recognition) systems" and topic labeling. It is described as a functional software program.
The researchers tested this program on numerous pools of data, and improved the test results from one year to the next. All this occurred in the window between when the NSA applied for the patent, more than two years ago, and when the patent was granted this
year.
One of the major technological barriers to implementing ECHELON is automatic searching tools for voice communications. Computers need to "think" like humans when analyzing the often imperfect computer transcriptions of voice conversations.
The patent claims that the NSA has solved this problem. First, a computer automatically assigns a label, or topic description, to raw data. This system is far more sophisticated than previous systems because it labels data based on meaning not on keywords.
Second, the patent includes an optional pre-processing step which cleans up text, much of which the agency appears to expect will come from human conversations. This pre-processing will remove what the patent calls "stutter phrases." These phrases "frequently
occurs [sic] in text based on speech." The pre-processing step will also remove "obvious stop words" such as the article "the."
The invention is designed to sift through foreign language documents, either in text, or "where the text may be derived from speech and where the text may be in any language," in the words of the patent.
The papers go into more detail on the implementation of this technology. The NSA team ran the software over several pools of documents, some of which were text from spoken words (called SDR), and some regular documents. They ran the tests over each pool
separately. Some of the text documents analyzed appear to include data from "Internet discussion groups," though I can't quite determine if these were used to train the software program, or illustrate results.
The "30-document average precision" (whatever that is) on one test pool rose significantly in one year, from 19% in 1997 to 27% in 1998. This shows that they're getting better.
It appears that the tests on the pool of speech- to text-based documents came in at between 20% to 23% accuracy (see Tables 5 and 6 of the "Semantic Forests TREC7" paper) at the 30-document average. (A "document" in this definition can mean a topic query. In
other words, 30 documents can actually mean 30 questions to the database).
It's pretty clear to me that this technology can be used to support an ECHELON-like system. I'm surprised the NSA hasn't classified this work.
The Semantic Forest papers:
http://trec.nist.gov/pubs/trec6/papers/nsa-rev.ps
http://trec.nist.gov/pubs/trec7/papers/nsa-rev.pdf
The patent:
http://www.patents.ibm.com/details?&pn=US05937422__
News reports on this:
http://www.independent.co.uk/news/Digital/Features/spies151199.shtml
http://www.independent.co.uk/news/Digital/Features/spies221199.shtml
General information on ECHELON:
http://www.echelonwatch.org
http://www.wired.com/news/print/0,1294,32586,00.html
Excellent article on ECHELON:
http://mediafilter.org/caq/cryptogate/
EPIC files lawsuit against NSA to get ECHELON document released:
http://www.epic.org/open_gov/foia/nsa_suit_12_99.html
EPIC's complaint:
http://www.epic.org/open_gov/FOIA/nsa_comp.pdf
NY Times article:
http://www.nytimes.com/library/tech/99/12/cyber/articles/04spy.html
Counterpane -- Featured Research
"Ten Risks of PKI: What You're Not Being Told About Public-Key Infrastructure"
C. Ellison and B. Schneier, Computer Security Journal, vol. 16, n. 1, 2000, pp. 1-7.
Public-key infrastructure has been oversold as the answer to many network security problems. We discuss the problems that PKI doesn't solve, and that PKI vendors don't like to mention.
http://www.counterpane.com/pki-risks.html
News
There's a product, PawSense, that claims to detect when cats are stepping on your keyboard and a) require a password, just in case it's a human doing it, and b) make a noise that annoys the cat. It's a bizarre form of biometrics, I suppose.
http://www.newscientist.com/ns/19991204/newsstory9.html
http://www.bitboost.com/pawsense/
And on the more mundane biometrics front, a security system is being developed that can identify people by their gait.
http://www.newscientist.com/ns/19991204/newsstory3.html
Jon Carroll's essay on the FBI's new anti-terrorist strategy is pretty funny. "Bob, show Mr. Carroll the attractive pen and pencil set we're offering just for a chance to talk to you about terrorism for a few minutes."
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/1999/11/15/DD43291.DTL
The German government is going to help fund the GPG effort. GPG is an open-source program that is compatible with (some versions of) PGP.
http://www.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html
http://www.gnupg.de/presse.en.html
Risks of "an
onymous" e-mail accounts: Someone sent a bomb threat from an account from an account named shadowmega@hotmail.com. The police contacted Hotmail, and found that the Hotmail account had been accessed at a particular date and time, using an IP
address owned by America Online. Using the AOL information, police identified exactly who was using that IP address at that time and were able to trace the sender to his apartment in Brooklyn.
<http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2324068,00.html> I posted this to comp.risks, and people pointed out that the police didn't need to contact Hotmail. The information is in the e-mail header.
This essay describes a copy-protection scheme from several years back that was actually successful (in part because the game it protected was never all that popular). There's a discussion of how software cracking works, and some interesting attempts to psych out
what crackers don't like to do and force them to do a lot of it in order to crack the game. It's security through obfuscation, of course, but the author is very clear that copy-protection is ultimately impossible and all you can do is discourage attackers that aren't
determined enough.
http://www.erasmatazz.com/library/JCGD_Volume_6/Copy_Protection.html
I know nothing about the Windows 2000 Encryption Pack, except what I read at this URL:
http://www.microsoft.com/windows/professional/beta/downloads/default.asp
An interesting article on simulating Web attacks:
http://all.net/journal/ntb/simulate/simulate.html
And someone's listing of the top ten computer hacks of all time:
http://home.cnet.com/specialreports/0-6014-7-1420567.html?tag=st.cn.1f%20d2.tlpg.6014-7-1420567
EPIC (Electronic Privacy Information Center), EFF (Electronic Frontier Foundation), and the ACLU have asked a federal appeals court to block rules that give the FBI power to determine appropriate wiretapping capabilities for new communications systems. The
groups claim that the levels of surveillance the FBI wants exceed what it is entitled to under the law.
http://www.epic.org/privacy/wiretap/calea/release_11_18_99.html
http://www.washingtonpost.com/wp-srv/WPlate/1999-11/18/155l-111899-idx.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2397376,00.html?chkpt=zdnntop
E-mail eavesdropping: Online bookseller Alibris will plead guilty to charges that they intercepted the e-mail sent by Amazon.com to business partners. This may be the first conviction of industrial e-mail espionage.
http://www.computerworld.com/home/print.nsf/all/991129CF52
Seymour Hirsch writes about the NSA's failures in the Internet age:
http://cryptome.org/nsa-hersh.htm
An NPR report on the same topic (audio):
http://www.npr.org/ramfiles/atc/19991129.atc.03.ram
Opinions on UNIX and Windows NT security, and the differing philosophies of the two operating systems:
http://www.zdnet.com/zdtv/cybercrime/story/0,3700,2382021,00.html
Is buggy software inevitable? It is, as long as market forces reward it. There is no liability for buggy software, so there is no economic incentive to create quality software. In fact, there is an economic incentive to create the lowest quality the market will bear. This
_Business Week_ article discusses the problem:
http://www.businessweek.com/1999/99_49/b3658015.htm
The DVD crypto break affects the release of new products:
http://www.eet.com/story/OEG19991202S0046
http://www.theregister.co.uk/991203-000006.html
The Smart Card Security Users Group (SCSUG), which is composed of Visa, AmEx, Europay, MasterCard, Mondex, JCB, and the National Information Assurance Partnership (NIAP = NIST + NSA). They've written a Protection Profile, and have posted it for
comment:
http://csrc.nist.gov/cc/sc/sclist.htm
PGP got a world-wide export license:
http://www.nai.com/asp_set/about_nai/press/releases/pr_template.asp?PR=/PressMedia/12131999.asp&Sel=647
http://www.infoworld.com/articles/en/xml/99/12/13/991213enpgp.xml
And two smart card breaks to finish things off:
Number 1. A French engineer succeeded in factoring the 640-bit RSA key stored in the chip on the card (all French "CB" credit cards have had a chip since 1990). He contacted the conglomerate (GIE) that makes these cards; now he's being sued by GIE for fraud
and intrusion and risks seven years in prison, as well as a 5M-franc ($800K) fine. GIE has also censored TV programs where he should have been interviewed, and claim he is blackmailing them. Meanwhile, they are not fixing the problem. The weakness? The
payment terminal: another good illustration of "weakest link in the chain" attack.
http://www.pele.org/english/smartcard.htm
Number 2. German hackers have succeeded in cracking the Siemens digital signature chip, used in electronic payment and access control systems throughout Germany. It seems that there was an undocumented test mode of the chip that allows someone to dump the
card's memory. Already the code has been disassembled, and some private keys have been compromised.
http://www.theregister.co.uk/991201-000021.html
New U.S. Crypto Export Regulations -- Draft
On November 22, the White House released a draft of its new crypto export regulations. These new regulations are part of the changes promised in September. These regulations were due to be released on December 15, but have been delayed until January 15.
The regulations do some of what's promised -- allow for export of 56-bit and 64-bit encryption products -- but fall far short of the promises made in September.
I have three main objections:
One: These regulations affect end-user products only. The primary uses of cryptography are not for end-user products. They do not affect Internet routers, firewalls, VPNs, CAs, etc. They do not affect software toolkits. These regulations do not affect technical
assistance.
Two: While these regulations permit the export of open-source cryptography code, there are some nasty complications. Near as I can tell, I can post crypto source on my Web page, but if a foreign company wants to use it I am obligated to make them get U.S.
approval for the end product. Not only is this ridiculous, it is completely unenforceable. (Although you can see the NSA salivating at the chance to get their hands on all of those foreign products.)
Three: These regulations are much too complicated. Instead of simply lifting export restrictions, this proposal just adds to the confusion. Heavy reporting and review requirements have always served the interests of those trying to stop the spread of strong
cryptography. There are so many ifs, ands, and buts in these regulations that many will simply not bother. There are enough ambiguities to keep the lawyers busy for years. This is not the simplified and streamlined export process that we have been promised.
Rumor has it that the Administration is addressing these (and other) concerns in the final regulations, and that the month delay was to make sure they were addressed. They are redoing the definition of "non-commercial" source code, trying to spell out the screening
requirements (which they claim will be easy to comply with), and streamlining any reporting requirements. If this is true, the final version of this could be quite good. People I trust, who are closer to the process than I am, are "guardedly optimistic." We'll see.
Draft regulations:
http://www.epic.org/crypto/export_controls/draft_regs_11_99.html
News reports:
http://www.washingtonpost.com/wp-srv/WPlate/1999-11/24/105l-112499-idx.html
http://www.computerworld.com/home/news.nsf/all/9911243cryptdraft
http://news.cnet.com/category/0-1005-200-1463231.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2399788,00.html?chkpt=zdnntop
http://www.wired.com/news/politics/0,1283,32732,00.html
Counterpane Internet Security News
You may have some noticed some changes around Counterpane. Here's the news:
Last summer I teamed up with seasoned start-up CEO Tom Rowley to start a new company: Counterpane Internet Security, Inc. This company will address the critical need for higher level security services on the Internet. My motto is: "The fundamental problems in
computer security are no longer about technology; they're about applying the technology."
We have raised funding, and are now putting the technical and business management teams in place. We're keeping a low profile for now, but we're actively hiring. See http://www.counterpane.com/jobs.html for details.
My consulting company, Counterpane Systems, has become the research division and working laboratory of Counterpane Internet Security, Inc. Renamed Counterpane Labs, it will provide ongoing research and critical resources to the newly formed company.
Counterpane Labs will continue to engage in cryptography research, and to support the Twofish AES submission.
Bruce Schneier's article on attack trees has been published in Dr. Dobb's Journal:
http://www.ddj.com/articles/1999/9912/9912a/9912a.htm
See also the presentation on the topic at:
http://www.counterpane.com/attacktrees.pdf
And the discussion on Slashdot:
http://slashdot.org/article.pl?sid=99/12/02/232229&mode=thread&threshold=0
The Doghouse: Egg
Egg, a UK banking and investment firm, sent customer credit card details out in unencrypted e-mails. "We didn't think [sending credit card details in unsafe e-mails] was a security problem," a spokeswoman for Egg conceded today. "We've now accepted that this was
not best business practice."
http://www.theregister.co.uk/991130-000015.html
Fast Software Encryption 2000
Fast Software Encryption is an annual workshop on cryptography. The first Fast Software Encryption workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, and Rome in 1999. The workshop
concentrates on all aspects of traditional cryptographic algorithms, including the design and analysis of block ciphers, stream ciphers, and hash functions.
The seventh Fast Software Encryption workshop, FSE 2000, will be held from 10-12 April 2000, in New York, at the Hilton New York and Towers. It will be in conjunction with the 3rd AES Candidate Conference (same location, 13-14 April 2000). We expect that
most people will attend both FSE and AES.
Come, experience the wonders of symmetric cryptography. Watch the AES finalists battle it out in a war of cryptanalyses, comparisons, and vague innuendoes. If you're a corporation, please help by sponsoring the event. Register by the end of the year and save some
money.
Fast Software Encryption Workshop:
http://www.counterpane.com/fse.html
Third AES Candidate Conference:
http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm
European Cellular Encryption Algorithms
There's been a lot of bad information about what kinds of encryption are out there, what's been broken, and how bad the situation really is. Here's a summary of what's really going on.
GSM is the world's most widely used mobile telephony system (51% market share of all cellular phones, both analog and digital), with over 215 million subscribers in America, Europe, Asia, Africa, and Australia. In the US, GSM is employed in the "Digital PCS"
networks of such telecommunications giants as Pacific Bell, Bell South, and Omnipoint.
There are four cryptographic algorithms in the GSM standard, although not all the algorithms are necessarily implemented in very GSM system. They are:
A3, the authentication algorithm to prevent phone cloning
A5/1, the stronger of the two voice-encryption algorithms A5/2, the weaker of the two voice-encryption algorithms
A8, the voice-privacy key-generation algorithm
(Remember, these voice-encryption algorithms only encrypt voice between the cellphone and the base station. It does not encrypt voice within the phone network. It does not encrypt end to end. It only encrypts the over-the-air portion of the transmission.)
These algorithms were developed in secret, and were never published. "Marc Briceno" (with the Smartcard Developer Association) reverse-engineered the algorithms, and then Ian Goldberg and David Wagner at U.C. Berkeley cryptanalyzed them.
Most GSM providers use an algorithm called COMP128 for both A3 and A8. This algorithm is cryptographically weak, and it is not difficult to break the algorithm and clone GSM digital phones.
The attack takes just 2^19 queries to the GSM smart-card chip, which takes roughly 8 hours over the air. This attack can be performed on as many simultaneous phones in radio range as your rogue base station has channels.
The Berkeley group published their COMP128 analysis in April 1998. They also demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The algorithm takes a 64-bit key, but ten key bits
were set to zero. This means that the keys that secure the voice-privacy algorithms are weaker than the documentation indicates.
They published and analyzed A5/2 in August 1999. As the weaker of the two voice-encryption algorithms, it proved to be very weak. It can be broken in real-time without any trouble; the work factor is around 2^16. Supposedly this algorithm was developed with
"help" from the NSA, so these weaknesses are not surprising.
The Berkeley group published A5/1 in May 1999. The first attack was by Jovan Golic, which gives the algorithm a work factor of 2^40. This means that it can be broken in nearly real-time using specialized hardware. Currently the best attack is by Biryukov and
Shamir. Earlier this month they showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation.
All GSM providers and equipment vendors are part of the GSM Association. The algorithms were designed and analyzed by the secretive "SAGE" group (which is really part of ETSI). We don't know who the people are or what their resumes look like. What we do
know is that the SAGE security analyses of the ciphers are online at ETSI's homepage in PDF format. Read it; it's entertaining. A5/1 is purported to be a modified French naval cipher. This is mentioned in the leaked Racal document.
What's most interesting about these algorithms is how robustly lousy they are. Both voice-encryption algorithms are flawed, but not obviously. The attacks on both A5/1 and A5/2 make use of subtle structures of the algorithm, and result in the ability to decrypt voice
traffic in real time on average computer equipment. At the same time, the output of the A8 algorithm that provides key material for A5/1 and A5/2 has been artificially weakened by setting ten key bits to zero. And also, the COMP128 algorithm that provides the
keying material that is eventually weakened and fed into the weakened algorithms is, itself, weak.
And remember, this encryption only encrypts the over-the-air portion of the transmission. Any legal access required by law enforcement is unaffected; they can always get a warrant and listen at the base station. The only reason to weaken this system is for *illegal*
access. Only wiretaps lacking a court authorization need over-the-air intercepts.
The industry reaction to this has been predictably clueless. One GSM spokesman claimed that it is impossible to intercept GSM signals off the air, so the encryption breaks are irrelevant. Notwithstanding the fact that GSM interception equipment was once sold openly
-- now it's illegal -- certainly the *phone* can receive signals off the air. Estimated cost for a high-quality interception station is well under $10K.
GSM analysis:
http://www.scard.org/gsm/
http://www.jya.com/crack-a5.htm
GSM Association Web site:
http://www.gsmworld.com
News reports:
http://wired.lycos.com/news/politics/0,1283,32900,00.html
http://www.nytimes.com/library/tech/99/12/biztech/articles/07code.html
Comments from Readers
From: bill@carpenter.ORG (WJCarpenter)
Subject: Electronic voting, replying to Greg Weiss
> Are e-votes more prone to voter coercion?
>
> I used to agree with you on this. But when talking with someone
> about absentee balloting this last week, it seems to me this
> problem is equally present in today's non-virtual scenario. How?
> Well, absentee ballots enable voter coercion in the privacy of
> non-public polling places. E-votes are not particularly more
> subvertible than absentee ballot votes at least from the voter
> coercion threat.
> Now with absentee ballots, there is one further protection. One
> can apparently still vote in person at the polling place, and their
> polling-place vote takes precedence over their absentee ballot.
Hmmm. I had the opportunity to describe the coercion problem to a non-technical person recently, and the absentee ballot parallel was immediately obvious. Equally obvious were the critical differences.
First, it is probably true that only a small percentage of voters use absentee ballots (beats me, an ambitious person could easily find out; my guess is that 15-20% is a big number). So, even if the absentee ballot system is completely corrupted by coercion,
its effects are limited. Sure, absentee ballots decide some elections, but those are close elections to begin with.
There is a dis-incentive to use absentee ballots because you must commit your vote several days in advance of the election. My intuition tells me that for most common cases people make up their minds at the last minute, perhaps even in the voting booth,
and they are subconsciously aware of this. It seems likely to me that more people who truly need an absentee ballot (because they will be out of town or whatever) will forgo voting altogether.
Electronic voting would presumably be made more convenient, even more convenient than traditional voting booth voting (no standing in line, no finding a parking place, no finding someone to watch your toddler for you). It is this convenience that should
make it much more popular than absentee ballots have ever been. One could probably look at the case of electronic filing of tax returns (where you have to actually pay a fee) for how fast something like this could catch on. Electronic voting should be
even more popular.
Second, the forced delay in the absentee ballot process should be missing from electronic voting. Electronic voting doesn't carry the logistical burden of paper absentee ballots, and so it could be done exactly on election day. The success rate of a coercion
scheme is probably related to how long you would have to control someone to keep them from going to the voting booth. (This doesn't mean that electronic voting wouldn't come with an artificial delay if one or more dominating political parties saw an
advantage in that.)
From: Dave Sill <de5@sws5.ctd.ornl.gov>
Subject: "Why Computers are Insecure"
Regarding your "Why Computers are Insecure" piece, I think you're almost completely wrong.
Yes, designing and implementing secure software is very hard, but it's not as hard as you make it sound.
Proving security is, of course, impractical for any reasonably complex system, but, then, so is proving correctness. Does the inability to prove that software does the right thing mean we can never build software that works? Of course not.
We're in the midst of a software quality crisis, and security problems are just one symptom.
The problem is simply that users don't put a premium on reliability or security. Users want features above all else, and they're willing to accept a wide range of bugs as long as a product has the desired features. Until reliability and security are features
that users demand, vendors won't go to the expense of providing them.
We've got to get up, go to our windows, and shout "I'm as mad as hell, and I'm not going to take it anymore!" We've simply got to stop using poorly designed and implemented software.
Yes, "virtually all software is developed using a 'try-and-fix' methodology" -- but that's not the only software development methodology available. Software can be engineered for reliability and security just like it can be engineered to implement certain
capabilities.
And, yes, Windows 2000 will have many more bugs than any software system in history. But that's due more to Microsoft's poor design and engineering than it is to the mind boggling complexity of the system.
From: bartels@pixelmagic.com
Subject: "Why Computers are Insecure"
> Almost every week the computer press covers another security flaw:
> When will it get better? ... I don't believe it ever will....
> Security engineering is different from any other type of engineering. ...
> In many ways this is similar to safety engineering. ...
> The only reasonable way to "test" security is to perform security reviews. ...
> Satan's computer is hard to test.
I believe you're missing the real problem here.
I was a verification engineer for two years, testing the software in the Boeing 777 fly by wire computer. I've worked on "Satan's computer" as you put it. We played "devil's advocate" continuously looking for flaws in the design or flaws in the code that
might lead to a bug. A benchmark to thoroughness, one module consisted of 30 pages of B size "schematics" which showed the arithmetic flow and design for the module. I cant remember the exact number of lines of code, but I seem to recall it was
roughly 20 pages of solid code. I spent three months reviewing that one module.
Here's the part I think you're missing though. Our group was self driven to do their job. Boeing paid us to do our job, sure. And Boeing could be liable if the plane crashed, absolutely. The FAA gave us the requirements for testing software, yes. But at the
heart of it all, I think we were clearly driven by a simple concept: We could all see the consequences if we failed our task.
People were putting their lives in our hands. Our software literally keeps the plane in the air. If we didn't do our job, people could die. It was a universally clear cut mission. It was something everyone on the team could identify with.
There is not a universally clear consequence to bad encryption systems. Companies who produce systems have no clear cut consequence that the engineers "in the trenches" can identify with. They get paid, either way. They have never been held liable
for poorly implemented encryptions systems.
From: Greg Guerin <glguerin@amug.org>
Subject: Security engineering comparison
I really liked the feature article in Nov 99 Crypto-Gram. The analogy to safety engineering was excellent. It left me with a nagging feeling I'd recently read something about safety engineering, but I couldn't pin it down. The answer recently clicked into
place while filing magazine back-issues.
There is an article entitled "Safety Critical Embedded Systems" in the Oct 1999 issue of "Embedded Systems Programming": <http://www.embedded.com/mag.shtml>
Unfortunately, this particular article isn't on-line, but reprints or back-issues can be ordered.
Anyway, the article was a clear concise overview of safety engineering, with an emphasis on embedded systems. I won't try to summarize it, because I'd just end up repeating the whole article. But I will list the safety guidelines at the end of the article:
* All safety-related systems have hard real-time deadlines.
* Safety always requires some level of redundancy.
* Whenever possible, separate and isolate the safety-critical aspects of the system.
* Safety is a system issue, not a software issue.
* The key to a safe design is predictability.
* Err on the side of simplicity.
* Good design practices are required.
* Good design practices are not enough.
* Plan for all your assumptions to be violated.
It's kind of eerie to realize that every one of these applies in full measure to security engineering, even the "hard real-time deadline." In safety systems, it means that a fault must be detected quickly enough for it to be acted on in order to avoid an
accident. A fault-detector that triggers only after an accident has happened is worthless. In security systems, not detecting a breach in a timely manner diminishes the usefulness of detection. Security systems have the added difficulty of not always being
able to detect a breach -- encryption algorithms usually can't tell if they've been cracked or not.
From: "Nicholas C. Weaver" <nweaver@CS.Berkeley.EDU>
Subject: DVD encryption, reason for multiple keys...
The reason for the multiple key structure (session key for the DVD, encrypted separately by the 400 odd player keys) was so that if, say, a single key was made public, they could remove that key from future DVDs produced, essentially acting as a
limited key rescission measure. A good idea if their encryption algorithm itself wasn't incredibly dinky and highly vulnerable to a known plaintext attack.
Also, they probably did deliberately choose a 40-bit scheme, simply to avoid any potential export complications. It would be bad to have a DVD player classed as a "munition," even if it is perfectly useless to actually encrypt real data.
One other observation: The encryption never prevented organized, digital, DVD piracy, since that only requires the manufacturing of a bitwise copy of the DVD. It only prevented the organized pirates from removing region encoding information.
Similarly, the many keys is probably for region encoding. Since software players were often set up (and I know my computer hardware player is) to specify a region with limited abilities to change it, the different keys probably represented the player
acting as a different "region."
Finally, the only reason why people bothered to crack the encryption at this time is because there were no players which worked under Linux. If there was a Linux software DVD player, the encryption probably wouldn't have been publicly cracked for
months or years, because there wouldn't have been an incentive for it.
From: NBII <afn41391@afn.org>
Subject: DVD encryption cracked
A good article.
In addition to your recommended links, I would suggest you include the following VERY well written treatise on Digital IP and Copyrights by J.P. Barlow:
http://www.wired.com/wired/archive/2.03/economy.ideas.html?topic=&topic_set=
I have yet to read a better overview of the problems inherent in the current presumptions about IP and how it "will work" in the coming economy.
You'll note that, in 1994, he "predicted" what is essentially exactly the problem and the situation you describe.
From: Roger Schlafly
Subject: Elliptic Curve Public Key Cryptography
I'd go with elliptic curves if you need security for decades. The elliptic curve DL problem seems to be much more intrinsically difficult than the RSA problem. Elliptic curve systems also give better protection against Moore's Law. If you accept the
Lenstra-Verheul analysis, then you need to use 3000-bit keys with RSA, and almost no one is doing that.
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe, visit http://www.counterpane.com/unsubform.html. Back issues are available on http://www.counterpane.com.
Please feel free to forward CRYPTO-GRAM to colleagues and friends who will find it valuable. Permission is granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is founder and CTO of Counterpane Internet Security Inc., the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of the International
Association for Cryptologic Research, EPIC, and VTW. He is a frequent writer and lecturer on computer security and cryptography.
Counterpane Internet Security, Inc. is a venture-funded company bringing innovative managed security solutions to the enterprise.
http://www.counterpane.com/
Copyright (c) 1999 by Bruce Schneier
@HWA
27.0 Hong Kong Blondes Give Extremely Rare Interview
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by n0b0dy
Anthony C. LoBaido, a roving international
correspondent for World Net Daily, claims to have spent
seven weeks with the Hong Kong Blondes in a rare and
exclusive interview. The Hong Kong Blondes are a
subversive group that is attempting to disrupt China's
infrastructure through electronic means. The weird issue
here is that this unprecedented interview fails to reveal
much in the way of new verifiable data. Which seems
weird since this guy supposedly spent seven weeks with
them. It does however, seem to tie together all the
facts that have already been published about the HKBs.
World Net Daily
http://www.worldnetdaily.com/bluesky_exnews/19991216_xex_hack_planet.shtml
(Hack the planet?)
WARS AND RUMORS OF WARS
The Beijing hack attack
Hong Kong-based cyber warriors
build anti-China techno army
© 1999 WorldNetDaily.com
Editor's Note: Computer hacking - once the shadowy
domain of misfits, pranksters techno-critics and spies
- has taken center stage. While Y2K "czar" John
Koskinen pleads publicly with hackers to cease and
desist during the century date-change, reports
escalate daily of cyber-terrorism threats and
malevolent computer viruses embedded in e-mail,
timed to activate on Jan. 1.
But there is another side to hacking.
WorldNetDaily's roving international correspondent,
Anthony C. LoBaido, while enduring seven weeks of
one of Hong Kong's hottest summers on record, was
allowed into the secret realm of one of the world's
leading computer hacking organizations.
By Anthony C. LoBaido
© 1999 WorldNetDaily.com
HONG KONG -- What
do blondes, Jack in the
Box tacos and 21st
century cyber-warfare
have in common?
Everything, apparently, if
you're one of the elite and
stealthy soldiers in Hong
Kong Blondes' computer hacking universe.
These committed soldiers are locked in mortal combat
with the government of the People's Republic of China
and the transnational corporations who profit from
dealing with it.
"Human rights are a global concern and we have no
second thoughts about attacking the multinational
corporations who profit off of the human rights abuses
committed against our Chinese brothers and sisters by
their own government," says Databyte Cowgirl, one of
the leaders of the Hong Kong Blondes.
Along with numerous other members of the Hong Kong
Blondes, Databyte Cowgirl was interviewed by
WorldNetDaily over the course of seven weeks in July
and August of 1999, as well as during the past several
weeks.
"The Chinese government officials are just as bad as the
Nazis. Only, for some reason, the multinational
corporations find China and other communist regimes
around the world to be more politically digestible," she
added.
"The gross human rights violations of the Chinese
leadership, like the logai gulag system, religious
persecution, forced organ harvesting, abortion and the
crackdown on the Falong Gong Tai Chi movement are
the epitome of evil. The only way we have to fight
against them is via the high-tech realm."
The story of the Hong Kong Blondes is a fascinating,
twisted tale, stranger than fiction.
To begin, the group was formed by the infamous (to the
communist Chinese dictatorship) or renowned (to
computer "hackers" the world over) Blondie Wong.
Although his name is unfamiliar to the general public of
both American and China, Blondie Wong is a man who is
well known to the Chinese government, the People's
Liberation Army, the National Security Agency of the
U.S., the CIA, FBI, Interpol and numerous Fortune 500
companies.
Although he now lives in exile in Toronto, Canada, under
the protection of armed bodyguards, as a young boy
Blondie Wong saw his beloved father stoned to death by
Chairman Mao's Red Guards during the Cultural
Revolution. Years later he traveled to the United
Kingdom, where he entered university and studied to
become a teacher. In the summer of 1989, after
witnessing the Tienanmen Square massacre on television,
Blondie Wong decided to form the Hong Kong Blondes
and their sister hacking group, the Yellow Pages.
At first, Wong started small -- organizing a close circle of
friends he believed he could trust. Later he launched an
international recruiting campaign aimed at some of the
finest computer engineering universities in America and
around the world.
Ranging from Cal Tech to MIT, Blondie Wong
assembled an elite army of sympathetic hackers. Young
men and women who only a few short years before had
been high school geeks with thick glasses and pocket
protectors now became the front line of attack against
the communist Chinese government.
They pledged allegiance to Blondie Wong's crusade
against communist China and turned their collective
computer science and engineering skills into a sharp
spear. Within a few months, this spear was capable of
penetrating the internal affairs of China's military
industrial complex, as well as the Western transnational
corporations that do business with China.
"One of the reasons that human rights in China are not
further ahead is because they have been de-linked from
American trade policy," Wong said in a document
released through Cult of the Dead Cow, a U.S.-based
hacker group that has advised the Blondes on technical
issues.
"When human rights considerations were associated with
doing business with the United States, at least there was
the threat of losing trade relations, of some form of
punishment. Now this just doesn't exist. Beijing
successfully went around Congress and straight to
American business, so in effect, businessmen started
dictating foreign policy," Wong explained.
"By taking the side of profit over conscience, business
has set our struggle back so far that they have become
our oppressors too," Wong said.
To deal with their oppressors, the Blondes began reading
the private email of multinational executives and People's
Liberation Army officers. They downloaded secure
information such as satellite access codes, and even
produced forged credentials giving Hong Kong and
mainland colleagues access to People's Liberation Army
facilities.
Closer to home in Hong Kong, the Blondes began
meeting at a local Jack in the Box restaurant, where they
would munch on tacos while exchanging customized
diagnostic software tools with one another. These tools
were used to launch attacks against the PLA's computer
systems through DoS or "Denial of Service" - in which a
system is overloaded with millions of "hits" on a website.
Other attack modes include erasing important data,
altering and planting disinformation, and "spoofing" or
attacking the processor of a computer network so as to
gain root privileges -- the ability to execute commands
and functions -- within the PLA network.
As time progressed, members of the Hong Kong Blondes
leadership told WorldNetDaily they began actually to
install codes within the PLA computer mainframes. By
using cellular modems, they were able to monitor the
electromagnetic signals emitted by PLA computers by
remote means. The Blondes even planted transmitters
within the offices of the Chinese government, People's
Liberation Army and foreign corporate headquarters in
order to monitor their activities and infiltrate their
computer networks.
For those who doubt Blondie Wong's legions and
capabilities, the group, as if to prove itself, temporarily
disabled a key People's Liberation Army military satellite.
Several PLA military officers questioned by
WorldNetDaily in Hong Kong confirmed this intrusion.
In fact, the Chinese government and military officially
recognized the unauthorized attack on their hardened,
restricted systems in a press release.
"In 1999, there were 228 cyber-attacks launched within
Hong Kong, in 1998, there were only 34," said Lo Yik
Kee, chief superintendent of the newly formed Police
Computer Crime Bureau, which will start operations on
January 1, 2000.
"We've seen a large increase in hacking incidents and
due to the transnational nature of this kind of activity, it
will only increase in the future."
The Jack in the Box restaurant where the Hong Kong
Blondes used to meet was closed down, putting an end to
the group's taco fests. Yet, the space was renovated into
an Internet café, from which the group first launched its
PLA infiltrations. Since then, the cyber cafe, which stood
near the TST subway station on Hong Kong Island, has
been closed down as well. But the hacking unit formed
by Blondie Wong continues to grow.
According to China's Ministry of Public Security, there
were 72,000 cyber-attacks launched against the PLA on
mainland Chinese soil in the first nine months of this
year. Of those, 165 were admitted to have been
"successful."
A spokesman for the National Security Agency in
Washington, D.C. told WorldNetDaily that there are
"less than 1,100 recognized hacking experts worldwide."
Blondie Wong and his followers definitely appear to be
included in that number.
"The PLA is about to launch a fourth division of its
military," said Ashton Tyler Baines in a recent interview
with WorldNetDaily. A London-born computer
programmer who now lives in the New Territories north
of Kowloon Island in the Hong Kong Special
Administrative Region, Baines has been a member of the
Hong Kong Blondes for the past two years.
"The PLA wants to control the cyberspace of its
enemies, while at the same time preventing attacks on its
own cyberspace," she explained.
Baines told WorldNetDaily that the Hong Kong Blondes
and the Yellow Pages have "already placed over 40
social engineers [computer operators who act as moles
for the Blondes] inside the PLA's newly created
cyberspace division."
"The PLA is in for a rude awakening. We can infiltrate,
alter and even crash several of their networks. We're
putting in backdoors. We're writing bad code into the
CD-ROMs they use as backups for their off-line servers.
We have already infected the backup off-site copies of
their CD-ROMs. We understand most of their security
protocols because we wrote most of them into the
software," she added.
As one would expect, the Hong Kong Blondes are a
secretive group who depend totally on the honor of their
members. Yet their leaders told WorldNetDaily they
"encourage other interested parties to form their own
hacking groups."
The Hong Kong Blondes won't disclose the numbers on
their membership roster for two reasons. Primary, of
course, is concern for the security of their members. But
the Blondes also admit they aren't exactly sure just how
many elite hackers around the world have aligned
themselves with their agenda.
"Ironically, we follow Chairman Mao's dictates of
warfare. We are organized into small cells which are
independent of one another. Cut off one head of a cell,
and another will emerge in its place," said Baines.
"Anyone can join our cyber army. The goals and
objectives are clear and well known in underground
hacking circles. First, infiltrate the PLA -- their
communications satellites, space program and
supercomputers, which can perform billions of operations
in a single second. Second, the multinational corporations
who are feeding the PLA weapons frenzy. Third, we like
to go after COSCO (the Chinese Overseas Shipping
Company) which is nothing more than a front for the
PLA to acquire the financial muscle it needs to expand
and threaten Free Asia and the West."
According to Databyte Cowgirl, the Blondes and the
Yellow Pages are also targeting the financial operations
of Ted Turner's CNN and his Atlanta Braves Baseball
team, as well as transnational companies "like Coca-Cola
who do business with the Islamic jihad government of
Sudan." She was referring to the Sudanese "holy war"
that has resulted in the deaths of millions of black South
Sudanese Christians since 1983.
Additional targets include AT&T's new Lucent
Technologies, which will handle future "cashless"
transactions over the telephone, and the Hong
Kong-based Hutchison Whampoa corporation, the latter
with known ties to the People's Liberation Army.
Hutchison Wampoa is due to take over the operation of
the strategically vital Panama Canal in the year 2000.
"It's high time we began attacking the money the elite
has stashed away by arming the PLA and profiting on
the suffering of the Chinese people," said Baines.
"Banking, stocks, bonds, IRAs, gold bullion, money
transfers, pension accounts and everything else you can
think of. If the CIA can go after the bank accounts of
(Serbian President) Milosevich, then we can go after the
private bank accounts of China-lovers like Henry
Kissinger and Madeleine Albright. Kissinger makes
millions of dollars every year speaking and lobbying on
behalf of Western multinational engagement with China.
That's blood money on his hands and we intend to take it
back -- so he'd better be hiding his money under his
mattress."
Tracey Kinchen, a former M1-5 agent with British
Intelligence, assists the Hong Kong Blondes and the
Yellow Pages with acquiring fake travel credentials and
other sensitive items needed for international travel.
Kinchen brings three qualities to the Hong Kong Blondes
which its members claim are indispensible. First, she is
the group's only natural blonde. Second, she is the spitting
image of Hollywood actress Julie Holden. Third, and
most importantly they say, she loves Jack in the Box
tacos.
In an interview with WorldNetDaily conducted at the
World Trade Center in Bangkok, Thailand, Kinchen
spelled out the reasons she supports the Hong Kong
Blondes' efforts.
"Blondie Wong and the Hong Kong Blondes would never
want to hurt anyone. They follow Ghandi's and Martin
Luther King's worldview of non-violence," she told
WorldNetDaily.
"But they also understand that the nature of warfare has
changed. Who could have known that the
supercomputers the Pentagon only dreamed about a half
century ago would one day become home appliances
capable of the most high-tech industrial espionage?"
Kinchen said that information technology is the "refuge
of last resort" and the "perfect medium to conduct low
intensity warfare."
"The NSA's budget is eight times larger than the CIA's.
They handle most of the intelligence workload. Yet, with
all of their state of the art equipment they haven't been
able to touch Blondie Wong, or any of us for that
matter."
While maintaining strict loyalty to Blondie Wong and his
compatriot, the shadowy Lemon Li who lives in exile in
St Nazare, France, the Hong Kong Blondes and the
Yellow Pages are rapidly expanding.
In addition to cells at Cal Tech and MIT, the group has
set up new cells at Baylor, Texas A&M, West Point,
Liberty Baptist -- and the Air Force Academy in
Colorado.
"Our movement is a lot like witchcraft in colonial Salem,"
said Michael Ming, a Chinese-born computer science
student at Texas A&M University in College Station,
Texas.
"Most people assume "The Crucible" version of unjust
witch hunts in Salem is the truth. But I believe witchcraft
was real and powerful in Salem. Not because of the
witches, but because the general population believed that
it had real power. As long as the PLA knows we're out
there, we'll be agitating them and taking away their
comfort zone."
Ming added, "Now that the NSA, Echelon and PLA
understand that we have a virtually undetectable,
un-infiltratable, loose-knit organization with total
allegiance to Blondie Wong and his goals, we're going to
become even more of a threat to them. Even if they
found us and took us out, thousands would rise up to take
our places. Even the PLA can't kill that fast."
The Hong Kong Blondes recently presented this
WorldNetDaily reporter with a large mahogany replica of
Noah's Ark, complete with 500 animal and people pieces.
The ark was hewn by persecuted priests who languish
inside the boundaries of mainland China.
This band of anarchists, snoops, humanists, Christians,
Buddhists and blondes, both real and imagined, has united
in pursuit of a common goal -- to "fight the powers that
be" by "hacking the planet."
This reporter recently said goodbye to the Hong Kong
Blondes' Thailand-based cell at the "Pam Pam"
restaurant in Bangkok's World Trade Center. Pam Pam
is the innocuous name given to Thailand's newest Jack in
the Box franchise. The restaurant's menu features every
item Jack in the Box lovers crave, from curly fries to
sourdough burgers. Conspicuously absent are the tacos.
Yet, hanging on the walls of Pam Pam's restaurant are
giant pictures of the beloved tacos. And just below those
pictures sit a neat row of state of the art computers, just
waiting for the birth of a new Hong Kong Blondes cell.
Hack the planet.
Anthony C. LoBaido is a roving international
correspondent for WorldNetDaily.
@HWA
28.0 Netscape Password Issue is Not New
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Ryan
Looks like the Netscape mess announced yesterday,
where people's email passwords are left laying around on
your hard drive, was actually first discovered over a
year ago and it is much simpler than first thought. To
Netscape's credit they are just conforming to the POP3
protocal which sends passwords in the clear anyway.
Thievco
http://www.thievco.com/advisories/nspreferences.html
Security Focus
http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-11-1&msg=Pine.LNX.3.96.981106155713.27067A-100000@sprite.netnation.com
Netscape Preferences File Issues
11/16/98
This isn't much of an advisory... in fact, the credit goes elsewhere (see below.) I wrote a short piece of code in relation to this, though, so I wanted to publish that. Thanks to Holger van Lengerich for the heads-up.
Got this note via Bugtraq:
Hi!
The Netscape Communicator 4.5 stores the crypted version of used
mail-passwords (for imap and pop3) even if you tell Netscape to *not*
"remember password" in the preferences dialog.
Damage:
=======
IMHO this means, that anybody who can read your preferences.js ("prefs.js"
in the MS dominion) is problably able to read your mail or even get your
plaintext-password.
How to reproduce:
=================
- start Communicator
- be sure "remember password" is disabled in the preferences dialog for the
"Incoming Mail Server".
- get mails from Server (you get asked for your mail-password)
- exit Communicator
- edit preferences.js in $HOME/.netscape (MS-Users: prefs.js in your
NS-Profile-Path)
- search for something like:
--- 8< ---
user_pref("mail.imap.server.mail.password", "cRYpTPaSswD=");
user_pref("mail.imap.server.mail.remember_password", false);
--- >8 ---
- Now change "false" to "true".
- Save the file
- Start Communicator
- get mails
... now you are not asked for any password but can read all your mail! :(
Affected:
=========
probably all Communicator-4.5-packages on ALL operating systems.
I was able to reproduce this behavior on:
- Sun Solaris
- Linux (glibc2)
- MS Windows NT.
Workaround:
===========
Don't use Communicator 4.5 to fetch mails from your IMAP/POP server or be
very sure that no one can read your Netscape-preferences-file!!!
Regards,
Holger van Lengerich, "pine"-user :)
PS: The preferences.js is send to Netscape on Communicator-crash, isn't it?
----------------------------------------------------------------------------
Holger van Lengerich - University of Paderborn - Dept. of Computer Science
System-Administration - Warburger Str. 100 - D 33098 Paderborn - Germany
mailto:gimli@uni-paderborn.de - http://www.uni-paderborn.de/admin/gimli
I did a little investiagting, and found that he was quite correct. I use
Communicator 4.5, and use the POP reader, told it not to remember my
password (it prompts each time I launch it) and yet, in my preferences.js
file, there's a obscuficated copy of my password.
I got curious about the encoding of the password. It's obviously trivially
reversable if the algorithm is know, because Netscape can do it. If you've
spent any time looking at base-64 encoded text, it was obvious that the
password was base-64 encoded. So, I found a handy PERL module to do
encoding/decoding, learned enough PERL to write a bit of code to apply it,
and looked at the results. I got a string back that was not my original
password. I tried it with another password, same results. I did notice
one thing though... both my passwords were 7 characters long, and the
resulting strings after the decode were also the same length.
So, on a hunch, I took each hash and XORed it with the original password
(REAL easy in PERL.) I got the same string back, both times. Aha!
Here's the note I sent back to Bugtraq:
>Does anybody know the algorithm used to encrypt the passwords in
>Communicator??
Apparantly, it takes the plaintext, xors it with a fixed string,
and base64 encodes the result:
use MIME::Base64;
print ((decode_base64('NLyIPunfKw==')) ^ ("\x56" . "\xc9" . "\xef" .
"\x4a" . "\x9b" . "\xbe" . "\x5a"));
You need the MIME perl module.
This one is good up to 7 characters, because that's how long a couple of
POP passwords I have are :)
Should be pretty straightforward to extend beyond 7 characters.. just take
the encoded string from the prefs file, base64 decode it, and xor it with
your password in plaintext. What you'll get is the fixed string to xor
with.. just extend the bytes I have above. The sequence of bytes is
non-obvious as to the meaning (at least to me.) It doesn't spell anything
in ASCII. Let me know if it doesn't work on your passwords.. I'm curious.
I only had a couple to try.
After that I went poking around a few home servers at my day job, to see if
anyone had voluntarily chosen to save their password on their unix version
of Netscape (we haven't rolled out 4.5 yet.) I found a couple, and was able
to decode their passwords. I noticed a few other interesting things as well
... such as the fact that it's not just POP/IMAP passwords, it's also HTML
publishing passwords and NNTP passwords as well. Plus, as an extra bonus, it
creates the preferences.js files on the unix side so that they're world
readable. I also managed to get the root password that one of our sysadmins
had used to publish a web page and set it to it to save the password! Doh!
Bad SA!
If you need a version that does more than 7 characters, and you can't figure
it out yourself, mail me a copy of your preferences file :)
@HWA
29.0 No E-Commerce Sites Offer Even Basic Privacy Protection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
A study by the Electronic Privacy Information Center has
scrutinized privacy policies on 100 of the most popular
online shopping sites and compared those policies with fair
information practices. The group found that none of the
100 sites met all of the basic criteria for privacy
protection.
The Washington Post
http://washingtonpost.com/wp-dyn/business/A3205-1999Dec16.html?&_ref=30607544
Internet Privacy Eroding, Study Says
By John Schwartz
Washington Post Staff Writer
Friday , December 17, 1999 ; E4
Shoppers who have flocked to online stores for their holiday shopping
are losing privacy with every mouse click, according to a new report.
The study by the Washington-based Electronic Privacy Information Center
scrutinized privacy policies on 100 of the most popular online shopping
sites and compared those policies with a set of basic privacy principles
that have come to be known as "fair information
practices."
The group found that none of the 100 sites met all of the basic criteria
for privacy protection, which include giving notice of what information
is collected and how it is used, offering consumers a choice over whether
the information will be used in certain ways,
allowing access to data that give consumers a chance to see and correct
the information collected, and instituting the kind of security measures
that ensure that the information won't fall into the wrong hands.
"This study shows that somebody else, other than Santa, is reading your
Christmas list," said Jeff Chester, executive director of the Center for
Media Education, which also worked on the survey.
The online privacy of children is protected by Federal Trade Commission rules,
but adults do not share the same degree of privacy protection. The Clinton
administration, like the online shopping industry, favors self-regulation
over imposition of further government restrictions on electronic commerce.
Marc Rotenberg, executive director of the privacy group, said the study
shows that self-regulations has failed. "We need legislation to enforce
fair information practices," he said. "Consumers are at greater risk than
they were in 1997," when the group released its first
report.
The survey also asked whether the 100 sites used "profile-based" advertising,
and whether the sites incorporate "cookies" technology, which gives Web sites
basic information on visitors. Profiling is the practice of gathering
information about consumers' interests by tracking their movements online.
The information is then used to create targeted advertising on Web sites.
All but 18 of the top shopping sites did display a privacy policy a major
improvement over the early days of electronic commerce, when such policies
were scarce. But that did not satisfy the privacy group: "Companies are
posting privacy policies, but these policies are not the same thing as fair
information practices," Rotenberg said.
The sites also did not perform well by other measures, the group said. It
found that 35 of the sites feature profile-based advertising, and 87 percent
use cookies. The group concluded that the policies that were posted "are
typically confusing, incomplete, and
inconsistent."
The report, "Surfer Beware III: Privacy Policies Without Privacy Protection,"
is the third such survey by the group. The privacy consulting group Junkbusters
also assisted on the study.
The report called for further development of technologies that help consumers
protect their privacy and even anonymity when exploring the Internet.
A representative of the FTC, the federal government's lead agency in online
privacy, disagreed, saying it is continuing to monitor the online market for
progress or backsliding.
"You can have the convenience of electronic commerce and the control over your
personal information," said David Medine, the FTC's associate director for
financial practices. "That doesn't have to be a trade-off."
Noting how high consumers consistently rank privacy among their concerns about
the online world, Medine said that privacy policy presents a market opportunity
for online retailers: "We'll start seeing some competition for who has the best
privacy policy," he predicted.
The FTC will conduct a major privacy study next spring, he said.
@HWA
30.0 Newspaper Fingers Potential Cyber Intruder
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
There isn't a lot of information available here but it
would appear that a London newspaper The Express has
turned in a suspected cyber intruder. The intruder
allegedly called The Express and offered to shut down
the presses of the competing paper the Daily Mail for
£600,000. The Exp
ress notified the police, who arrested
the 55-year-old suspect from Worthing, East Sussex
and charged him with violating the Computer Misuse
Act. (Somehow I doubt this guy had the capabilitiy to
actually shut down the presses.)
The UK Register
http://www.theregister.co.uk/991217-000007.html?&_ref=30607544
(Short story! do people get paid for this? christ - Ed )
Posted 17/12/99 11:48am by Linda Harrison
Hacker thwarted in newspaper plot
The Express newspaper foiled a hacker's plot to bring down its arch-rival's computer
system yesterday.
The man phoned the paper and offered to stop production of fellow tabloids the Daily Mail
and the Mail on Sunday for £600,000 on 7 January.
In true Good Samaritan mode, The Express alerted police, who arrested the 55-year-old
suspect from Worthing, East Sussex.
He was being questioned under the Computer Misuse Act, The Express said. ®
@HWA
31.0 Internet Watchdog Defaced For Third Time
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Evil Wench
The website of the Australian Broadcasting Authority, a
government watchdog group charged with policing
upcoming Internet censorship laws, has had its website
defaced for the third time in almost as many weeks.
Fairfax
http://www.it.fairfax.com.au/breaking/19991216/A41879-1999Dec16.html
(Geezus this story is even shorter...must be on quaaludes -Ed)
Internet watchdog hacked . . . again
9:56 Thursday 16 December 1999
By BARRY PARK THE website of the Australian Broadcasting Authority, a
government watchdog charged with policing upcoming Internet censorship
laws, has been hacked for the third time in almost as
many weeks.
The hacker, named "omni", left a short message at the foot of the ABA
website after the front page was reposted yesterday.
The website was breached twice recently and posted with anti-censorship
material. The previous two hacks are believed to have been made by the
same person, named "Ned R".
@HWA
32.0 Security Focus Newsletter #19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.securityfocus.com/
Security Focus Newsletter #19
Table of Contents:
I. INTRODUCTION
1. BindView & SecurityFocus.com announcement: COME PARTY ONLINE
WITH US THIS NEW YEAR'S EVE!
2. SecurityFocus.com is looking for staff writers for a series of
Solaris and Linux security columns!
II. BUGTRAQ SUMMARY
1. SCO Unixware pkginstall/pkgcat Buffer Overflow Vulnerabilities
2. Sendmail Aliases Database Regeneration Vulnerability
3. Solaris snoop (print_domain_name) Buffer Overflow Vulnerability
4. MS IE5 vnd.ms.radio URL Vulnerability
5. GoodTech Telnet Server NT DoS Vulnerability
6. Xshipwars Buffer Overflow Vulnerability
7. Solaris snoop (GETQUOTA) Buffer Overflow Vulnerability
8. Netscape Enterprise Server for NetWare Admin Buffer Overflow
Vulnerability
9. Solaris sadmind Buffer Overflow Vulnerability
10. htdig Remote Command Execution Vulnerability
11. Microsoft Help File Trojan Vulnerability
12. SCO Unixware Privileged Program Debugging Vulnerability
III. PATCH UPDATES
1. Vulnerability Patched: Solaris snoop (GETQUOTA) Buffer Overflow
2. Vulnerability Patched: Xshipwars Buffer Overflow Vulnerability
3. Vulnerability Patched: htdig Remote Command Execution
Vulnerability
4. Vulnerability Patched: Communigate Pro Web Admin DoS
Vulnerability
5. Vulnerability Patched: Wu-ftpd message Buffer Overflow
Vulnerability
IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
1. Cell Phone Crypto Penetrated (December 6, 1999)
2. Microsoft wins high-level security rating (December 7, 1999)
3. Denial-of-service attacks employ zombie PCs to hit networks
(December 9, 1999)
4. Security firm says BT's Trustwise digital signature technology
can be tricked (December 9, 1999)
5. Government Debates Crypto Export Rules (December 9, 1999)
6. Melissa conviction to stop virus writers? (December 10, 1999)
V. INCIDENTS SUMMARY
1. Re: Port scanning (Thread)
2. Scanning from 210.217.26.15 (Thread)
3. rpcbind scans (Thread)
4. Analysis of trin00 (Thread)
5. Analysis of Tribe Flood Network (Thread)
6. ISS information about Trino/Tribe Flood Network
7. ACK probe on port 1324 (Thread)
8. Drat Trojan/Backdoor Analysis (Thread)
9. Y2K Incidents (Thread)
10. sadmind (Thread)
11. ./ttymon (Thread)
12. Another probe: Port 98? (Thread)
13. More probes from DSL line in NYC
VI. VULN-DEV RESEARCH LIST SUMMARY
1. Owning privileged processes under UnixWare (Thread)
VII. SECURITY JOBS
VIII. SECURITY SURVEY RESULTS
IX. SECURITY FOCUS TOP 6 TOOLS
1. Cerberus Internet Scanner 1.0 (Windows 2000 and Windows NT)
2. SecurityFocus.com Pager (Win95/98/NT)
3. SpyNet 3.0 (Windows 95/98 and Windows NT)
4. SuperScan 2.0.5 (Windows 2000, Windows 95/98 and Windows NT)
5. Weakness (Dos, Windows 95/98 and Windows NT)
6. Gatekeeper (Java)
X. SPONSOR INFORMATION - BindView XI.
SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. INTRODUCTION
-----------------
Welcome to the Security Focus 'week in review' newsletter issue 19
sponsored by BindView, the leader in IT risk management solutions.
http://www.bindview.com/
1. BindView & SecurityFocus.com announcement: COME PARTY ONLINE WITH US
THIS NEW YEAR'S EVE!
BindView, the leader in IT risk management solutions is throwing an online
New Year's Eve Bash for all the people that will be stuck at work waiting
for Y2K, or who are online at home.
***CHECK OUT OUR PARTY INVITATIONS! ***
The invitations are available for viewing online. Please point your
browser to
http://webevents.broadcast.com/bindview/y2kvirtualparty/flash2.html or
http://webevents.broadcast.com/bindview/y2kvirtualparty/flash.html
(NOTE: You may need to download the latest MacroMedia Flash plug-in to get
the full effect of the invitation if you want view it in your browser.
This should happen automatically when you open the web page.)
For more information about the event, you can click on this link
http://www.bindview.com/onlineparty to get the full story.
***WE'RE COUNTING ON YOU TO SPREAD THE WORD!***
Invite your friends and colleagues to attend BindView's online New Year's
Bash. Forward them this E-mail. For each new registrant that names you as
"Referred By", BindView will enter your name in the drawing for the cool
prizes provided by our friends and sponsors. So, the more people you
refer, the higher your chances of winning!
Thank you! We'll see you online on December 31st at 11 p.m. EST!
The New Year's Eve Online Party - Created and presented by BindView.
Sponsored by Compaq and CMP's TechWeb. Co-sponsored by SecurityFocus.com.
2. SecurityFocus.com is looking for staff writers for a series of Solaris
and Linux security columns!
SecurityFocus.com is currently looking for staff writers to write articles
for the SecurityFocus.com website. In particular we are looking for
writers interested in maintaining a weekly column on security issues
around Solaris and Linux.
The position requires a thorough understanding of networking issues and an
ability to closely follow industry developments. Strong technical, writing
and analytical skills are essential, along with the ability to meet weekly
deadlines. The ideal candidate will have a number of years hands-on
experience in networking and product evaluation under Solaris or Linux.
This position is flexible in both location of the writer and work hours.
Perfect for industry professionals looking to supplement their incomes.
Questions or resumes should be forwarded to Alfred Huger
<ah@securityfocus.com>.
II. BUGTRAQ SUMMARY 1999-12-06 to 1999-12-13
---------------------------------------------
1. SCO Unixware pkginstall/pkgcat Buffer Overflow Vulnerabilities
BugTraq ID: 853
Remote: No
Date Published: 1999-12-06
Relevant URL:
http://www.securityfocus.com/bid/853 Summary:
It is possible to view the entries in /etc/shadow through exploiting a
buffer overflow in pkgcat and pkginstall. Though neither of these binaries
are setuid, the dacread permissions which are granted in
/etc/security/tcb/privs give them the ability read /etc/shadow. When the
oversized buffer data is passed to the programs as argv[1], the stack will
be corrupted and it is possible to spawn a program which would "cat"
/etc/shadow with the dacread privs.
2. Sendmail Aliases Database Regeneration Vulnerability
BugTraq ID: 857
Remote: No
Date Published: 1999-12-07
Relevant URL:
http://www.securityfocus.com/bid/857
Summary:
To regenerate the sendmail aliases database, sendmail is run locally with
the -bi parameters. No checks are made against the users priviliges to
determine whether they are able to do this or not. Consequently, it is
possible for a malicious user to attempt to regenerate the aliases
database and then interrupt it, corrupting the database.
3. Solaris snoop (print_domain_name) Buffer Overflow Vulnerability
BugTraq ID: 858
Remote: Yes
Date Published: 1999-12-07
Relevant URL:
http://www.securityfocus.com/bid/858
Summary:
If a solaris machine is running snoop in, it may be possible to compromise
its security remotely by exploiting a buffer overflow in snoop. The
problem is a buffer with a predefined length of 1024 that can be
overflowed in the print_domain_name function. The priviliges granted to
arbitrary code which could be executed would be those of the user running
snoop, root.
4. MS IE5 vnd.ms.radio URL Vulnerability
BugTraq ID: 861
Remote: No
Date Published: 1999-12-06
Relevant URL:
http://www.securityfocus.com/bid/861
Summary:
Internet Explorer can handle URLs of type vnd.ms.radio: for streaming
audio content. If a URL with 360 or more characters after 'vnd.ms.radio'
is specified, a buffer in the file MSDXM.OCX gets overwritten, allowing
arbitrary code to be run on the client machine.
5. GoodTech Telnet Server NT DoS Vulnerability
BugTraq ID: 862
Remote: Yes
Date Published: 1999-12-06
Relevant URL:
http://www.securityfocus.com/bid/862
Summary:
GoodTech Telnet Server NT 2.2.1 is vulnerable to a remote denial of
service attack due to an unchecked buffer. If 23870 or more characters are
entered at the username prompt, the software will crash.
GoodTech's Telnet Server 95/98 may also be vulnerable to this overflow.
6. Xshipwars Buffer Overflow Vulnerability
BugTraq ID: 863
Remote: Yes
Date Published: 1999-12-09
Relevant URL:
http://www.securityfocus.com/bid/863
Summary:
Xshipwars a graphical 'star battle' client/server based game which runs a
variety of platforms. Certain versions of the server which facilitates
this game (versions before 1.25) had a remotely exploitable buffer
overflow. The exploit would result in the execution of arbitrary commands
as the UID of the server process.
7. Solaris snoop (GETQUOTA) Buffer Overflow Vulnerability
BugTraq ID: 864
Remote: Yes
Date Published: 1999-12-09
Relevant URL:
http://www.securityfocus.com/bid/864
Summary:
Certain versions of Solaris (2.X) ship with a program designed to monitor
network traffic accessible from on a hosts ethernet segment. This program,
/usr/sbin/snoop is under certain versions of Solaris vulnerable to a
remotely exploitable buffer overflow attack. The problem lies in where
snoop attempts to decode GETQUOTA requests to the rquotad RPC daemon.
Rquotad is an rpc(4) server which returns quotas for a user of a local
file system which is mounted by a remote machine over the NFS. The results
are used by quota(1M) to display user quotas for remote file systems.
An overly long GETQUOTA request will result in a buffer overflow which can
be used to execute arbitrary code as root (the privilege which snoop runs
at).
8. Netscape Enterprise Server for NetWare Admin Buffer Overflow Vulnerability
BugTraq ID: 865
Remote: Yes
Date Published: 1999-12-08
Relevant URL:
http://www.securityfocus.com/bid/865
Summary:
The Netscape Enterprise Server for NetWare 4/5 includes an Admin feature
that is vulnerable to denial of service attacks due to an unchecked buffer
in admserv.nlm, in the login procedure. If a username longer than 310
characters is supplied, the Admin server crashes. Normal web serving
functionalty is unaffected, but remote administration is not possible
until the server is restarted.
Note: The Enterprise Server for Netware is supported by Netware, not
Netscape. Check the web pages in the credit section for more details.
9. Solaris sadmind Buffer Overflow Vulnerability
BugTraq ID: 866
Remote: Yes
Date Published: 1999-12-10
Relevant URL:
http://www.securityfocus.com/bid/866
Summary:
Certain versions of Solaris ship with a version of sadmind which is
vulnerable to a remotely exploitable buffer overflow attack. sadmind is
the daemon used by Solstice AdminSuite applications to perform distributed
system administration operations such as adding users. The sadmind daemon
is started automatically by the inetd daemon whenever a request to invoke
an operation is received.
Under vulnerable versions of sadmind (2.6 and 7.0 have been tested), if a
long buffer is passed to a NETMGT_PROC_SERVICE request (called via
clnt_call()), it is possible to overwrite the stack pointer and execute
arbitrary code. The actual buffer in questions appears to hold the
client's domain name. The overflow in sadmind takes place in the
amsl_verify() function. Because sadmind runs as root any code launched as
a result will run as with root privileges, therefore resulting in a root
compromise.
10. htdig Remote Command Execution Vulnerability
BugTraq ID: 867
Remote: Yes
Date Published: 1999-12-09
Relevant URL:
http://www.securityfocus.com/bid/867
Summary:
htdig is a program which is shipped with Debian GNU/Linux 2.1 that is used
for indexing and searching files on webservers. When it attempts to handle
non-HTML files, it calls an external program with the document as a
parameter - without checking for shell escapes. If files can be created
with filenames containing shell escapes, it may be possible to execute
aribtrary shell commands on the target webserver due to this problem,
leading to a remote compromise.
11. Microsoft Help File Trojan Vulnerability
BugTraq ID: 868
Remote: No
Date Published: 1999-12-10
Relevant URL:
http://www.securityfocus.com/bid/868
Summary:
The help files for the Windows Help system (*.cnt, *.hlp) can be edited so
that they run an arbitrary executable when selected by a user. The
executable will run at the privelege level of the user.
The *.cnt files are like tables of contents that tell the help system what
to open when each topic is selected. These entries can be edited to cause
system and DLL calls and programs to be executed when a topic is chosen.
The help files themselves, *.hlp, can be edited in a similar manner.
12. SCO Unixware Privileged Program Debugging Vulnerability
BugTraq ID: 869
Remote: No
Date Published: 1999-12-10
Relevant URL:
http://www.securityfocus.com/bid/869
Summary:
Unixware's security model includes the concept of privileges. These can be
assigned to processes and allow them to perform tasks that otherwise could
only be performed by the root user. They allow programs to run with the
minimum required privilege (as opposed to running as root). A
vulnerability in Unixware's implementation of privileges allows regular
users to attach a debugger to a running privileged program and take over
its privileges.
Most Unix systems, including Uniware, place a number of restriction on how
can regular users interact with setuid and setgid processes. For example
they are not allowed to attach a debugger to them and the dynamic linker
may ignore variables requesting the preloading of some shared libraries.
Unixware's implementation of privileges provides no such protections for
privileged programs allowing a user to attach a debugger to a running
privileged program which has his same user uid and modifying it.
When a program that is listed in the /etc/security/tcb/privs is executed
it is granted the privileges listed there. All a malicious has to do to
exploit the problem is find a program listed in that file with the
privileges it wishes to gain and executable by him. Example of programs
executable by anyone with privileges include: /usr/ucb/w (DACREAD),
/usr/bin/getdev (DACWRITE), and /usr/ucb/lpr (SETUID).
III. PATCH UPDATES 1999-12-06 to 1999-12-13
-------------------------------------------
1. Vendor: Sun
Product: Solaris
Vulnerability Patched: Solaris snoop (GETQUOTA) Buffer Overflow
BugTraq ID: 864
Relevant URLS:
http://www.securityfocus.com/bid/864
http://sunsolve.sun.com
Patch Location:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
Patch IDs:
Solaris 7 sparc 108482-01
Solaris 7 x86 108483-01
Solaris 5.6 sparc 108492-01
Solaris 5.6 x86 108493-01
Solaris 5.5 sparc 108501-01
Solaris 5.5 x86 108502-01
Solaris 5.4 sparc 108490-01
Solaris 5.4 x86 108491-01
Solaris 5.3 sparc 108489-01
2. Vendor: Wolfpack Development
Product: Xshipwars
Vulnerability Patched: Xshipwars Buffer Overflow Vulnerability
BugTraq ID: 863
Relevant URLS:
http://www.securityfocus.com/bid/863
Patch Location:
http://fox.mit.edu/xsw/
3. Vendor: Debian
Product: GNU/Linux
Vulnerability Patched: htdig Remote Command Execution Vulnerability
BugTraq ID: 867
Relevant URLS:
http://www.securityfocus.com/bid/867
http://www.debian.org/security/
Patch Location:
Debian GNU/Linux 2.1 alias slink
Source archives:
http://security.debian.org/dists/stable/updates/source/htdig_3.1.2-4slink6.diff.gz
MD5 checksum: 9151d7e15d7a2759958c09e6c21f28de
http://security.debian.org/dists/stable/updates/source/htdig_3.1.2-4slink6.dsc
MD5 checksum: fc05d22813afaa9fce10e97a5437ed69
http://security.debian.org/dists/stable/updates/source/htdig_3.1.2.orig.tar.gz
MD5 checksum: ddd0305d420e2d6025694d4e1448d5f7
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/htdig_3.1.2-4slink6_alpha.deb
MD5 checksum: 1f816b0af2dd5919524d26be2017ec62
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/htdig_3.1.2-4slink6_i386.deb
MD5 checksum: da77c99388d3d9d09afecb2c9f345d58
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/htdig_3.1.2-4slink6_m68k.deb
MD5 checksum: 48986e8f5323db7b899c6341b87c3d4d
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/htdig_3.1.2-4slink6_sparc.deb
MD5 checksum: fcd3181ad76a72e82db2f769d88ff18c
These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
4. Vendor: Stalker
Product: Communigate Pro
Vulnerability Patched: Communigate Pro Web Admin DoS Vulnerability
BugTraq ID: 860
Relevant URLS:
http://www.securityfocus.com/bid/860
http://www.stalker.com
Patch Location:
ftp://ftp.stalker.com/pub/CommuniGatePro/
(versions 3.2, 3.2b5 and 3.2b7 are fixed)
5. Vendor: Hewlett-Packard
Product: HP-UX
Vulnerability Patched: Wu-ftpd message Buffer Overflow Vulnerability
BugTraq ID: 726
Relevant URLS:
http://www.securityfocus.com/bid/726
Patch Location:
ftp://us-ffs.external.hp.com/export/patches/hp-ux_patch_matrix/
Patch: PHNE_18377
IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
-----------------------------------------
The following represent articles which recieved the highest rate of click
throughs when compared to other news articles on the SecurityFocus.com
website.
1. Cell Phone Crypto Penetrated (December 6, 1999)
Excerpt:
Israeli researchers have discovered design flaws that allow the
descrambling of supposedly private conversations carried by hundreds of
millions of wireless phones.
Alex Biryukov and Adi Shamir describe in a paper to be published this week
how a PC with 128 MB RAM and large hard drives can penetrate the security
of a phone call or data transmission in less than one second.
URL:
http://wired.lycos.com/news/politics/0,1283,32900,00.html
2. Microsoft wins high-level security rating (December 7, 1999)
Excerpt:
As Microsoft closes in on completing development of its next-generation
Windows 2000 operating system, it finally has managed to receive the
elusive C2 security rating for its NT 4.0 operating system.
URL:
http://www.zdnet.com/zdnn/stories/news/0,4586,2404702,00.html
3. Denial-of-service attacks employ zombie PCs to hit networks (December
9, 1999)
Excerpt:
A new form of Denial of Service (DoS) attack caused by the trin00 and
Tribe Network Flood programs has been wreaking havoc on bandwidth on a
larger scale than ever before, according to Chris Klaus, founder and chief
technology officer of Internet Security Systems (ISS).
URL:
http://www2.infoworld.com/articles/en/xml/99/12/09/991209enzombie.xml?Template=/storypages/printarticl
e.html
4. Security firm says BT's Trustwise digital signature technology can be
tricked (December 9, 1999)
Excerpt:
The document digitally signed by the Secretary for the Department of Trade
and Industry Wednesday can be easily fooled, or "spoofed", according to
British security and software development firm Skygate.
URL:
http://www.zdnet.co.uk/news/1999/48/ns-12055.html
5. Government Debates Crypto Export Rules (December 9, 1999)
Excerpt:
Should the government care how a company sells its encryption software,
whether it's online or in a retail store?
Nope, say software industry supporters who advocate changes in U.S.
export regulations on encryption technology. They were disappointed by the
Clinton Administration's recent draft of new rules.
URL:
http://www.pcworld.com/pcwtoday/article/0,1510,14287,00.html
6. Melissa conviction to stop virus writers? (December 10, 1999)
Excerpt:
Law enforcement officials and computer security specialists say that David
L. Smith's conviction in the Melissa virus case -- the first successful
prosecution of a virus writer in the United States -- will have a strong
chilling effect on other authors of malicious code.
URL:
http://www.zdnet.com/zdnn/stories/news/0,4586,2406928,00.html
V. INCIDENTS SUMMARY 1999-12-06 to 1999-12-13
---------------------------------------------
1. Re: Port scanning (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.BSF.4.01.9912061621200.13859-100000@officemail.starmedia.com
2. Scanning from 210.217.26.15 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.LNX.4.21.9912061947590.16892-100000@kbierman.mn.mediaone.net
3. rpcbind scans (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991206170735.25.qmail@securityfocus.com
4. Analysis of trin00 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.GUL.4.20.9912071041410.9470-100000@red7.cac.washington.edu
5. Analysis of Tribe Flood Network (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=Pine.GUL.4.20.9912071044490.9470-100000@red7.cac.washington.edu
6. ISS information about Trino/Tribe Flood Network
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991207104739.G15707@underground.org
7. ACK probe on port 1324 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=4.2.0.58.19991207224615.0097cf00@localhost
8. Drat Trojan/Backdoor Analysis (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-1&msg=19991207163522.21380.qmail@securityfocus.com
9. Y2K Incidents (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=19991209131551.64405.qmail@hotmail.com
10. sadmind (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.OSF.4.10.9912091025040.3590-100000@library.berkeley.edu
11. ./ttymon (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=013401bf427f$3670b8a0$6600a8c0@ARC.COM
12. Another probe: Port 98? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=4.2.0.58.19991209113506.03df0a20@localhost
13. More probes from DSL line in NYC
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=4.2.0.58.19991210144007.03e056c0@localhost
VI. VULN-DEV RESEARCH LIST SUMMARY 1999-12-06 to 1999-12-13
----------------------------------------------------------
1. Owning privileged processes under UnixWare (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-1&msg=19991206202445.24096.qmail@securityfocus.com
VII. SECURITY JOBS SUMMARY 1999-12-06 to 1999-12-13
---------------------------------------------------
No posts for this newsletter.
VIII. SECURITY SURVEY 1999-11-15 to 1999-11-27
----------------------------------------------
The question for 1999-11-15 to 1999-11-27 was:
Secure coding techniques are becoming more widely known and valued. At the same time, programs are
getting larger and more complex. Bearing these thoughts in mind, do you think it is getting
easier or harder to write secure programs?
Easier 15% / 7 votes
Harder 84% / 37 votes
Total number of votes: 44 votes
IX. SECURITY FOCUS TOP 6 TOOLS 1999-12-06 to 1999-12-13
--------------------------------------------------------
1. Cerberus Internet Scanner 1.0
by David Litchfield
URL: http://www.cerberus-infosec.co.uk/
Platforms: Windows 2000 and Windows NT
Number of downloads: 1422
NTInfoScan has now been reborn as the Cerberus Internet Scanner (or simply
CIS). Though orginally designed to discover vulnerabilities in the Windows
NT platform NTInfoScan has been updated so it will also discover security
issues in *NIX systems now too, though it still only runs on Windows NT.
This is why the name has been changed - because it is no longer NT
specific. It is planned that binaries for Linux systems, Sco OpenServer
and Solaris 2.x will be offered soon - so watch this space ;-). It has
been downloaded over 30,000 times throughout its life by such
organizations as the US Air Force, the US Army and various Government
bodies from across the world.
2. SecurityFocus.com Pager
by SecurityFocus.com
URL: http://www.securityfocus.com/pager/sf_pgr20.zip
Platforms: Win95/98/NT
Number of downloads: 1378
This program allows the user to monitor additions to the Security Focus
website without constantly maintaining an open browser. Sitting quietly in
the background, it polls the website at a user-specified interval and
alerts the user via a blinking icon in the system tray, a popup message or
both (also user-configurable).
3. SpyNet 3.0
by Nicula Laurentiu
URL: http://members.xoom.com/Laurentiu2/
Platforms: Windows 95/98 and Windows NT
Number of Downloads: 1296
SpyNet is a sniffer that literally reconstructs it's capture, live.
Reconstructs HTTP, POP3, telnet, login, etc. SpyNet tells you what traffic
is going through your system. If a hacker attacks your system, firewalls
will tell you so in many situations. But sniffers grab the evidence. Until
now, that evidence was very hard to figure out with the naked eye. But,
SpyNet literally reconstructs their keystrokes and movements.
4. SuperScan 2.0.5
by Robin Keir <robin@keir.net>
URL: http://members.home.com/rkeir/software.html
Platforms: Windows 2000, Windows 95/98 and Windows NT
Number of downloads: 1175
This is a powerful connect-based TCP port scanner, pinger and hostname
resolver. Multithreaded and asynchronous techniques make this program
extremely fast and versatile. Perform ping scans and port scans using any
IP range or specify a text file to extract addresses from. Scan any port
range from a built in list or any given range. Resolve and reverse-lookup
any IP address or range. Modify the port list and port descriptions using
the built in editor. Connect to any discovered open port using
user-specified "helper" applications (e.g. Telnet, Web browser, FTP) and
assign a custom helper application to any port. Save the scan list to a
text file. Transmission speed control. User friendly interface. Includes
help file.
5. Weakness
by John Bissell
URL: http://www.silcom.com/~royalblu/weakness.zip
Platforms: Dos, Windows 95/98 and Windows NT
Number of downloads: 989
Weakness is basically a CGI vulnerablity scanner coded for Windows/DOS.
Weakness will scan up 94 vulnerablities and output the results of the scan
to a text file. Source is included.
6. Gatekeeper
by Professional Web Design
URL: http://junior.apk.net/~jbarta/tutor/keeper/index.html
Platforms: Java
Number of downloads: 768
The Gate Keeper is a cool snippet of JavaScript code that you can use to
restrict access to some or all of your web pages without the need for any
CGI scripting. Anyone who wishes to visit the protected pages will have to
know the password.
X. SPONSOR INFORMATION - BindView
------------------------------------------
http://www.bindview.com
BindView provides IT risk management solutions for managing the security
and configuration of run on them. Focusing on the critical elements of the
corporate IT infrastructure, BindView's award winning products enable
corporate IT professionals to effectively leverage their existing
technology to achieve their organization's business goals.
XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
Alfred Huger
VP of Engineering
SecurityFocus.com
@HWA
33.0 Security Focus Newsletter #20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security Focus Newsletter #20
Table of Contents:
I. INTRODUCTION
1. Happy Holidays
II. BUGTRAQ SUMMARY
1. VDO Live Player Buffer Overflow Vulnerability
2. NT Syskey Reused Keystream Vulnerability
3. FreeBSD 'xsoldier' Buffer Overflow Vulnerability
III. PATCH UPDATES
1. Vulnerability Patched: NT LSA DoS (Phantom)
2. Vulnerability Patched: NT Syskey Reused Keystream
3. Vulnerability Patched: Multiple Cisco Cache Engine Attacks
IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
1. Waiting for Crypto (Tues Dec 14 1999)
2. Tool for Net privacy under attack (Wed Dec 15 1999)
3. Known vulnerabilities are no. 1 hacker exploit Thu Dec 16 1999
4. Internet watchdog hacked . . . again (Thu Dec 16 1999)
5. Disclosure Case a Pandora's Box of Legal Issues (Fri Dec 17
1999)
6. Hacker thwarted in newspaper plot (Fri Dec 17 1999)
V. INCIDENTS SUMMARY
1. Windows Hack'a'Tack trojan and port 31789 (Thread)
2. portmap connection request (Thread)
3. Linux attacks (Thread)
4. strange port (Thread)
5. Massive udp scans -- looks like coordinated traceroutes
(Thread)
6. named ADMROCKS exploit replacing sshd1 (Thread)
7. Probes and attempts from uni-duesseldorf.de (Thread)
8. Port 538 -- accident or design? (Thread)
9. new probe tool? DoS spoof? something else? (Thread)
10. Webserver /SmpDsBhgRl exploit? (Thread)
11. Yahoo comprimised? (Thread)
12. 7778? (Thread)
13. POP3 scan from Japan (Thread)
14. FYI -- wide, low-level probe of ... hosts (Thread)
15. Re: Scanning from 210.217.26.15 (Thread)
16. boredom? (Thread)
17. Port 53 (Thread)
18. Domains in .tr and .hk (Thread)
19. Scannings for socks, telnet and other ports (Thread)
20. What is it? (Thread)
VI. VULN-DEV RESEARCH LIST SUMMARY
1. rpcclient 2.0.5a crashed services.exe (Thread)
2. Wireless LANs ?
VII. SECURITY JOBS
Discussion:
1. article that mentions IS security requisites
2. thoughts on article that mentions IS security requisites
Seeking Staff:
1. Security Consultants NYC
VIII. SECURITY SURVEY RESULTS
IX. SECURITY FOCUS TOP 6 TOOLS
1. SecurityFocus.com Pager (Windows 95/98 and Windows NT)
2. SpyNet 3.0 (Windows 95/98 and Windows NT)
3. Webcracker 4.0 (Windows 95/98 and Windows NT)
4. gfcc (GTK+ Firewall Control Center) 0.7.3 (Linux)
5. Bastille Linux 1.0 (Linux)
6. exo 0.3 (Linux and Solaris)
X. SPONSOR INFORMATION - CORE SDI
XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
I. INTRODUCTION
-----------------
Welcome to the SecurityFocus.com 'week in review' newsletter issue 20
sponsored by CORE SDI.
http://www.core-sdi.com
1. Happy Holidays
Given the time of year, the SecurityFocus.com staff would like to wish you
all a joyous holiday season. There will be one more 'week in review'
newsletter before the millennium. However, due to the holiday period, we
will be paring it down to the essentials. We would like to also thank you
all for your support of SecurityFocus.com.
Cheers,
The SecurityFocus.com Staff
II. BUGTRAQ SUMMARY 1999-12-13 to 1999-12-19
---------------------------------------------
1. VDO Live Player Buffer Overflow Vulnerability
BugTraq ID: 872
Remote: Yes
Date Published: 1999-12-13
Relevant URL:
http://www.securityfocus.com/bid/872
Summary:
VDOLive Player v3.02 has an unchecked buffer that can allow arbitrary code
to be executed if a specially-crafted .vdo file is loaded.
2. NT Syskey Reused Keystream Vulnerability
BugTraq ID: 873
Remote: Yes
Date Published: 1999-12-16
Relevant URL:
http://www.securityfocus.com/bid/873
Summary:
The Syskey utility was included in Service Pack 3 as a means of protecting
the SAM database from off-line brute-force attacks. With the previous
encryption, it was possible to crack the passwords of a remote machine if
a copy of its encrypted SAM databse could be obtained. There are several
tools available to the public with which this can be done. Syskey added
more encryption to the database, with the goal of making the calculations
required to crack it too time-consuming to be feasible.
Syskey creates a unique RC4 keystream for each user by incorporating the
user's RID, but uses that same keystream to encrypt the LMHash and NTHash
of their password (after some obfuscation of the hashes), as well as their
previous two passwords (stored in the Password History part of their SAM
entry). Due to this keystream re-use, it is possible to eradicate it from
the formula.
If the final, Syskey-encrypted hashes of the password are XORed together,
the result will be the same as the XOR result of the hashes prior to
encryption. Therefore, if a potential password is encrypted via the
regular NT encryption process, and then obfuscated, the two hashes can be
XORed and compared to an XOR of the Syskey hashes to determine if the
potential password is correct.
Also, even the user-dependent portion of the algorithm can be defeated,
making it possible to attack all passwords of 7 characters or less
simutaneously, and even to precompute hash lists that will be valid on any
machine. This is due to the fact that with passwords of 7 characters or
less, the second half of the LMHash is known, and can be XORed with the
previous XOR result to obtain the second half of the NTHash, which can
then be compared to the hashed version of words in the dictionary file.
3. FreeBSD 'xsoldier' Buffer Overflow Vulnerability
BugTraq ID: 871
Remote: No
Date Published: 1999-12-15
Relevant URL:
http://www.securityfocus.com/bid/871
Summary:
Certain versions of FreeBSD (only FreeBSD 3.3-RELEASE has been tested)
ship with a vulnerable binary in their X11 games package. The binary/game
in question, xsoldier, is a setuid root binary meant to be run via an X
windows console.
The binary itself is subject to a buffer overflow attack (which may be
launched from the command line) which can be launched to gain root
privileges. The overflow itself is in the code written to handle the
-display option and is possible overflow by a user supplied long string.
III. PATCH UPDATES 1999-12-13 to 1999-12-19
-------------------------------------------
1. Vendor: Microsoft
Product: Windows NT
Vulnerability Patched: NT LSA DoS (Phantom)
BugTraq ID: 465
Relevant URLS:
http://www.securityfocus.com/bid/465
http://www.microsoft.com/security/bulletins/ms99-057.asp
http://support.microsoft.com/support/kb/articles/q248/1/85.asp
Patch Location:
x86:
http://www.microsoft.com/downloads/release.asp?ReleaseID=16798
Alpha:
http://www.microsoft.com/downloads/release.asp?ReleaseID=16799
2. Vendor: Microsoft
Product: Windows NT
Vulnerability Patched: NT Syskey Reused Keystream
BugTraq ID: 873
Relevant URLS:
http://www.securityfocus.com/bid/873
http://www.microsoft.com/security/bulletins/ms99-056.asp
http://support.microsoft.com/support/kb/articles/q143/4/75.asp
Patch Location:
Microsoft's hotfix page:
x86:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798
Alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16799
Direct hotfix download links:
x86:
http://download.microsoft.com/download/winntsp/Patch/syskey/NT4/EN-US/Q248183.exe
Alpha:
http://download.microsoft.com/download/winntsp/Patch/syskey/ALPHA/EN-US/Q248183.exe
3. Vendor: Cisco
Product: Cisco Cache Engine
Vulnerability Patched: Multiple Cisco Cache Engine Attacks
BugTraq ID: N/A (Not entered yet)
Relevant URLS:
http://www.cisco.com/warp/public/707/cacheauth.shtml
Patch Location:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce17/ver17/wc17man.htm
IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
-----------------------------------------
The following represent articles which recieved the highest rate of click
throughs when compared to other news articles on the SecurityFocus.com
website.
1. Waiting for Crypto (Tues Dec 14 1999)
Excerpt:
The Clinton administration will delay by about a month the release of new
rules easing export of computer data-scrambling products, missing a
previously announced December 15 deadline, the Commerce Department said on
Monday.
URL:
http://www.wired.com/news/politics/0,1283,33061,00.html
2. Tool for Net privacy under attack (Wed Dec 15 1999)
A small Canadian company is selling a service that promises to let people
remain completely anonymous while sending e-mail, chatting and visiting
Web sites. While the service is intended to give Internet users greater
privacy to communicate ideas or shop online, critics worry it could also
allow the unscrupulous to fearlessly send abusive e-mail and exchange
illegal goods such as child pornography and pirated software.
URL:
http://www.technologypost.com/internet/DAILY/19991215090451692.asp?Section=Main
3. Known vulnerabilities are no. 1 hacker exploit Thu Dec 16 1999
The hacker population has grown considerably in the past two years, but
the vast majority of them are what Ira Winkler, president of the Internet
Security Advisor's Group, calls "ankle biters," whose antics would be easy
to protect against if only system administrators weren't so busy trying to
keep their printers running.
URL:
http://www.idg.net/idgns/1999/12/15/KnownVulnerabilitiesAreNo1Hacker.shtml
4. Internet watchdog hacked . . . again (Thu Dec 16 1999)
THE website of the Australian Broadcasting Authority, a government
watchdog charged with policing upcoming Internet censorship laws, has been
hacked for the third time.
URL:
http://www.it.fairfax.com.au/breaking/19991216/A41879-1999Dec16.html
5. Disclosure Case a Pandora's Box of Legal Issues (Fri Dec 17 1999)
Is it legal to deny a news service access to public financial disclosures
for federal judges in order to prevent those documents from being
published on the Internet?
The answers from legal scholars: Yes, no and maybe.
URL:
http://www.apbnews.com/cjsystem/findingjustice/1999/12/16/judges_legal1216_01.html
6. Hacker thwarted in newspaper plot (Fri Dec 17 1999)
The Express newspaper foiled a hacker's plot to bring down its
arch-rival's computer system.
URL:
http://www.theregister.co.uk/991217-000007.html
V. INCIDENTS SUMMARY 1999-12-13 to 1999-12-19
---------------------------------------------
1. Windows Hack'a'Tack trojan and port 31789 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=000001bf45ad$049cb1e0$0200a8c0@Computer1
2. portmap connection request (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.10.9912131533490.22467-100000@wr5z.localdomain
3. Linux attacks (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=38553043.598C9072@cc.ttu.ee
4. strange port (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=000101bf4660$5fd061c0$4510a8c0@latinalezzie
5. Massive udp scans -- looks like coordinated traceroutes (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.NEB.4.05.9912142238390.24618-100000@vals.intramed.rito.no
6. named ADMROCKS exploit replacing sshd1 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.10.9912150510040.20239-100000@entropy.muc.muohio.edu
7. Probes and attempts from uni-duesseldorf.de (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-8&msg=Pine.LNX.4.05.9912151310590.29975-100000@biocserver.BIOC.CWRU.Edu
8. Port 538 -- accident or design? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912151928.OAA30344@netspace.org
9. new probe tool? DoS spoof? something else? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=17996643.945312662910.JavaMail.imail@seamore.excite.com
10. Webserver /SmpDsBhgRl exploit? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=38588FDC.6108349B@luna.cs.unm.edu
11. Yahoo comprimised? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=19991216144254.11286.qmail@securityfocus.com
12. 7778? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=XFMail.991217020818.Mike.Murray@utoronto.ca
13. POP3 scan from Japan (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=31933968789DD111BEAB0080C81D384CE94C@CT_NT
14. FYI -- wide, low-level probe of ... hosts (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.GUL.4.21.9912171349220.10893-100000@red2.cac.washington.edu
15. Re: Scanning from 210.217.26.15 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912172014.OAA28234@rgfsparc.cr.usgs.gov
16. boredom? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=199912171838.NAA13839@disney.Biw.COM
17. Port 53 (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=385A51D3.D7221678@princeton.edu
18. Domains in .tr and .hk (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=0bfa01bf4937$d0dd3490$0201a8c0@aviram
19. Domains in .tr and .hk (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=0bfa01bf4937$d0dd3490$0201a8c0@aviram
20. Scannings for socks, telnet and other ports (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.LNX.4.21.9912181509150.2934-100000@firewall.anowak.priv.pl
21. What is it? (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-12-15&msg=Pine.LNX.4.10.9912190109150.5412-100000@apollo.gestrike-linjen.x.se
VI. VULN-DEV RESEARCH LIST SUMMARY 1999-12-13 to 1999-12-19
----------------------------------------------------------
1. rpcclient 2.0.5a crashed services.exe (Thread)
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-8&msg=3855E805.A72A85AE@thievco.com
2. Wireless LANs ?
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-12-8&msg=19991214142605.U26666@hogia.net
VII. SECURITY JOBS SUMMARY 1999-12-13 to 1999-12-19
---------------------------------------------------
Discussion:
1. article that mentions IS security requisites
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=CB64F884F39FD2118EC600A024E6522C012A38EC@wfhqex05.wangfed.com
2. thoughts on article that mentions IS security requisites
Relevant URL:
http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=000c01bf4960$4a3468e0$506faccf@army.mil
Seeking Staff:
1. Security Consultants NYC
Reply to: Erik Voss, evoss@mrsaratoga.com
Requirements:
http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-12-15&msg=011301bf4738$94cd81e0$6775010a@saratoga3
VIII. SECURITY SURVEY 1999-12-13 to 1999-12-19
----------------------------------------------
The question for 1999-12-13 to 1999-12-19 was:
Should David Smith, creator of the Melissa virus, go to jail?
Yes 34% / 25 votes
No 65% / 47 votes
Total number of votes: 72 votes
IX. SECURITY FOCUS TOP 6 TOOLS 1999-12-13 to 1999-12-19
--------------------------------------------------------
1. SecurityFocus.com Pager
by SecurityFocus.com
URL: http://www.securityfocus.com/pager/sf_pgr20.zip
Platforms: Win95/98/NT
Number of downloads: 2490
This program allows the user to monitor additions to the Security Focus
website without constantly maintaining an open browser. Sitting quietly in
the background, it polls the website at a user-specified interval and
alerts the user via a blinking icon in the system tray, a popup message or
both (also user-configurable).
2. SpyNet 3.0
by Nicula Laurentiu
URL: http://members.xoom.com/Laurentiu2/
Platforms: Windows 95/98 and Windows NT
Number of Downloads: 2096
SpyNet is a sniffer that literally reconstructs it's capture, live.
Reconstructs HTTP, POP3, telnet, login, etc. SpyNet tells you what traffic
is going through your system. If a hacker attacks your system, firewalls
will tell you so in many situations. But sniffers grab the evidence. Until
now, that evidence was very hard to figure out with the naked eye. But,
SpyNet literally reconstructs their keystrokes and movements.
3. Webcracker 4.0
by Daniel Flam, info@webcracker.net
URL: http://www.webcracker.net
Platforms: Windows 95/98 and Windows NT
Number of Downloads: 1834
This software will allow you to test your restricted-access website to
make sure that only authorized users are able to get in. Webcracker is a
security tool that allows you to attempt to test id and password
combinations on your web site. If you're able to guess a user's password
with this program, chances are some hacker will be able to also.
Webcracker helps you find these vulnerablilities and fix them before
they're exploited by some unknown attacker.
4. gfcc (GTK+ Firewall Control Center) 0.7.3
by Koo Kyoseon, icarus@autostock.co.kr
URL: http://icarus.autostock.co.kr/
Platforms: Linux
Number of Downloads: 1750
Gfcc has the capability of controling Linux firewall policies and rules
based upon ipchains package
5. Bastille Linux 1.0
by Bastille Linux Project
URL: http://bastille-linux.sourceforge.net/
Platforms: Linux
Number of Downloads: 1638
Bastille Linux is aimed primarily at non-security-experts, who are less
knowledgeable about security, but want to run a more secure distribution
of Linux. Our goal is to build a more secure distribution based on an
well-supported existing distribution. Our solution currently takes the
form of a Universal Hardening Program which must be run immediately after
installation of Redhat 6.0. Our Hardening Program is most unique in that
virtually every task it performs is optional, giving immense flexibility,
and that it educates the installing admin before asking any question. The
interactive nature allows the program to be more thorough when securing,
while the educational component produces an admin who is less likely to
compromise the greater security.
6. exo 0.3
by Mixter, mixter@newyorkoffice.com
URL: http://1337.tsx.org
Platforms: Linux and Solaris
Number of Downloads: 1204
Exo is a tool that 'sweeps' a range of ports on a list of hosts. It works
by sending out raw packets and waiting for replies with two separate
threads. This method makes exo able to find open ports without any delay,
i.e. effectively at the rate that your bandwidth allows.
X. SPONSOR INFORMATION -
------------------------------------------
URL: http://www.core-sdi.com
CORE SDI is an international computer security research and development
company. It's clients include 3 of the Big 5 chartered accountant firms
for whom CORE SDI develops customized security auditing tools as well as
several notable computer security product vendors, such as Network
Associates. CORE SDI also has extensive experiance dealing with financial
and government contracts through out Latin and North America.
XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
-------------------------------------
1. How do I subscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
of:
SUBSCRIBE SF-NEWS Lastname, Firstname
You will receive a confirmation request message to which you will have
to anwser.
2. How do I unsubscribe?
Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
address with a message body of:
UNSUBSCRIBE SF-NEWS
If your email address has changed email aleph1@securityfocus.com and I
will manualy remove you.
3. How do I disable mail delivery temporarily?
If you will are simply going in vacation you can turn off mail delivery
without unsubscribing by sending LISTSERV the command:
SET SF-NEWS NOMAIL
To turn back on e-mail delivery use the command:
SET SF-NEWS MAIL
4. Is the list available in a digest format?
Yes. The digest generated once a day.
5. How do I subscribe to the digest?
To subscribe to the digest join the list normally (see section 0.2.1)
and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
body of:
SET SF-NEWS DIGEST
6. How do I unsubscribe from the digest?
To turn the digest off send a message to LISTSERV with a message body
of:
SET SF-NEWS NODIGEST
If you want to unsubscribe from the list completely follow the
instructions of section 0.2.2 next.
7. I seem to not be able to unsubscribe. What is going on?
You are probably subscribed from a different address than that from
which you are sending commands to LISTSERV from. Either send email from
the appropiate address or email the moderator to be unsubscribed manually.
Alfred Huger
VP of Engineering
SecurityFocus.com
@HWA
-=----------=- -=----------=- -=----------=- -=----------=-
0
0
0
o
O O O
0
=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _ _ _
/\ | | | | (_) (_)
/ \ __| |_ _____ _ __| |_ _ ___ _ _ __ __ _
/ /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` |
/ ____ \ (_| |\ V / __/ | | |_| \__ \ | | | | (_| |
/_/ \_\__,_| \_/ \___|_| \__|_|___/_|_| |_|\__, |
__/ |
|___/
ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE
.
.
............... .
: : . . . . . .
__:________ : : ___________ . . .
\ < /_____:___ : ( < __( :_______
) : )______:___\_ (___( : /
=====/________|_________/ < | : (________________(======
: (__________________) :wd!
. : : :
- / - w w w . h a c k u n l i m i t e d . c o m - / -
: . . . . . : :
. . . . . :...............:
.
.
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
When people ask you "Who is Kevin Mitnick?" do you have an answer?
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE EVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
http://www.2600.com/ http://www.kevinmitnick.com
+-----------------------------------------------------------------------------+
| SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE |
| =================== http://smog.cjb.net/ NEWS on SECURITY |
| NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET |
| http://smog.cjb.net/ NEWS on TECHNOLOGY |
+-----------------------------------------------------------------------------+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
* http://www.csoft.net" One of our sponsers, visit them now www.csoft.net *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
// or cruciphux@dok.org //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
Send in submissions for this section please! ............c'mon, you KNOW you
wanna...yeah you do...make it fresh and new...be famous...<sic>
SITE.1
http://smogalert.tripod.com/html/index.htm
By: SmoG
News and views, lots of interesting stuff here to read, recently underwent
a fresh redesign, check it out.
You can Send in submissions for this section too if you've found
(or RUN) a cool site...
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
___| _ \ |
| __| _` |\ \ / | | __| _ \ _` |
| | ( | ` < | | | __/ ( |
\____|_| \__,_| _/\_\\___/ _| \___|\__,_|
Note: The hacked site reports stay, especially wsith some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
Hacker groups breakdown is available at Attrition.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
check out http://www.attrition.org/mirror/attrition/groups.html to see who
you are up against. You can often gather intel from IRC as many of these
groups maintain a presence by having a channel with their group name as the
channel name, others aren't so obvious but do exist.
>Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
* Info supplied by the attrition.org mailing list.
Listed oldest to most recent...
Sorry the list isn't pretty as usual, playing catchup on my workload and email! - Ed
Defaced domain: www.compsultant.com
Site Title: Compsultant Services
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.compsultant.com
Defaced by: DuGo
Operating System: BSDI
Defaced domain: public-image.com
Site Title: Glide Communication
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/public-image.com
Defaced by: phreak.nl
Operating System: Linux
Defaced domain: www.acia.com.br
Site Title: ACIA Brazil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.acia.com.br
Defaced by: assdebuger
Operating System: Windows NT
Defaced domain: www.hotelgolfinho.com.br
Site Title: Hotel Golfinho
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.hotelgolfinho.com.br
Defaced by: Death Knights
Operating System: Linux
HIDDEN comments in the HTML.
Defaced domain: wuarchive.wustl.edu
Site Title: WUArchive at Washington University, St. Louis
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/wuarchive.wustl.edu
Defaced by: THC
Operating System: Solaris
Defaced domain: www.ddd.hu
Site Title: 3D Computer Kft.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.ddd.hu
Defaced by: Einstein
Operating System: Windows NT
Previously defaced on 99.08.21 by 139 R00ted
Defaced domain: www.nlc.gov.cn
Site Title: Chinese National Library
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.nlc.gov.cn
Defaced by: Bosnatek
Operating System: Solaris
HIDDEN comments in the HTML
Defaced domain: www1.nc3a.nato.int
Site Title: NATO Consultation, Command and Control Agency
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www1.nc3a.nato.int
Defaced by: inferno.br
Operating System: Windows NT
Defaced domain: rfp.coweta.k12.ga.us
Site Title: Coweta Country School System Request for Proposals
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/rfp.coweta.k12.ga.us
Defaced by: p4riah
Operating System: Windows NT
Defaced domain: www.uk.emb.gov.au
Site Title: British Information Services Australia
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.uk.emb.gov.au
Defaced by: assdebuger
Operating System: Windows NT
Defaced domain: www.techno-int.com
Site Title: Techno International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/13/www.techno-int.com
Defaced by: Algorithm Cracker
Operating System: SCO Unix
Defaced domain: www.techno-int.com
Site Title: Techno International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.techno-int.com
Defaced by: bansh33
Operating System: SCO UnixWare 7.0.0 (Netscape-FastTrack/2.01)
Potentially offensive content on defaced page.
Defaced domain: www.filmworld.com
Site Title: Robert Konop (FILMWORLD-DOM)
Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.filmworld.com
Defaced by: #Hack-org Hacking Team
Operating System: Solaris
Potentially offensive content on defaced page.
Defaced domain: www.amko-int.com
Site Title: AMKO International, Inc
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.amko-int.com
Defaced by: Uneek Tech
Operating System: BSDI 3.0-3.1
Potentially offensive content on defaced page.
Defaced domain: www.mitsubishichips.com
Site Title: Mitsubishi Electronics America
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.mitsubishichips.com
Operating System: Solaris 2.6 - 2.7 (Netscape-Enterprise/3.5.1)
Potentially offensive content on defaced page.
Defaced domain: www.sincovam.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.sincovam.com.br
Defaced by: AssDebugger
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: garfield.ir.ucf.edu
Site Title: University of Central Florida
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/garfield.ir.ucf.edu
Defaced by: BLN
Operating System: Solaris 2.6 - 2.7 (Netscape-Enterprise/3.5.1)
Previously defaced on 99.12.08 and 99.12.07 by
Potentially offensive content on defaced page.
Defaced domain: www.bushmobile.com.au
Site Title: Bush Mobile
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.bushmobile.com.au
Defaced by: wolfman
Operating System: Irix
Potentially offensive content on defaced page.
Defaced domain: www.bhv.hn
Mirror: http://www.attrition.org/mirror/attrition/1999/12/14/www.bhv.hn
Defaced by: acid
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.10 99.12.03 by bean0 acidkl0wn
Potentially offensive content on defaced page.
Defaced domain: frontpage.wworks.com
Site Title: Web Works
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/frontpage.wworks.com
Defaced by: PoWeR SuRgE911
Operating System: Windows NT
Defaced domain: www.simcity.com
Site Title: SimCity Web site
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.simcity.com
Defaced by: Toked Hacking Crew
Operating System: Solaris
Potentially offensive content on defaced page.
Defaced domain: mstsrv.pc.maricopa.edu
Site Title: Maricopa Community College
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/mstsrv.pc.maricopa.edu
Defaced by: Narcissus
Operating System: Windows NT
Defaced domain: sun-ipv6.redes.unam.mx
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/sun-ipv6.redes.unam.mx
Defaced by: ZiD
Operating System: Solaris
Potentially offensive content on defaced page
Defaced domain: www.aba.gov.au
Site Title: Australian Broadcast Authority
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.aba.gov.au
Defaced by: omni
Operating System: Windows NT
Previously defaced on 99.11.27 99.12.09 by Ned R.
Defaced domain: www.amerisoftinc.com
Site Title: Amerisoft, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.amerisoftinc.com
Defaced by: w0lf
Operating System: Irix
Defaced domain: www.windway.com.br
Site Title: Windway Brazil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.windway.com.br
Defaced by: DHC
Operating System: Windows NT
Defaced domain: www.vivendofotografia.com.br
Site Title: Vivendo Fotografia
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.vivendofotografia.com.br
Defaced by: DHC
Operating System: Windows NT
Defaced domain: www.tecnotica.com.br
Site Title: Tecbotica Brazil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.tecnotica.com.br
Defaced by: DHC
Operating System: Windows NT
Defaced domain: www.schneidercozinhas.com.br
Site Title: Schneider Cozinhas
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.schneidercozinhas.com.br
Defaced by: DHC
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.rrassociados.com.br
Site Title: RR Associados
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.rrassociados.com.br
Defaced by: DHC
Operating System: Windows NT
Defaced domain: www.techno-int.com
Site Title: Techno International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.techno-int.com
Defaced by: JxLxMx
Operating System: SCO Unix
Previously defaced on 99.12.15 99.12.13 by bansh33 and Algorithm Cracker
Site Title: Mikuni American Corporation
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mikuni.com
Defaced by: THC
Operating System: Solaris
Defaced domain: www.windway.com.br
Site Title: Windway Brazil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.windway.com.br
Defaced by: p4riah
Operating System: Windows NT
Previously defaced on 99.12.15 by DHC
Potentially offensive content on defaced page.
Defaced domain: www.belvideresd.org
Site Title: Belvidere School District
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.belvideresd.org
Defaced by: Protokol
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.duke.org
Site Title: David Duke's Official International Web Site
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.duke.org
Defaced by: Niggaz 'Gainst Honkeyz
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.mundointernet.com
Site Title: Mundo Internet
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mundointernet.com
Defaced by: UHH Klan
Operating System: FreeBSD
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.zauction.com
Site Title: ZAuction
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.zauction.com
Defaced by: Fuzzball
Operating System: Windows NT
Defaced domain: www.rainhadapaz.g12.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.rainhadapaz.g12.br
Defaced by: CyberSolDier
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: public-image.com
Site Title: Glide Communication
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/public-image.com
Defaced by: Nexillium
Operating System: Linux (Apache 1.3.4)
Previously defaced on 99.12.13 by phreak.nl
Potentially offensive content on defaced page.
Defaced domain: ebdc.med.upenn.edu
Site Title: University of Pennsylvania
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/ebdc.med.upenn.edu
Defaced by: Einstein
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.10.02 by 139_r00ted
Potentially offensive content on defaced page.
Defaced domain: www.mcse.com
Site Title: Apollo Group
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.mcse.com
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.activedev.net
Site Title: Active Development
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/www.activedev.net
Defaced by: Pyrostorm666
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.07 by pyrostorm666
Potentially offensive content on defaced page.
Defaced domain: netra.bartlesville.lib.ok.us
Mirror: http://www.attrition.org/mirror/attrition/1999/12/15/netra.bartlesville.lib.ok.us
Defaced by: hyrax
Operating System: Solaris 2.6 - 2.7 (Apache 1.3.6)
Potentially offensive content on defaced page.
Defaced domain: necora.cif.es
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/necora.cif.es
Defaced by: BLN
Operating System: Windows NT (IIS/3.0)
Potentially offensive content on defaced page.
Defaced domain: www.cmi.com.co
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.cmi.com.co
Defaced by: Perro Manson
Operating System: BSDI 3.0 - 3.1
Potentially offensive content on defaced page
Defaced domain: www.amfoundation.org
Site Title: Alternative Medicine Foundation Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.amfoundation.org
Defaced by: BLN
Operating System: SCO Unix
FREE KEVIN reference in the HTML
Potentially offensive content on defaced page.
Defaced domain: www.adintech.com
Site Title: Advanced Inovated Technology, Inc.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.adintech.com
Defaced by: BLN
Operating System: SCO Unix
Defaced domain: www.tsrinc.com
Site Title: Wizards of the Coast, Inc
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.tsrinc.com
Defaced by: Cipher
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.11.24 by Cipher
Potentially offensive content on defaced page.
Defaced domain: one-ton.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/one-ton.co.uk
Defaced by: hyrax
Operating System: Linux (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.stlib.state.nm.us
Site Title: New Mexico State Library
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.stlib.state.nm.us
Defaced by: Oxygens
Operating System: Windows NT
Previously defaced on 99.11.07 by hV2k
Potentially offensive content on defaced page
Defaced domain: www.sincovam.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sincovam.com.br
Defaced by: Oxygen Team
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.14 by assdebuger
Potentially offensive content on defaced page.
Defaced domain: www.techno-int.com
Site Title: Techno International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.techno-int.com
Defaced by: morbid root
Operating System: SCO UnixWare 7.0.0 (Netscape-FastTrack/2.01)
Previously defaced on 99.12.15 and 99.12.13 by bansh33 and AC
Potentially offensive content on defaced page.
Defaced domain: www.bsu.net
Site Title: Boise State University
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.bsu.net
Defaced by: Fuby
Operating System: Windows NT (IIS/4.0)
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.sdcl.army.mil
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sdcl.army.mil
Defaced by: PHC
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.tecnotica.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.tecnotica.com.br
Defaced by: Fuby
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.one-ton.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.one-ton.co.uk
Defaced by: Fuby
Operating System: Linux (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.sincovam.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.sincovam.com.br
Defaced by: Fuby
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.14 by assdebuger
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.laredo.k12.tx.us
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.laredo.k12.tx.us
Defaced by: f1ber
Operating System: Windows NT (IIS/3.0)
Potentially offensive content on defaced page.
Defaced domain: www.thsrock.net
Site Title: Trinity High School Rocknet
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.thsrock.net
Defaced by: f1ber
Operating System: Windows NT (WebSitePro/2.3.15)
Potentially offensive content on defaced page.
Defaced domain: www.acia.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.acia.com.br
Defaced by: AssDebuger
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.13 by assdebuger
Potentially offensive content on defaced page.
Defaced domain: www.super-cyprus.com
Site Title: Super Computers
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.super-cyprus.com
Defaced by: ReDHacK
Operating System: Linux (Apache 1.3.6)
Potentially offensive content on defaced page.
Defaced domain: www.busimedia.com
Site Title: Busimedia
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.busimedia.com
Defaced by: pr1sm
Operating System: Windows NT (IIS/4.0)
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.cvm.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.cvm.gov.br
Defaced by: inferno.br
Operating System: Windows NT (IIS/3.0)
Potentially offensive content on defaced page.
Defaced domain: facepe.pe.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/facepe.pe.gov.br
Defaced by: Einstein
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: ninja.dobedo.com
Site Title: BeeDo AB
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/ninja.dobedo.com
Defaced by: Da Eternal
Operating System: Linux (SuSE) (Apache 1.3.6)
Potentially offensive content on defaced page.
Defaced domain: www.marista.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.marista.com.br
Defaced by: fybra optica
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.gaymen.com
Site Title: Albert J. Productions
Mirror: http://www.attrition.org/mirror/attrition/1999/12/16/www.gaymen.com
Defaced by: Hacking 4 Ponies
Operating System: Solaris (Apache 1.3.4)
Potentially offensive content on defaced page.
Defaced domain: www.erotikfotos.com
Site Title: Ioannis Galianos
Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.erotikfotos.com
Defaced by: HiP
Operating System: BSDI 4.0.1
Potentially offensive content on defaced page.
Defaced domain: www.lfcontabilidade.com.br
Site Title: LF Contabilidade
Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.lfcontabilidade.com.br
Defaced by: Death Knights
Operating System: Linux
Potentially offensive content on defaced page.
Defaced domain: www.bhv.hn
Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.bhv.hn
Defaced by: essaye
Operating System: Windows NT (IIS/4.0)
Previously defaced on 3 times by
Potentially offensive content on defaced page.
Defaced domain: www.tractors.com
Site Title: Volks Media Corporation
Mirror: http://www.attrition.org/mirror/attrition/1999/12/17/www.tractors.com
Defaced by: analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.activedev.net
Site Title: Active Development
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.activedev.net
Defaced by: acidklown
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.07 by pyrostorm666
Potentially offensive content on defaced page.
Defaced domain: www.one-ton.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.one-ton.co.uk
Operating System: Linux (Apache/1.2.6 FrontPage/3.0.4)
Potentially offensive content on defaced page.
Defaced domain: www.ciavex.ensino.eb.br
Site Title: Centro de Instrução de Aviação do Exército
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.ciavex.ensino.eb.br
Defaced by: inferno.br
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: ceasa.mg.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/ceasa.mg.gov.br
Defaced by: C0VER and FOX-FIRE
Operating System: SCO OpenServer Release 5 (Netscape-Communications/1.12)
Potentially offensive content on defaced page
Defaced domain: www.uncf.org
Site Title: United Negro College Fund
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.uncf.org
Defaced by: analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.map.org
Site Title: MAP International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.map.org
Defaced by: AnalogNet
Operating System: Solaris
Defaced domain: www.travelersaid.org
Site Title: Travelers Aid International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.travelersaid.org
Defaced by: AnalogNet
Operating System: Windows NT
Defaced domain: www.worldevangelical.org
Site Title: World Evangelical Fellowship
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.worldevangelical.org
Defaced by: AnalogNe
Operating System: Linux
Defaced domain: www.wavetec.com
Site Title: Wavetech Pvt Ltd
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.wavetec.com
Defaced by: pr1sm
Operating System: SCO Unix
HIDDEN comments in the HTML.
Defaced domain: www.aausports.org
Site Title: Amateur Athletic Union
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.aausports.org
Defaced by: Analognet
Operating System: Windows NT
Defaced domain: www.fairus.org
Site Title: The Federation for American Immigration Reform
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.fairus.org
Defaced by: AnalogNet
Operating System: Windows NT
Potentially offensive content on defaced page.
Defaced domain: www.chemmarket.gov.cn
Site Title: China Chem Market
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.chemmarket.gov.cn
Operating System: Windows NT
FREE KEVIN reference in the HTML
Defaced domain: www.curearthritis.org
Site Title: Arthritis National Research Foundation
Mirror: http://www.attrition.org/mirror/attrition/1999/12/18/www.curearthritis.org
Defaced by: Analognet
Operating System: Windows NT
Defaced domain: www.workplacesolutions.org
Site Title: Wider Opportunities for Women
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.workplacesolutions.org
Defaced by: hyrax
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.10.12 99.10.11 99.12.04 by
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.cphv.org
Site Title: Center to Prevent Handgun Violence
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.cphv.org
Defaced by: Analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: tiflex.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/tiflex.co.uk
Defaced by: BLN
Operating System: Linux (Apache 1.2.6 FrontPage/3.0.4)
Potentially offensive content on defaced page.
Defaced domain: tajtec.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/tajtec.co.uk
Defaced by: BLN
Operating System: Linux (Apache 1.2.6)
Potentially offensive content on defaced page
Defaced domain: www.riverside-gallery.com
Site Title: Riverside Gallery
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.riverside-gallery.com
Defaced by: BLN
Operating System: Linux (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.dalebrook.com
Site Title: Dalebrook Supplies Ltd.
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.dalebrook.com
Defaced by: BLN
Operating System: Linux (Apache 1.2.6)
Potentially offensive content on defaced page.
Defaced domain: www.zenworksmaster.com
Site Title: ZENMaster
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.zenworksmaster.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.thegolftravelcenter.com
Site Title: Randy Young
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.thegolftravelcenter.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.allamanda.com
Site Title: Allamanda Pte Ltd
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.allamanda.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.easterntreasures.com
Site Title: Van Dale, Jennifer
Mirror:
http://www.attrition.org/mirror/attrition/1999/12/19/www.easterntreasures.com
Defaced by: BLN
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.netport.com.ni
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.netport.com.ni
Defaced by: nemesystm
Operating System: Windows NT (IIS/2.0)
Potentially offensive content on defaced page.
Defaced domain: www.endometriosisassn.org
Site Title: Endometriosis Association
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.endometriosisassn.org
Defaced by: Analognet
Operating System: Linux
Defaced domain: www.city.surrey.bc.ca
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.city.surrey.bc.ca
Defaced by: unknown
Operating System: NT
HIDDEN comments in the HTML.
Defaced domain: svs.saude.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/svs.saude.gov.br
Defaced by: Fuby
Operating System: NT
Previously defaced on 99.12.18 by OHB
HIDDEN comments in the HTML.
Defaced domain: www.attriat.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.attriat.com.br
Defaced by: Oxygen Team
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.americana.sp.gov.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.americana.sp.gov.br
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.map.org
Site Title: MAP International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.map.org
Defaced by: pr1sm/FUBY
Operating System: Solaris 2.6 - 2.7 (Netscape-Commerce/1.12)
Previously defaced on 99.12.18 by Analognet
HIDDEN comments in the HTML.
Potentially offensive content on defaced page.
Defaced domain: www.gotti.ind.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.gotti.ind.br
Defaced by: Cybersoldiers
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.fairus.org
Site Title: FAIR
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.fairus.org
Defaced by: Fuby
Operating System: NT
Previously defaced on 99.12.18 by Analognet
HIDDEN comments in the HTML
Defaced domain: www.animalwelfare.com
Site Title: Animal Welfare Institute
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.animalwelfare.com
Defaced by: Analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.acia.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.acia.com.br
Defaced by: OHB
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.animalwelfare.com
Site Title: Animal Welfare Institute
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.animalwelfare.com
Defaced by: Analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.sd36.surrey.bc.ca
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.sd36.surrey.bc.ca
Defaced by: Nitro
Operating System: NT
Defaced domain: www.torahacademy.org
Site Title: MTC Enterprises
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.torahacademy.org
Defaced by: f1ber
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.cellularone.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.cellularone.com.br
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: lmd.gsfc.nasa.gov
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/lmd.gsfc.nasa.gov
Defaced by: JLM
Operating System: Windows NT (IIS/3.0)
Previously defaced on 99.05.01 by forpaxe
Potentially offensive content on defaced page.
Defaced domain: www.one-ton.co.uk
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.one-ton.co.uk
Defaced by: Fuby
Operating System: Linux
Previously defaced on 99.12.16 by hyrax
HIDDEN comments in the HTML.
Defaced domain: www.tecnotica.com.br
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.tecnotica.com.br
Operating System: Windows NT (IIS/4.0)
Previously defaced on 99.12.16 and 99.12.15 by
Potentially offensive content on defaced page.
Defaced domain: y2k.dpc.vic.gov.au
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/y2k.dpc.vic.gov.au
Defaced by: NET ILLUSION
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page
Defaced domain: www.rpbusa.org
Site Title: Research to Prevent Blindness
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.rpbusa.org
Defaced by: Analognet
Operating System: Windows NT (IIS/4.0)
Potentially offensive content on defaced page.
Defaced domain: www.worldevangelical.org
Site Title: World Evangelical Fellowship
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.worldevangelical.org
Defaced by: Fuby
Operating System: Linux
Previously defaced on 99.12.18 by Analognet
HIDDEN comments in the HTML.
Defaced domain: www.jdfcure.org
Site Title: Juvenile Diabetes Foundation International
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/www.jdfcure.org
Defaced by: Analognet
Operating System: Windows NT
Defaced domain: lmd.gsfc.nasa.gov
Mirror: http://www.attrition.org/mirror/attrition/1999/12/19/lmd.gsfc.nasa.gov
Defaced by: AC
Operating System: Windows NT (IIS/3.0)
Previously defaced on 99.05.01 99.12.19 by
Potentially offensive content on defaced page.
and more sites at the attrition cracked web sites mirror:
http://www.attrition.org/mirror/attrition/index.html
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
HWA.hax0r.news Mirror Sites around the world:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://datatwirl.intranova.net ** NEW **
http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
http://net-security.org/hwahaxornews ** NEW **
http://www.sysbreakers.com/hwa ** NEW **
http://www.attrition.org/hosted/hwa/
http://www.attrition.org/~modify/texts/zines/HWA/
http://www.hackunlimited.com/zine/hwa/ *UPDATED*
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.*DOWN*
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
http://hwa.hax0r.news.8m.com/
http://www.fortunecity.com/skyscraper/feature/103/
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://securax.org/cum/ *New address*
Brasil........: http://www.psynet.net/ka0z
http://www.elementais.cjb.net
Canada .......: http://www.hackcanada.com
Croatia.......: http://security.monitor.hr
Columbia......: http://www.cascabel.8m.com
http://www.intrusos.cjb.net
Finland ........http://hackunlimited.com/
Germany ........http://www.alldas.de/
http://www.security-news.com/
Indonesia.....: http://www.k-elektronik.org/index2.html
http://members.xoom.com/neblonica/
http://hackerlink.or.id/
Netherlands...: http://security.pine.nl/
Russia........: http://www.tsu.ru/~eugene/
Singapore.....: http://www.icepoint.com
South Africa ...http://www.hackers.co.za
http://www.hack.co.za
http://www.posthuman.za.net
Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
and best security related e-zine.
.za (South Africa) sites contributed by wyzwun tnx guy...
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
© 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]
