Plateforme de Hacking est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.

Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: hwa-hn10.txt
    [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
  =                       <=-[ ]-=>                         =
    [=HWA'99=]                         Number 10 Volume 1 1999 March 20th 99


   The purpose of this newsletter is to 'digest' current events of interest
   that affect the online underground and netizens in general. This includes
   coverage of general security issues, hacks, exploits, underground news
   and anything else I think is worthy of a look see.

    This list is NOT meant as a replacement for, nor to compete with, the
   likes of publications such as CuD or PHRACK or with news sites such as
   AntiOnline, the Hacker News Network (HNN) or mailing lists such as
   BUGTRAQ or ISN nor could any other 'digest' of this type do so.

    It *is* intended  however, to  compliment such material and provide a
   reference to those who follow the culture by keeping tabs on as many
   sources as possible and providing links to further info, its a labour
   of love and will be continued for as long as I feel like it, i'm not
   motivated by dollars or the illusion of fame, did you ever notice how
   the most famous/infamous hackers are the ones that get caught? there's
   a lot to be said for remaining just outside the circle... 



                     Welcome to ... #10



    ***      /join on EFnet the key is `zwen'       ***
    ***                                                             ***
    *** please join to discuss or impart news on techno/phac scene  ***
    *** stuff or just to hang out ... someone is usually around 24/7***


  Issue #10


  [ INDEX ]
    Key     Content                                                         
    00.0  .. COPYRIGHTS ......................................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. SOURCES .........................................................
    00.3  .. THIS IS WHO WE ARE ..............................................
    00.4  .. WHAT'S IN A NAME? why `'?..........................
    00.5  .. THE HWA_FAQ V1.0 ................................................

    01.0  .. GREETS ..........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ...........................
     01.2 .. Mailbag .........................................................
    02.0  .. From the editor..................................................
    03.0  .. The Mitnick trial update.........................................
     03.1 .. Mitnick to plead guilty..........................................
     03.2 .. Federal Prosecutors Leak Info on Mitnick.........................
     03.3 .. News from
    04.0  .. Is Microsoft vulnerable to their own holes? .....................
    05.0  .. Tiny linux packs wallop in Pre-0.49 release......................
    06.0  .. Still think your NT is secure? case insensitivity issues.........
             prove otherwise, again...........................................
    07.0  .. Fast friends, faster foes, from uebereleet to delete ,...........
             life in the underground..........................................
    08.0  .. Voicemail fraud in Australia.....................................
    09.0  .. Government Y2K Readiness.........................................
    10.0  .. Voice mail fraud warning.........................................
    11.0  .. The iButton , is YOUR costume complete with decoder ring?........
    12.0  .. Courier and Press Newspaper hacked...............................
    13.0  .. Youths busted in Backorifice fiasco..............................
    14.0  .. Reno Looks To Curb Internet Crime................................
    15.0  .. offtopic: Matter transportation in your future?..................
    16.0  .. Hacking class?...................................................
    17.0  .. A blast from the past ...........................................
    18.0  .. Spam is ICQ's latest headache    ................................
    19.0  .. AOL cracked (so what else is new?) cracker busted................
    20.0  .. Stolen calling card numbers are big business.....................
     20.1 .. More 'hackers' steal phone service...............................
    21.0  .. Promail freeware mail agent is really a trojan in disguise.......
    22.0  .. Hackers taking toll on web sites ................................
    AD.S  .. Post your site ads or etc here, if you can offer something in return
             thats tres cool, if not we'll consider ur ad anyways so send it in.
    HA.HA  .. Humour and puzzles  ............................................
    HA.HA1 .. Humourous newsbytes from    ( 
    HA.HA2 .. Pasty Drone's take on Bill Gates' new book (
    HOW.TO .. New section: "How to hack" by our illustrious editor ...........
     H.W    .. Hacked Websites  ...............................................
     A.0   .. APPENDICES......................................................
     A.1   .. PHACVW linx and references......................................



     Important semi-legalese and license to redistribute:

     APPRECIATED the current link is
     ME PRIVATELY current email



     Although this file and all future issues are now copyright, some of
    the content holds its  own copyright and these are printed and
    respected. News is news so i'll print any and all news but will quote
    sources when the source is known, if its good enough for CNN its good
    enough for me. And i'm doing it for free on my own time so pfffft. :)

    No monies are made or sought through the distribution of this material.
    If you have a problem or concern email me and we'll discuss it.

    Cruciphux [C*:.]


       Has it occurred to anybody that "AOL for Dummies" is an extremely
       redundant name for a book?
                                      - unknown

     Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
    Canada / North America (hell even if you are inside ..) and wish to
    send printed matter like newspaper clippings a subscription to your
    cool foreign hacking zine or photos, small non-explosive packages
    or sensitive information etc etc well, now you can. (w00t) please
    no more inflatable sheep or plastic dog droppings, or fake vomit

    Send all goodies to:

	    P.O BOX 44118
	    370 MAIN ST. NORTH
	    L6V 4H5

    WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
    ~~~~~~~  reading this from some interesting places, make my day and get a
             mention in the zine, send in a postcard, I realize that some places
             it is cost prohibitive but if you have the time and money be a cool
             dude / gal and send a poor guy a postcard preferably one that has some
             scenery from your place of residence for my collection, I collect stamps
             too so you kill two birds with one stone by being cool and mailing in a
             postcard, return address not necessary, just a  "hey guys being cool in
             Bahrain, take it easy" will do ... ;-) thanx.

    Ideas for interesting 'stuff' to send in apart from news:

    - Photo copies of old system manual front pages (optionally signed by you) ;-)
    - Photos of yourself, your mom, sister, dog and or cat in a NON
      compromising position plz I don't want pr0n. 
    - Picture postcards
    - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
      tapes with hack/security related archives, logs, irc logs etc on em.
    - audio or video cassettes of yourself/others etc of interesting phone
      fun or social engineering examples or transcripts thereof.

    If you still can't think of anything you're probably not that interesting
    a person after all so don't worry about it 

    Our current email:

    Submissions/zine gossip.....:
    Private email to editor.....:


  00.2  Sources ***

     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.

    HiR:Hackers Information Report...
    News & I/O zine .................
   *News/Hacker site................. *DOWN!*
    News (New site unconfirmed).......
    Back Orifice/cDc..................
    News site (HNN) .....,............
    Help Net Security.................
    News,Advisories,++ ...............
    NewsTrolls (HNN)..................
    News + Exploit archive ...........
    CuD ..............................
    News site+........................

    +Various mailing lists and some newsgroups, such as ...
    +other sites available on the HNN affiliates page, please see as they seem to be popping up
     rather frequently ...

    * Yes demoniz is now officially retired, if you go to that site though the
     Bikkel web board (as of this writing) is STILL ACTIVE, will
     also be hosting a webboard as soon as that site comes online perhaps you can
     visit it and check us out if I can get some decent wwwboard code running I
     don't really want to write my own, another alternative being considered is a
     telnet bbs that will be semi-open to all, you will be kept posted. - cruciphux .. IRC list/admin archives  .. Jesse Berst's AnchorDesk

    ISN security mailing list

    NEWS Agencies, News search engines etc:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,18,1,00.html?querystr=cracker (Kevin Poulsen's Column)

    NOTE: See appendices for details on other links. Electronic Underground Affiliation ech0 Security Net Security



    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.

    - Ed

    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq :


    BUGTRAQ - Subscription info

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin . To subscribe to
    bugtraq, send mail to containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

    About the Bugtraq mailing list

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
    reflector address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
    those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.

    For questions or comments, please mail me: (Scott Chasin)


       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit or send a
      blank message to To unsubscribe,
      visit Back issues are available

       CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW. He
      is a frequent writer and lecturer on cryptography.

    CUD Computer Underground Digest
    This info directly from their latest ish:

    Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09

 ISSN 1004-042X

 Editor: Jim Thomas (
 News Editor: Gordon Meyer (
 Archivist: Brendan Kehoe
 Poof Reader: Etaion Shrdlu, Jr.
 Shadow-Archivists: Dan Carosone / Paul Southworth
 Ralph Sims / Jyrki Kuoppala
 Ian Dickinson
 Cu Digest Homepage:

    [ISN] Security list
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed

    Subscribe: mail with "subscribe isn".


      Some HWA members and Legacy staff
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ currently active/editorial currently active/man in black currently active/IRC+ man in black ............. currently active/IRC+ distribution ........: currently active/IRC+ proof reader/grrl in black
      dicentra...(email withheld): IRC+ grrl in black

      Foreign Correspondants/affiliate members
      ATTENTION: All foreign correspondants please check in or be removed by next
      issue  I need  your current emails since contact info was recently lost in a
      HD mishap and i'm not carrying any deadweight. Plus we need more people sending
      in info, my apologies for not getting back to you if you sent in January I lost
      it, please resend.

       N0Portz ..........................: Australia
       Qubik ............................: United Kingdom
       system error .....................: Indonesia
       Wile (wile coyote) ...............: Japan/the East
       Ruffneck  ........................: Netherlands/Holland

       And unofficially yet contributing too much to ignore ;)

       Spikeman .........................: World media

       Please send in your sites for inclusion here if you haven't already
       also if you want your emails listed send me a note ... - Ed  .. Spikeman's DoS and protection site

     Contributors to this issue:
       Spikeman .........................: daily news updates+

       ***      /join on EFnet the key is `zwen'       ***


    1. We do NOT work for the government in any shape or form.Unless you count paying
       taxes ... in which case we work for the gov't in a BIG WAY. :-/

    2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
       events its a good idea to check out issue #1 at least and possibly also the
       Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...


  00.4  Whats in a name? why
            "Can I see you naked?" 
                             - Bob Barker
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds'  this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


  00.5  HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)

    Also released in issue #3. (revised) check that issue for the faq
    it won't be reprinted unless changed in a big way with the exception
    of the following excerpt from the FAQ, included to assist first time

    Some of the stuff related to personal useage and use in this zine are
    listed below: Some are very useful, others attempt to deny the any possible
    attempts at eschewing obfuscation by obsucuring their actual definitions.

    @HWA   - see EoA  ;-)

    !=     - Mathematical notation "is not equal to" or "does not equal"
             ASC(247)  "wavey equals" sign means "almost equal" to. If written
             an =/= (equals sign with a slash thru it) also means !=, =< is Equal
             to or less than and =>  is equal to or greater than (etc, this aint
             fucking grade school, cripes, don't believe I just typed all that..)

    AAM    - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

    AOL    - A great deal of people that got ripped off for net access by a huge
             clueless isp with sekurity that you can drive buses through, we're
             not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
             least they could try leasing one??

   *CC     - 1 - Credit Card (as in phraud)
             2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

    CCC    - Chaos Computer Club (Germany)

   *CON    - Conference, a place hackers crackers and hax0rs among others go to swap
             ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
             watch videos and seminars, get drunk, listen to speakers, and last but
             not least, get drunk.
   *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
                 speak he's the guy that breaks into systems and is often (but by no
                 means always) a "script kiddie" see pheer
              2 . An edible biscuit usually crappy tasting without a nice dip, I like
                  jalapeno pepper dip or chives sour cream and onion, yum - Ed

    Ebonics - speaking like a rastafarian or hip dude of colour  also wigger
              Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
              ebonics, speaking in a dark tongue ... being ereet, see pheer

    EoC    - End of Commentary

    EoA    - End of Article or more commonly @HWA

    EoF    - End of file

    EoD    - End of diatribe (AOL'ers: look it up)

    FUD    - Coined by Unknown and made famous by HNN  - "Fear uncertainty and doubt",
            usually in general media articles not high brow articles such as ours or other
            HNN affiliates ;)

    du0d   - a small furry animal that scurries over keyboards causing people to type
             wierd crap on irc, hence when someone says something stupid or off topic
             'du0d wtf are you talkin about' may be used.

   *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

   *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
            define, I think it is best defined as pop culture's view on The Hacker ala
            movies such as well erhm "Hackers" and The Net etc... usually used by "real"
            hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
            some coffee?' or can you hax0r some bread on the way to the table please?'

            2 - A tool for cutting sheet metal.

    HHN    - Maybe a bit confusing with HNN but we did spring to life around the same
             time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
             noun means the hackernews site proper. k? k. ;&

    HNN    - Hacker News Network and its affiliates

    J00    - "you"(as in j00 are OWN3D du0d) - see 0wn3d

    MFI/MOI- Missing on/from IRC

    NFC   - Depends on context: No Further Comment or No Fucking Comment

    NFR   - Network Flight Recorder (Do a websearch) see 0wn3d

    NFW   - No fuckin'way

   *0WN3D - You are cracked and owned by an elite entity see pheer
   *OFCS  - Oh for christ's sakes

    PHACV - And variations of same 
            Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare

          Alternates: H - hacking, hacktivist
                      C - Cracking 
                      C - Cracking 
                      V - Virus
                      W - Warfare 
                     CT - Cyber Terrorism

   *PHEER -  This is what you do when an ereet or elite person is in your presence
            see 0wn3d

   *RTFM  - Read the fucking manual - not always applicable since some manuals are
            pure shit but if the answer you seek is indeed in the manual then you
            should have RTFM you dumb ass.

    TBC   - To Be Continued also 2bc (usually followed by ellipses...) :^0

    TBA   - To Be Arranged/To Be Announced also 2ba

    TFS   - Tough fucking shit.

   *w00t  - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
            from the underground masses. also "w00ten" 

            2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

    *wtf  - what the fuck

    *ZEN  - The state you reach when you *think* you know everything (but really don't)
            usually shortly after reaching the ZEN like state something will break that
            you just 'fixed' or tweaked.
                            -=-    :.    .:        -=-

  01.0  Greets!?!?! yeah greets! w0w huh. - Ed

     Thanks to all in the community for their support and interest but i'd
     like to see more reader input, help me out here, whats good, what sucks
     etc, not that I guarantee i'll take any notice mind you, but send in
     your thoughts anyway.

     Shouts to:

       * Kevin Mitnick       * demoniz          * The l0pht crew
       * tattooman           * Dicentra         * Pyra
       * Vexxation           * FProphet         * TwistedP
       * NeMstah             * the readers      * mj
       * Kokey               * ypwitch          * kimmie
       * tsal                * spikeman         * YOU.

       * #leetchans ppl, you know who you are...

       * all the people who sent in cool emails and support
       * our new 'staff' members.

     kewl sites:

     + (
     + (Went online same time we started issue 1!)


  01.1  Last minute stuff, rumours and newsbytes

       "What is popular isn't always right, and what is right isn't
         always popular..."
                           - FProphet '99

    +++ When was the last time you backed up your important data?
   ++ Attrition has updated its archive of cracked sites with one
      of the biggest archives on the net
      check it out ... 
   ++  Apple's OS X eyes Linux
       Apple Computer is counting on its new Mac OS X Server software
       to snare both Linux developers and customers. Apple will go part
       way toward embracing the "open source" programming philosophy
       today when Steve Jobs introduces the next version of Mac OS X .
   ++ ICQ filter ensnared in free speech debate
       ICQ users who choose to screen out "objectionable" messages may
       think they are simply blocking the seven dirty words or other
       sexually explicit material. But without closely examining the
       filtering option, users of AOL's popular chat service may be
       unwittingly omitting words many do not consider "objectionable."
   ++  AOL, others may not back U.S. privacy plans
   ++  New digital cameras in Kodak's picture

       With 'Episode 1: The Phantom Menace,' George Lucas will nudge
       Hollywood toward a new age of filmmaking. Some theater
       chains are enthused, but others fear runaway costs and
       pirating. Michael Stroud reports from Los Angeles.

       The 19 states who joined the federal government's landmark
       antitrust case against Microsoft are unlikely to settle for
       any remedy that doesn't include a revamping of the software
       company, the The New York Times reported. At least some
       attorneys general will seek to force Microsoft to license
       the source code for its Windows operating system to other
       companies. The attorneys acknowledge that the judge in the
       case could still rule in the favor of Microsoft, but they
       say they were emboldened by the performance of lead attorney
       David Boies, and are considering asking for stronger
       remedies. (Registration required to access New York Times on
       the Web.)
       . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


       The computer maker will sell machines for US$299, with a
       year's free Net access through Earthlink included. That
       brings the PC in line with basic consumer electronics.


       The computer e-tailer starts a companion site to its online
       store, hoping to grab a piece of the auction action from the
       likes of OnSale.
       . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


       The magazine publisher puts up a press release on his Web
       site and calls it a first.
       . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

    ++ PC FREE GOES FREE SOURCE (BUS. 3:00 am)

       When you buy Net access from PC Free, it'll throw in a fully
       rigged computer. Fully rigged with Linux, that is. Hello
       mass market, says the CEO. By Craig Bicknell.
       . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


       The Pentagon takes issue with Internet discussions warning
       that the military's mandatory anthrax inoculation is
       dangerous. Declan McCullagh reports from Washington.


       Internet self-regulation gets its first big test this week,
       as a privacy watchdog group considers whether to investigate
       Microsoft's privacy practices. By Chris Oakes.


       Tears, saliva, and the urine of pregnant women -- they all
       contain a powerful protein that laboratory scientists have
       successfully used to kill the AIDS virus. A New York
       University biochemist said the protein, called lysozyme, may
       one day yield more effective AIDS drugs since lysozyme is a
       natural human compound. The new study appears in the
       Proceedings of the National Academy of Sciences. The search
       for the anti-HIV protein began when scientists realized the
       babies of HIV-infected women were somewhat protected from
       the virus and speculated that pregnant women made more
       virus-killing proteins to protect their developing babies.


       Steve Jobs and Eric Raymond join hands to present part of the
       new MacOSX server to the open-source community. Linux fans
       may not welcome the move with open arms. By Leander Kahney
       and Polly Sprenger.

   ++  NULLSOFT SUED FOR US$20M (BUS. Monday)

       Nullsoft, maker of the de facto standard MP3 player, faces a
       US$20 million dollar copyright infringement lawsuit. By
       Jennifer Sullivan.
       . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


       Nortel Networks teams with Microsoft, Intel, and
       Hewlett-Packard to make devices that send voice, video, and
       data over a single network. By Joanna Glasner.


       A new research facility at the Cambridge, Massachusetts
       university is working to figure out how to get tomorrow's
       smart devices to talk to each other.

       A new report warns that chemical plants face "significant"
       risk of Y2K related failures. Worse, local governments seem
       to be oblivious to the problem.


       With 30 percent of Americans already possessing cellular
       phones, wireless companies predict that technological
       advances, lower rates, and industry consolidation will boost
       the mobile's popularity even more in the next few years, the
       Los Angeles Times reported. So far, incentives like
       single-rate national pricing, and plans that offer a wealth
       of minutes, have produced successful results, but in order
       to fulfill the vision of the inter-operability of wireless
       and cordless lines, companies are considering all kinds of
       technological innovations and pricing plans. While most
       consumers may need to wait a while for cellular global
       coverage and email, the industry will continue to grow by
       tapping the American youth market and
       consolidating overseas.


       The local US phone companies have been unable to locate
       nearly US$5 billion in telecommunications equipment, and
       should write off the missing amount, according to an FCC
       audit released on Friday, The Wall Street Journal reported.
       In response to the audit, which could spur regulators to
       push for lower phone rates, Bell Atlantic and SBC
       Communications, highest on the list, argued that the audit
       results were flawed, and all of the Bells argued that the
       results shouldn't affect rates. Although the FCC report
       recommends that the companies write off the missing
       equipment, it isn't taking any action. Instead, it's
       soliciting public comment on how to respond to the audit
       results in April.


       America Online's acquisition of Netscape Communications,
       approved by the US Department of Justice and valued at
       nearly US$9 billion, could create tough competition for
       Microsoft, The Seattle Times reported. Microsoft said the
       combination could help it in its antitrust case, because the
       combination of AOL with Netscape, the software company that
       sought the government's help, would show how fast
       competition changes in the computer industry. But backers of
       the lawsuit said the acquisition does not diminish
       Microsoft's monopoly.

       The other Microsoft founder pays US$600 million for a
       majority stake in portal upstart Go2Net. The plan: Splice it
       with cable TV and turn it into a broadband titan.


       The research into classifying human genetic structure -- The
       Human Genome Project -- is going so well that the
       cooperative Anglo-American effort should be finished a year
       ahead of schedule.

    ++ The browser wars heat up with IE5

    ++  Spam gives ICQ a new headache (full story in section 18)
    ++  March 17th  New Celerons coming Monday    
    ++  Intel and FTC settle

        The US Federal Trade Commission (FTC) has approved the settlement of its
        antitrust case against Intel, but has imposed only mild restrictions and
        is continuing an ongoing investigation into the chip giant. Under the
        settlement, while Intel is not able to withhold most technical
        from companies with which it is involved in patent disputes, it may
        withhold that information if it concerns the specific processor that is
        the subject of the dispute and the customer is seeking to have that product
        banned. Information must be provided to manufacturers no later than six
        months before a processor is due for release. Intel must also report
        regularly to the FTC concerning its compliance with the order. However,
        the FTC may not have had its last word; it will be continuing its broader
        investigation into whether Intel's dominance of the processor market
        constitutes a monopoly, and if its power has been abused.


           Microsoft is not embracing digital audio quietly. With
           strategic alliances, investments, and new technologies
           folded into Windows, the blitzkrieg is on. By
           Christopher Jones.

       ++  THE BANK OF BEENZ (EXEC 9:30 am)

           Beenz Company Ltd., a British start-up, is launching what it
           calls the Internet's first universal currency, symbolized by
           a bright red bean with two strokes at the top, The Wall
           Street Journal reported. Founder Philip Letts envisions the
           concept as an alternative to Web advertising, explaining
           that Beenz will market itself by rewarding customers who
           visit sites using Beenz with the currency, which can then be
           deposited at the Bank of Beenz. In preparation for the
           launch, Beenz has recruited a number of retailers to hand
           out and accept the currency in lieu of payment. It expects
           to derive future revenue through its role as a bank,
           clearing transactions and taking commissions on the Beenz it
           sells. (The Wall Street Journal Interactive requires
           a subscription.)
           . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


           Now that the acquisition of Netscape Communications is almost
           complete, America Online has to move quickly to blend
           Netscape's technical expertise with AOL's customer-service
           savvy, the Washington Post reported. Managing the
           combination will be Barry Schuler, AOL's president of
           interactive services. The biggest challenge for him and for
           AOL will be to set up services that can meet the needs of
           both services and consumers.

      ++   THE WEB PRIVACY SEAL, TAKE 2 (POL. 8:30 am)

           The Better Business Bureau begins stamping its own "seal of
           approval" on Web sites. Like Truste, the bureau hopes it can
           calm privacy-nervous consumers. By Chris Oakes and
           James Glave.
      ++  JAVA FOR THE CELL PHONE (TECH. 7:35 am)

          Symbian, the powerful wireless alliance formed to take on
          Microsoft, says a new generation of handheld devices will
          use the Sun language as part of its operating platform.


           The company that's laying fiber around the world acquires New
           York-based carrier Frontier for US$11.2 billion in stock.


           GM's Hughes says it will pump US$1.4 billion into Spaceway,
           its satellite-based high-speed communications network.
           . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


           The ideal St. Patrick's Day revelers will hold a pint of
           Guinness in one hand and a mouse in the other as they
           explore a range of new Irish portals. By Niall McKay.

       ++  LOST IN SPACE AND RED TAPE (POL. 3:00 am)

           NASA should lead, follow, or get out of the way of private
           space exploration. That's the consensus at a conference on
           the future of space. Declan McCullagh reports
           from Washington.


           The Human Genome race pits a government-funded consortium
           that aims to keep gene data public against a private
           research company that wants to own the findings. The future
           of medical research is at stake. By Kristen Philipkoski.

        ++ UK'S ROYAL MAIL DOES E-COMMERCE (POL. 3:00 am)

           The centuries-old institution introduces a secure document
           technology service aimed at the business sector. British
           consumers will likely be next in line. By Wendy Grossman.

       ++ APPLE OPENS OS CODE (TECH. Tuesday)

          Apple is jumping on the open-source bandwagon -- at least
          with one foot. The company will make parts of Mac OS X code
          available to developers and promises friendly licensing
          practices. By Leander Kahney.


          America Online's ICQ chat service filter lets users filter
          dirty words, apparently with a list illegally borrowed from
          an old version of Cybersitter. By Heidi Kriz.

      ++  Windows 2000 compatibility still an issue

      ++  Microworkz $299 PC draws interest

     Mucho thanks to Spikeman for directing his efforts to our cause of bringing
     you the news we want to read about in a timely manner ... - Ed


 01.2 MAILBAG - email and posts from the message board worthy of a read

       Yes we really do get a pile of mail in case you were wondering ;-0
       heres a sampling of some of the mail we get here, the more interesting
       ones are included and of course we had to get in the plugs for the 
       zine coz we love to receive those too *G* - Ed

       Comments: Authenticated sender is  
       From: "Matthias Olzmann"  
       Date: Sun, 14 Mar 1999 19:54:47 0100 
       MIME-Version: 1.0 
       Content-type: text/plain; charset=ISO-8859-1 
       Subject: since it early days 
       Reply-to: molzmann@snoopy.lili.Uni-Osnabrueck.DE 
       Priority: normal 
       X-mailer: Pegasus Mail for Windows (v2.54DE) 
       Well...I'm reading HWA since its 'early days' ! 
       And I just wanna say...that you do a really great job!
       There is a lot of information...there is humor...
       all a Admin need he would find in your HWA
       go on !!
       matthias olzmann
       Matthias Olzmann                            Forschungsstelle Literatur
       Systemadministrator                         der Frhen Neuzeit
       Tel. (0541) 969-4882                        Universitt Osnabrck
       Date: 13 Mar 1999 22:37:08 -0000 
       Subject: BoardRoom: Link Exchange 
       From: pserv  
       Time: Sat, 13-Mar-1999 22:37:08 GMT    
       hey ppl,
       i just wanted to make note of the fact that yr site is not the
       only site to be rejected by link exchange on the basis of  
       content. when i attempted to sign up for their program i sent 
       them a banner as they requested, but instead of being included
       in the program, i got a nasty email rejecting my site due to 
       so called "objectionable" material. link exchange apparently 
       feel that pages dealing with security issues are not acceptable,
       yet another friend of mine who *is* in the program is 
       consistently getting banners on his site for pr0n :) go figure.
       anyway i say fuck link exchange, even the ppl i know who are in 
       it are not noticing a significant increase in traffic, and how 
       much do you want "random" viewers to come to your site anyway?
       has anyone else experienced anything like this with this company?
       oh gotta get the plug in anyway, come see the site link exchange 
       hates *warning* there's no pr0n :)
       Check this site out, it is a thing to behold for sure, and full
       of interesting stuph... - Ed
       Date: 17 Mar 1999 12:29:19 -0000 
       Subject: Big Shoutz 
       From: S C R E A M (HARP)  
       Time: Wed, 17-Mar-1999 12:29:18 GMT
       Just a quick note and a big shout to HWA.hax0rs for recognizing 
       H.A.R.Ps work and spreading the word on what we're all about.
       Keep up the good work people and keep your eyes and ears out for 
       the next Hackers Against Racist Parties hack, coming VERY soon...
       S C R E A M
       (founder of H.A.R.P)
       We support HARP and EHAP in all their endeavours, stay free and
       keep the word strong and loud! ... - Ed
       Date: Fri, 12 Mar 1999 10:34:22 -0500
       From: sozni@USA.NET
       Subject: Re: Outlook stores PLAINTEXT password!
       Although this may not be an appropriate topic for this list, there is a 
       related issue with Outlook password protected add-ins.
       Many companies make add-in components for Microsoft Outlook such as 
       custom forms or folders.  These add-ins are password protected to 
       protect code.  However, when these passwords are checked at runtime, 
       they are left in memory as plaintext.  And since Outlook forms aren't 
       compiled, all code is available to anyone with a password.
       A service provided by TechAID Computer Services,
       The e-mail address of the sender MAY NOT BE AUTHENTIC.
       Date: 15 Mar 1999 07:23:39 -0000 
       Message-ID: <> 
       Subject: [off topic] Amiga 500 Startup Hack + slackware 
       From: ph0  
       Time: Mon, 15-Mar-1999 07:23:39 GMT 
       I recently procured an Amiga 500 .. I have no mouse/joystick, or
       On a more relevant note, Slackware 3.2 (and possibly others) have
       a -v setting in pppsetup's pppstart script and default
       permissions to allow all users to read /var/log/messages .. hence
       ppp chat scripts can be read via /var/log/messages and
       usernames/passwords gained .. could just be me .. 
       **  In case people are wondering here;s the reply I sent to the above
           message jic others have similar concerns... - Ed
       Date: 15 Mar 1999 15:14:07 -0000 
       Subject: BoardRoom: re: [off topic] Amiga 500 Startup Hack + sla 
       From: Cruciphux  
       Time: Mon, 15-Mar-1999 15:14:07 GMT 
       :I recently procured an Amiga 500 .. I have no mouse/joystick, or
       :disks though (just screen + machine) .. is there any way
       :whatsoever I can make this thing _do something_?  I found a
       :reference to some 'hold down both mouse buttons on startup' early
       :boot screen thinggo on an Amiga page, however I aint got no
       :sqeaker ;(
       Well you will need a mouse or you ain't going too far, also the
       Amiga500 is totally disk based OS some of em have kickstart on
       rom but you need a disk to do anything at all with it it ain't 
       like a C64 or C128 that has basic in rom and the disk is extra...
       you can find the software on the web just look good and hard if 
       you get stuck I can maybe rustle up some software and post it
       somewhere for you as I still have my ami system.
       :On a more relevant note, Slackware 3.2 (and possibly others) have
       :a -v setting in pppsetup's pppstart script and default
       :permissions to allow all users to read /var/log/messages .. hence
       :ppp chat scripts can be read via /var/log/messages and
       :usernames/passwords gained .. could just be me .. 
       Think this is standard and it is kinda silly yeah, i'll make a 
       note of this in the mailbag section though anyways maybe since it
       is relevant...



  02.0  From the editor.#9


      printf ("Read commented source!\n\n");

     /*well we;ve got a webboard i actually forgot to mention it in the last
      *issue, too busy with other stuff.. anyways it works its not great but
      *its free and does the job. PPL, when you join the channel on IRC don't
      *expect the HWA circus to come to your town, we ain't there to entertain
      *we're there to receive news reports and hangout so if you were one of 
      *few that just didn't get the idea last time keep it mind for the future
      *ok? ok ... so here we go again.... issue #10 happy birthday to Mom and Dad!
      * Moving right along, thanks for the continued support everyone and tty next time...
      printf ("EoF.\n");

      Congrats, thanks, articles, news submissions and kudos to us at the
     main address: complaints and all nastygrams and
     mailbombs can go to /dev/nul nukes, synfloods and papasmurfs to, private mail to



 03.0 The Mitnick Trial Update
      From Wired news

      Mitnick Trial: Full Speed Ahead
      by Douglas Thomas 

      12:00 p.m.  12.Mar.99.PST
      LOS ANGELES -- The trial against celebrity cracker Kevin Mitnick will
      begin as scheduled on 20 April. 

      That's the ruling from US District Court Judge Marianne Pfaelzer, who
      denied a defense request Tuesday for a continuance that could have 
      delayed the case until the summer. 

      In court on Tuesday, Pfaelzer told Don Randolph, Mitnick's attorney,
      that if he expected the trial to be delayed by so much as a day beyond
      its 20 April start date, he should "disabuse himself of that notion." 

      In a 25-count Federal indictment, the government alleges that Mitnick 
      copied proprietary software from computers owned by cellular telephone
      manufacturers. Mitnick has been in custody here,awaiting a trial, since

      The defense team wanted the court to make the government comply with the
      court's previous order to identify the materials that would be presented
      at the trial. Most recently, the defense requested that the government
      provide the passwords for the files they have been able to decrypt. 

      Because of the sheer volume of new information, the defense asked that 
      the court "exclude from evidence any files not reasonably identified," 
      according to defense team attorney Greg Vinson. 

      Failing that, the defense requested an extension to review the new 
      evidence. Pfaelzer denied all motions, but did require the government
      to provide passwords to the files they deciphered. This week's ruling
      is not the first time Pfaelzer has turned down the defense's request
      for more time. 

      In late January, she denied a defense motion for a 60-day continuance. 
      Pfaelzer has been reluctant to allow delays in the case, and made it
      clear that the motion which pushed the start date back to April would
      be the last before the case went to trial. 

      For some time, the defense has claimed that the prosecution has "failed
      to comply with its constitutional and statutory discovery obligations." 

      Specifically, Mitnick's lawyer had accused the government of failing to
      disclose its exhibit list. The defense also wants access to witness
      interviews and time to review 1,300 pages of witness statements produced
      by the government.

      Mitnick also says he is having difficulty  reviewing the evidence to be
      presented against him. A laptop computer containing the electronic 
      evidence was installed for his use at the Los Angeles Metropolitan
      Detention Center. But Mitnick was not allowed to access the portable 
      for nearly a month while experts inspected and re-inspected the machine. 

      The government denies claims that they have withheld evidence.  

      US Attorneys said in court documents that is "absurd" for Mitnick to
      suggest that the defense team's failure to conduct interviews or perform
      investigations are "somehow attributable to the government." 

      Pfaelzer agreed, and denied the defense motions. This week, she granted a
      prosecution request to dismiss the continuance without a formal hearing. 

      Meanwhile, Mitnick's co-defendant Lewis DePayne, filed a motion for
      severance on 1 March, asking that his case be heard separately. 

      In that filing, DePayne requested that his case be heard immediately, 
      without a jury. DePayne's attorney, Richard Sherman, argued earlier before
      Pfaelzer that there is simply no evidence against his client. Pfaelzer has 
      indicated that she is inclined to grant the severance. 

      DePayne's motion is scheduled to be heard on 22 March. 
 03.1  Mitnick could be free by the end of the year...
       From ZDNet,3730,2228174,00.html
       Mitnick to Plead Guilty

      The 'Free Kevin' movement may have to wait a bit
      longer-- hacker Kevin Mitnick is set to plead guilty to
      criminal hacking charges.
      By Alex Wellen and Luke Reiter   March 17, 1999 

      8:30 PM Pacific Hacker Kevin Mitnick will plead guilty to computer
      -related  crimes after more than four years in prison awaiting trial, 
      according to CyberCrime sources. 

      The plea is contained in a court document, or "notice," jointly filed
      by Mitnick's attorney and federal prosecutors, sources said. The notice 
      itself was filed under seal and "in camera"-- meaning the subject matter
      will be discussed  privately between the parties in chambers before US 
      Federal Court Judge Mariana Pfaelzer. 

      The timing for that meeting will depend on Pfaelzer's schedule and could
      be as early as Friday. 

      Assistant US Attorney David Schindler confirmed a notice was filed, but 
      would not comment on whether it was a plea agreement. Mitnick's attorney,
      Donald  Randolph, did not respond to CyberCrime inquiries on Wednesday. 

      Sources said the plea agreement will place a cap on Mitnick's sentence.
      Taking into consideration time already served, he  could be released by 
      the end of the year. 

      This plea agreement does not involve codefendant Louis DePayne, set to
      be tried alongside Mitnick next month. The  proposed plea agreement does, 
      however, call into question DePayne's status-- suggesting that he may also
      resolve his case prior to trial. DePayne's attorney, Richard Sherman,
      declined to comment Wednesday night. 

      Mitnick, 35, has been imprisoned in the Metropolitan Detention Center, 
      Los Angeles for more than four years awaiting trial on computer-related
      fraud charges. The 25-count federal indictment issued against Mitnick
      accuses him of using computers to steal millions of dollars in software
      Following the September 1996 indictment, Mitnick  pleaded "not guilty" 
      to all counts. 

      Mitnick pleaded guilty twice before to similar computer
      crimes, in 1989 and 1996. 

      In 1989, Mitnick was convicted for stealing computer programs and 
      breaking into corporate networks, and served eight months of a 
      one-year sentence. In April 1996, he pleaded guilty to possession of 
      15 or more unauthorized access devices (cloned cellular telephone 
      numbers), and for violating supervised release, and was sentenced to
      22-months in federal prison. 

      Based in part on his prior two convictions, Mitnick has been detained 
      without bond since February 1995. The hacker's imprisonment without a
      bail hearing, combined with his prison restrictions, has generated a
      backlash among Mitnick supporters. Some critics have protested Mitnick's 
      treatment by attacking websites and posting political messages-- the
      most recent earlier this month to a Monica Lewinsky website,
      and the most notable of which shutdown the New York Times's website for
      approximately nine hours last September.

      Mitnick supporters have also criticized the government for delaying the
      trial. However, the delays can also be attributed in part to the defense. 
      Over the last four years, Mitnick has been represented by three different 
      attorneys -- who, in combination, have filed a half-dozen motions requested
      additional information. Mitnick's attorneys have argued government attorneys
      have stalled efforts by unreasonably withholding information requested by the

       ZDTV's CyberCrime Bureau-- which includes former
       prosecutor Luke Reiter, litigator Alex Wellen, and reformed
       hacker Kevin Poulsen-- will continue to bring you coverage. 

 03.2 Federal Prosecutors Leak Info on Mitnick 
      March 19th
      From HNN
      contributed by Space Rogue 
      Numerous mainstream media outlets are reporting that
      Kevin Mitnick has pleaded guilty to computer related
      crimes. It is believed that this plea of guilty is in
      exchange for reduced charges and a sentence of mostly
      time served. The real story is not that Kevin pleaded
      out as only 4% of federal cases actually go to trial, the
      real story is how the press got notified of the contents
      of a _sealed_ federal court document. 

      If the Honorable Mariana Pfaelzer declines the plea
      agreement Kevin will still be headed for trial on April 20.
      If that happens Kevin's defense hopes to introduce a
      motion that will dismiss most of the evidence against
      him on the grounds of illegal search and seizure. It
      would appear the the information used to provide
      probable cause to issue a search warrant for Mitnick's
      apartment was itself illegally obtained. The defense is
      claiming that Tsutomu Shimomura, while a private
      citizen, was in fact acting as a government agent and
      therefore subject to the laws regarding illegal search
      and seizure. 

      We urge you to visit the Free Kevin site and learn more
      about what is not being said by the mainstream media. 

 03.3 From
      Anonymous Sources, Politics, and the Media 

                                          March 18, 1999 
     In yet another political twist in the highly politicized trial preparations in United States v. Mitnick, the claim that a "notice"
     was filed in camera and under seal with Judge Mariana Pfaelzer somehow found its way to the telephone, fax machine, or
     email accounts of Alex Wellen, an intellectual property attorney and now a reporter with ZDTV who interned with the US
     Attorney's Office Criminal Division (and two federal court judges). The lead prosecutor in the case apparently confirmed
     for Alex Wellen that a notice was indeed filed. This post addresses an article that appeared on ZDTV the evening of
     March 17; subsequent posts will address an article that appeared on the same topic in the L.A. Times on March 18,
     1999.  has learned that the "notice" is a plea agreement wherein Kevin Mitnick has agreed to plead guilty to a
     reduced set of charges. While we'll discuss those reduced charges below, we'll take this opportunity to look at the curious
     circumstances under which the contents of a document filed under seal in a federal court were somehow leaked to a
     reporter who worked with prosecutors and two federal judges. 
     Why is This a Political "Twist"? 
     It's a violation of federal law to reveal matters that are filed under seal with the court. This creates a dilemma for politically
     ambitious federal prosecutors, most recently witnessed in the repeated leaks of information from the office of independent
     counsel Ken Starr. 
     Media Analysis 101 
     Returning to Alex Wellen's story, we read that.... 
             "Hacker Kevin Mitnick will plead guilty to computer-related crimes after more than four years in
             prison awaiting trial, according to CyberCrime sources." 
     Anonymous sources... and it is not rather odd for someone to plead guilty after spending "more than four years in prison
     awaiting trial"? Can't be too odd, since Alex Wellen's article failed to mention that curiosity. Notice that there's no mention
     that Kevin Mitnick was held in defiance of constitutional requirements that a detention hearing be held and the issue of bail
     considered. Must not have been important. Nor was there any mention that federal law was broken in leaking the sealed
     document to the press. 
             "The plea is contained in a court document, or "notice," jointly filed by Mitnick's attorney and
             federal prosecutors, sources said. The notice itself was filed under seal and "in camera"-- meaning
             the subject matter will be discussed privately between the parties in chambers before U.S. Federal
             Court Judge Mariana Pfaelzer." 
     Anonymous sources for the second time. Second paragraph without mention that federal law was broken in leaking the
     sealed document to the press. Must have been as unimportant as being held four years without bail and without a bail
     After learning the possible schedule for the trial, we read... 
             "Assistant U.S. attorney David Schindler confirmed a notice was filed..." 
     The first source attributed to an individual was attributed to the lead U.S. Attorney prosecuting the case. And defense
     attorney Donald Randolph "did not respond" to inquiries, presumably by reporter -- and ex-intern at a U.S. prosecutor's
     office -- Alex Wellen. 
     The Way Sources and Journalists Cooperate 
     Even ethical journalists know that they must rely on anonymous sources on occasion. To maintain their integrity, they'll
     frequently insist on a quid pro quo: that they must attribute something to the source, even if it's a statement saying that "I'll
     neither confirm nor deny...". That way, the story is sourced anonymously, but there's at least one, and usually more,
     statements attributed to named sources. 
     Leaking Benefits Prosecution in U.S. v. Mitnick 
     Leaking the existence of a plea agreement benefits the prosecution in numerous ways; we identified three of them above
     (see "Why is This a Political "Twist"?"). In addition, the first leak sets the tone of the coverage that follows, and even
     first-year debate students know that when you set the boundaries of the debate, you've won without saying a word. The
     prosecution has everything to gain and nothing to lose by leaking word of the existence of a plea agreement: they set the
     tone of the discussion, they hope to take the energy out of the principled people who've learned about the case and
     become supporters of Kevin Mitnick, and they blindside the defense attorneys. If the leaks are somehow attributed to the
     prosecution, they merely issue vigorous denials, and there the matter will stop. 
     Leaking Poses Enormous Risks to Defense 
     Leaking the existence of a plea agreement poses enormous risk to Kevin Mitnick, because any agreement is submitted for
     the judge's approval. Because of this uncertainty, and even at this late date, Kevin is completely focused on preparing for
     trial on April 20, 1999, just 22 working days away. Indeed, Kevin's investigators have subpoenaed Tsutomu Shimomura
     to do one of two things: either sign a sworn declaration that a number of factual statements in his book Takedown are
     true, or appear in court on April 5th to participate in a hearing to suppress any evidence in this case based on
     Shimomura's actions as a de facto federal agent who allegedly broke federal law repeatedly, and on multiple occasions.
     Note that Shimomura illegally intercepted electronic communications purported to be from Mitnick, and that the court
     hearing scheduled for April 5th is intended to suppress those interceptions, as well as a warrantless search conducted on
     Kevin Mitnick's home in Raleigh, North Carolina (the search was undertaken subsequent to Shimomura's illegal
     A leak from the defense runs the enormous risk of further antagonizing the judge, who might then reject the agreement,
     and Kevin would then face going to trial with an overworked and understaffed attorney. The possible sentence upon
     conviction of all charges is more than 35 years in federal prison. The defense would have jeopardized their entire hopes of
     settling before trial if they had illegally leaked this notice -- no, the defense had no role in this leak, in our opinion. 
     Plea Agreement Includes Reduced Charges
     If the plea agreement is approved, Kevin Mitnick will spend just a few additional months in prison, and 20 counts of the
     27 original counts will be dropped. This circumstance -- that the government is willing to dismiss 75% of the charges
     against Kevin -- is ample evidence in support of our claim that this case was dramatically overcharged, and was
     overcharged solely as a result of the extraordinary and repeated media assaults on Kevin Mitnick by reporter John
     Markoff on the front page of the New York Times. We'll have more on this issue in subsequent updates to this site. 
     Fewer than 4% of all federally charged defendants go to trial. The federal system is set up to virtually ensure a conviction,
     as the enormous resources of the federal government are brought to bear on a single individual: trying to fight federal
     charges is like trying to stop a steamroller with a picket sign protesting your innocence. 
     As an indigent defendant held without a bail hearing and without bail for more than four years, Kevin Mitnick has had
     virtually no control over the conduct of his defense. Using the U.S. Sentencing Guidelines, Kevin faced more than 35
     years if found guilty of all charges. Held in jail for four years, his contact with the outside was limited to collect phone calls,
     visits with legal personnel, and with his immediate family -- all other visitors were forbidden. Although the terms of the
     guilty plea are quite onerous, the possible alternative -- a potential maximum penalty of more than 35 years in federal
     prison -- was simply not worth the risk of going to trial with a court-appointed attorney whose two recent motions for
     continuances less than 50 days before trial were rejected by the court. 

 04.0  Is Microsoft vulnerable to their own holes? 
        Is Microsoft vulnerable to their own holes? 
        Via HNN
        contributed by hfspc002 
        With all the recent privacy holes in OLE and Office
        products where does this leave Microsoft? Are they just
        as vulnerable to these problems as the public? You bet!
        Try downloading some MS Office documents from the
        Microsoft web site and see what you find hidden in the
        documents. MacInTouch has a list of some of the stuff
        they found. 

        Article below, I included some of the readers response 
        letters for amusement value also...- Ed

                                Office 98 Security Hole: Samples

                                     Microsoft/Compaq Samples
                                        Reader Experiences 


     In researching the long-standing Microsoft Office/OLE security holes, we took a look at some of Microsoft's
     own Word documents, published on its web site long after the release of its security patch, as well as a Word
     document posted by Compaq on its web site. These documents, like millions of other MS Office documents,
     contain extraneous data that may unintentionally reveal sensitive confidential or private information, hidden from
     view within Word. 

     A MacInTouch reader who pointed out one of the files wrote: 

          "You can easily read the name and directory path of the original file, any revisions and who did
          them with full directory paths (even on the MS server), the directory paths of all attached graphics,
          and what appears to be a registration numbers and passwords associated with each user that saved
          the file. With enough documents, you could concievably construct a full directory structure for the
          entire MS network, and have the machine codes to mimic a computer in the building. Looks like
          MS has done half of the hacker's work for them... they are a break-in waiting to happen." 

     In each example below, we show hidden information that is invisible within Word but readily available when the
     document is opened with a text editor or utility program, such as John Lamb's TextBrowser or Bare Bones
     Software's BBEdit. We did not do an detailed security analysis of each document, but simply copied out some
     interesting hidden material. In each case, it is unlikely that the document authors intended to reveal the hidden
     information in these files, which now are available to millions of people on the Internet, although this information
     appears far more innocuous than the URLs, source code directories, credit card information and private mail that
     readers report finding hidden in their Word documents. 


     MSIE 4.5 Reviewers Guide

     The names "Linda Sorenson" and "Brian Hodges" do not appear anywhere in the document, when you
     are using Microsoft Word, nor do the file names and directories. "Dani Baldwin" is visible if you choose
     the "Properties" menu item and view Summary, but it does not appear if you ask Word to "Find" the

     Dani Baldwin
     Microsoft Word 8.0
     D:\briansnap\more\Picture 5.GIF
     D:\briansnap\more\Picture 4.GIF
     D:\briansnap\Picture 2.GIF
     D:\briansnap\Picture 3.GIF
     Microsoft Internet Explorer 4
     Dani Baldwin
     Linda Sorensonn2ndMicrosoft Word 8.0E
     Waggener Edstrom
     Microsoft Internet Explorer 4
     D:\briansnap\Picture 55.gif
     D:\briansnap\more\Picture 5.GIF
     D:\briansnap\more\Picture 4.GIF
     D:\briansnap\Picture 2.GIF
     D:\briansnap\Picture 3.GIF2
     D:\briansnap\more\favs.gifz!D:\briansnap\more\Picture 16.GIF
     D:\briansnap\more\Picture 21.GIF
     D:\briansnap\more\Picture 20.GIF
     D:\briansnap\Picture 56.gif
     D:\briansnap\more\Picture 23.GIF
     D:\briansnap\more\Picture 2.GIF
     D:\briansnap\Picture 6.GIF
     D:\briansnap\more\Picture 16.GIF
     D:\briansnap\more\Picture 21.GIF
     D:\briansnap\more\Picture 20.GIF
     D:\briansnap\Picture 56.gif
     D:\briansnap\more\Picture 23.GIF
     D:\briansnap\more\Picture 2.GIF
     D:\briansnap\Picture 6.GIF
     Dani Baldwin&\\WE-OR2\PROD\MS\BSD\Desktop\MIERG.doc
     Dani Baldwin&\\WE-OR2\PROD\MS\BSD\Desktop\MIERG.doc
     Dani Baldwin=\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of MIERG.asd
     Dani Baldwin=\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of MIERG.asd
     Dani Baldwin=\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of MIERG.asd
     Dani Baldwin=\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of MIERG.asd
     Dani Baldwin=\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of MIERG.asd
     Linda SorensonC:\windows\TEMP\MIERG.doc
     Brian Hodges#C:\WINDOWS\Desktop\MIERG 120898.doc
     Linda Sorenson?\\WE-WA2\DATA\LindaS\Macintosh\Press materials\MIERG 120898.doc


     MSIE/OE 4.5 Innovation

     This example shows information leaks similar to those of the previous example: 

     Linda Sorenson\\WE-WA2\DATA\LindaS\MacInnovations22.doc
     Dani Baldwin\\WE-OR2\PROD\MS\BSD\Desktop\InnovaPR.doc
     Dani Baldwin\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of InnovaPR.asd
     Dani Baldwin C:\temp\AutoRecovery save of InnovaPR.asd
     Dani Baldwin C:\TEMP\AutoRecovery save of InnovaPR.asd
     Linda Sorenson \\WE-WA2\DATA\LindaS\Macintosh\Press materials\InnovaPR.doc
     Brian Hodges C:\WINDOWS\Desktop\InnovaPR new.doc
     Linda Sorenson
     Linda Sorenson9\\WE-WA2\DATA\LindaS\Macintosh\Press materials\Innova.doc
     Microsoft Internet Explorer 4
     Linda Sorenson


     MSIE 4.5 Fact Sheet

     Here we can identify some new people involved in the project, although their names, too, are invisible
     within Microsoft Word. Note also the presence of the "GUID" fingerprint: 

     Jodi Ropert C:\WINDOWS\TEMP\4.5IEFS.doc
     Jodi Ropert C:\WINDOWS\TEMP\4.5IEFS.docDani
     Baldwin\\WE-OR2\DATA\dbaldwin\winword\AutoRecovery save of 4.5IEFS
     Christina Snavely \\WE-OR2\PROD\MS\BSD\Desktop\4.5IEFS.doc
     Linda Sorenson:\\WE-WA2\DATA\LindaS\Macintosh\Press materials\4.5IEFS.doc
     Brian Hodges C:\WINDOWS\TEMP\AutoRecovery save of 4.asd
     Brian Hodges"C:\WINDOWS\Desktop\4.5IEFS new.doc
     Linda Sorenson \\WE-WA2\DATA\LindaS\Macintosh\Press materials\4.5IEFS new.doc


     Compaq Modem Overview

     In the Word document posted by Compaq, we again find the name of the author, even though he is not
     listed in the Properties sheet, plus his file and directory names and the GUID information: 

     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Bretting%C:\My Documents\modem white paper.doc
     Greg Brettin %C:\My Documents\modem white paper.doc
     Greg Bretting:C:\WINDOWS\TEMP\AutoRecovery save of modem white paper.asd
     Terry Durham%C:\My Documents\modem white paper.doc
     C:\S&S_dataprep\White Papers\NEW\prt005a0798.doc


     More MacInTouch Reader Experiences

          From: [MacInTouch reader] 
          Subject: word98 security issue, it's bigger than you think.
          Date: Wed, 10 Mar 1999

          I have to remain anonymous about this please, because of the implications this might have. 

          I am a developer and I occasionally use word98 for reports and such. Reading your report
          yesterday about the security issue, I wanted to see if it was true. I opened one of my old word docs
          in codewarrior (after changing the file type/creator codes ) and found the there were not only
          directory listings to source code I was working on at the time, but also names of specific functions
          within the source. These things were not menitioned anywhere within the document I typed, but
          they are embedded in my file. I can supply you with the file if you like, but I'd rather not because it
          has my name in it and I think the reprecussions of this could be rather large. If you have any
          questions about this, feel free to send them to me. 


          Date: Wed, 10 Mar 1999 12:04:01 -0500
          From: Joe Gudac
          Organization: Gudac Bowling Lanes
          Subject: Word Info


          After reading about all these problems with the info Word stores with it's files I decided to look at
          some of the files I had for my business. I picked a simple file that only had my business letterhead
          and address info and business tax id numbers that I had to give to our bank recently. 

          When looking at the file in canopener I was astonished to find that the file had information from
          other files containing my credit card numbers and personal information about myself and my family. 

          I have tried for the past several years to not be a Microsoft basher and have tried to learn as much
          about their software applications to keep myself up to date with the standard business technology,
          but this is absurd. This along with some of the testimony that has been presented in their anti trust
          trial I am terrified that they are big brother and may be more corrupt than our government. If that
          isn't a scare. 

          Enjoy your information and keep up the great web site. 


          Joseph J Gudac Jr 


          Date: Mon, 15 Mar 1999
          From: [MacInTouch reader]
          Subject: WORD SECURITY

          *** Please keep the following anonymous: 

          I too have stopped defending Microsoft. 

          I work for a *major* Internet company at a fairly high level. This morning I too looked at a report I
          submitted last week using Notepad. Not ONLY did it have my name and directories on my hard
          drive, but it had information on OTHER applications that are totally unrelated to MS Word in it!
          These apps are competitors of MS (not that many aren't these days). BUT I think the most
          disturbing was this: all my reports have the same filename except for the date (contained in the
          filename too). The paths to EVERY report in that directory were there too. 

          In a world where the economoy is changing (mostly for the better I like to think) it's SAD to think
          actions like these undermine the trust people place in companies that work hard. People should be
          empowered and educated about technology, not intimidated and afraid because of it. I believe
          Microsoft is validating a LOT of people's fears about privacy and security unnecessarily. 

          --- Concerned. 


          Date: Mon, 15 Mar 1999 10:52:00 -0500 (EST)
          From: Oj Ganesh
          To: MacInTouch
          Subject: Microsoft security

          I read with interest your stories and updates concerning GUID numbers and other personal
          informaion being found in documents created by microsoft programs. Thanks for all the updates
          and keeping with the story. 

          Yesterday I finally got around to removing some original software that my imac came with, when I
          noticed a control panel called "Configuration Manager". In it was a section called "Cookies", which
          (when clicked on) displayed *Some* cookies on my system. Two of the cookies immediately
          caught my attention since I had never visited the sites with my imac. They were: and
, they both had the name "MC1" and they were 'enabled'. Double clicking on the cookies
          brought up the Cookie Properties box which had this shocking line: "Value: GUID=(my GUID
          presumably)". I couldn't believe it! Both cookies were identical (both were also set to expire on
          "Expires: Wed, Sep 15, 1999 7:00 PM GMT") in every respect. 

          The "Configuration Manager" control panel is apparetly made by Microsoft (as the about box

          Thanks, keep up the good (Mac) work,


          Date: Mon, 15 Mar 1999 11:10:49 -0600


          From: [MacInTouch reader]

          Subject: Microsoft Security Issues


          This may have been reported prior, and it may be less intrusive than the Microsoft issues, but we
          seem to be ignoring the fact that many other applications besides those from Microsoft carry
          artifacts from files unrelated to the current one. For the most part these are data that we'd rather not
          be seen by others. 

          At the moment, I'm referring specifically to Adobe PageMaker. PageMaker files opened in Can
          Opener reveal lots of extraneous data - directory paths, hard drive names, file names that appear to
          be unrelated to the current file, and perhaps references to other sensitive data. These are data that
          are not visible and cannot be found or expunged by any normal means. In addition to embedding
          directory paths, filenames, etc., related to the current file, it seems that whenever you do a "save as"
          in PageMaker a lot of data from the original file become permanent and reside in that and all future
          iterations, or saved as versions, of that file. The data can compound to become an interesting
          record in its own right. 

          Lots of folks transfer lots of data in the form of PageMaker files and I'll wager that few of them are
          aware of the nature of some of the data they're "making public" when they do. 

          Maybe some of the more experienced (than me) sleuths will care to comment on PageMaker too? 


          Date: Mon, 15 Mar 1999 12:54:31 -0500
          Subject: Word Privacy Problems
          From: "Jeremy LaCivita"


          After reading your section on Word privacy issues, I opened up a paper I wrote last week in
          BBEdit. In addition to a bunch of paths on my machine (which is somewhat understandable) i found
          addresses of all the sites I had visited that night (using Internet Explorer): 

          3Com/Palm Computing - Macintosh 

          The Apple Store (U.S.) 

          The Apple Store (U.S.) 

          In other documents I found information about my email account like my mail server. Who knows
          what other information is hidden in the document mixed in with all of the gibberish. 

          This really bothers me! The paths to images used in the file in somewhat understandable and
          relevant, but this is completely irrelevant, and I really think Microsoft needs to explain themselves. 



          Date: Tue, 16 Mar 1999 01:46:52 +0100
          Subject: word98 security - history recorded

          Encouraged by the interesting reports about security problems in word98 docs I carefully examined
          some of my files with a text editor. 

          Guess what. The complete history of some documents I've been using since one year has been
          recorded in the file (different OS versions, different machines to be identified by their owner's
          names and different hierachical file structures were all plainly visible). 

          Obviously previous versions of word (at least word 6) own this special "recording feature", too.
          Isn't it nice? Thank you, Big Bill, this is exactly what users needed most. 

 05.0  Its a Trinux world after all - Tiny unix packs wallop in Pre-0.49 release
      Main site;      
      Mirrored at;
      From Packetstorm:
      Trinux Pre-0.49 floppy images - "Pre-0.49 floppy images are now available. The floppies now support the features added to
      TrinuxHD about a month ago. Most importantly the modem.tgz package now works-- on my system at least. If you follow
      the un-Linux-like prompts and type ppp-go you should be able to log via your ISP. Man ppp gives you some background
      information and nmap -D will allow you to roll your own "sophisticated and coordinated attacks" from foreign countries
      against domestic sites of your choosing. A better idea: spend your milk money on TCP/IP Illustrated Volume 1 and sniff
      your modem traffic using tcpdump till you get a clue. Oh yeah, the dialup data disk may become a hot commodity soon
      because I imagine I'll yank it after the third message I get asking how to sniff passwords with tcpdump." -- mdf [ed. note: i
      couldn't have said it better myself, so i just quoted mdf instead]. Our favorite mdf quote: "I'll tell ya' this security biz is
      cutthroat and incestuous, just like a fscking soap opera." Trinux web site, Trinux ftp. MD Franz is the Trinux Project
 06.0  Case insensitivity issue affects NT security
       Date: Fri, 12 Mar 1999 13:03:57 -0700
       From: Mark 
       Subject: [ ALERT ] Case Sensitivity and Symbolic Links
       Prasad Dabak of Cybermedia Software Private Limited has discovered yet
       another security risk in Windows NT involving the operating system's case
       sensitivity. According to the report, using the permissions on the "\??"
       object directory and by exploiting the case sensitivity of object manager,
       it is possible to trojan any system executables.
       Any ordinary user has write permissions on \?? Object directory. This is to
       allow user to map network drives or use "subst" utility to alias a directory
       to a new drive letter. Each system drive has an entry into \?? object
       directory. Each entry is actually a symbolic link which points to the device
       associated with that drive (ergo: Symbolic link \??\C: will typically point
       to a device such as \Device\HardDisk0\Partition1). It is possible to create
       a trojaned version of this symbolic link using the different character
       case -- for example, it is possible to create a symbolic link such as \??\c:
       (notice the small letter "c".) By doing this, all the requests to drive C
       get routed through the trojaned symbolic link.
       Please visit the following URL, where you'll find the further details along
       with links to a demonstration of the problem.
       Date: Sat, 13 Mar 1999 00:32:19 +0100
       From: Alexandre Stervinou 
       Subject: New Security Vulnerability in WinNT
       A new security vulnerability in Windows NT4 has been released, I was
       just surfin' on, when I saw this:
        CSPL has uncovered most serious Case Sensitivity vulnerability in
       Microsoft's Windows NT operating  system. This security hole allows you
       to get "Administrator" access on a machine while logged in as "guest" or
       any ordinary user
        Using the permissions on the "\??" object directory and by exploiting
       the case sensitivity of object manager it is possible to trojan any
       system executables.
                        Alexandre Stervinou
       Case Sensitivity vulnerability:
        Using the permissions on the "\??" object directory and by exploiting the 
        case sensitivity of object manager it is possible to trojan any system 
        Any ordinary user has write permissions on \?? Object directory. This is to 
        allow user to map network drives or use "subst" utility to alias a directory 
        to a new drive letter. Each drive on the system (let it be local/network/substed) 
        has an entry into \?? object directory. Each entry is actually a symbolic link
        which points to the device associated with that drive. (e.g Symbolic link \??\C: 
        will typically point to a device such as \Device\HardDisk0\Partition1). It is 
        possible to create a trojaned version of this symbolic link using the different 
        case. e.g it is possible to create a symbolic link such as \??\c: (notice the
        small letter c). By doing this, all the requests to drive C gets routed through 
        the trojaned symbolic link. (e.g If you get the contents of symbolic link \??\D: 
        and create a symbolic link say \??\c: and put those contents there, then 
        executing dir command on drive C will give you directory listing for drive D). 
        So effectively you can route the traffic on drive C to drive D. This is exactly 
        what the simulation program exploits. 
        The description of simulation assumes that you have unzipped the files from the 
        demo in a directory called C:\FOO and your Windows NT System directory is 
        The simulation works on latest service packs of all Windows NT versions (3.51, 4.0, 5.0)
        When you execute BESYSADM.EXE. The program follows the following steps. 
              Create an indentical directory structure of Windows system directory under 
                   the directory C:\FOO. i.e it will create a directory structure such as
              Copy all the POSIX subsystem binaries and required DLLs (except PSXSS.EXE) 
                   from C:\WINNT\SYSTEM32 directory to
              Copy the trojaned version of PSXSS.EXE and a dummy posix application 
                   DUMMYAPP.EXE from C:\FOO to C:\FOO\WINNT\SYSTEM32 
              Get the contents of the symbolic link \??\C: and append \FOO to it. i.e if 
                   the contents of symbolic link \??\C: is \Device\HardDisk0\Partition1
                   then new name formed will be \Device\HardDisk0\Partition1\FOO 
              Create a symbolic link \??\c: (note small c) with the contents as 
              Hence effectively executing a dir command on drive C will now give 
                   directory listing of C:\FOO 
              Next the program starts a posix application DUMMYAPP.EXE as "POSIX /c DUMMYAPP.EXE" 
              This results in SMSS.EXE starting POSIX subsystem which effectively loads 
                   trojaned version of PSXSS.EXE. 
              This trojaned version inherits security context of SMSS.EXE and hence our 
                   PSXSS.EXE runs in root privilege. 
              This trojaned version adds the logged in user to the local administrator group. T 
              The name of the logged in user is passed through a file called u.ini that 
                   is created in C:\FOO\WINNT directory. 
        The program actually uses \DosDevices everywhere instead of \??, since Windows NT 3.51 
        does not have \?? object directoy and has DosDevices object directory. Starting from 
        Windows NT 4.0, \DosDevices is actually a symbolic link which points to \??. Hence using 
        DosDevices allows the program to run on all Windows NT versions. 
        Instructions for Demo
              Fresh boot the machine. 
              Login as any ordinary user (guest will also do) 
              Unzip the files in attached .ZIP file in some directory on any local hard drive 
                   on your machine 
              Run BESYSADM.EXE 
        If you are using Non-English version of Windows NT OR name of the local administrator 
        group is renamed, then specify the name of the local administrator group as a command 
        line to BESYSADM.EXE. If no arguments are specified the program assumes that you are 
        runnning on English version and the name of the local administrator group is "Administrators". 
       Date: Sat, 13 Mar 1999 01:07:18 -0800
       From: Dominique Brezinski 
       Subject: Re: [ ALERT ] Case Sensitivity and Symbolic Links
       At 01:03 PM 3/12/99 -0700, Mark wrote:
       >Any ordinary user has write permissions on \?? Object directory. This is to
       >allow user to map network drives or use "subst" utility to alias a directory
       >to a new drive letter. Each system drive has an entry into \?? object
       >directory. Each entry is actually a symbolic link which points to the device
       >associated with that drive (ergo: Symbolic link \??\C: will typically point
       >to a device such as \Device\HardDisk0\Partition1). It is possible to create
       >a trojaned version of this symbolic link using the different character
       >case -- for example, it is possible to create a symbolic link such as \??\c:
       >(notice the small letter "c".) By doing this, all the requests to drive C
       >get routed through the trojaned symbolic link.
       Well, the exploit does not work on my machine--it fails with "Internal
       error..." when run in my test configuration.  I am running NT 4.0
       Workstation, SP4, ProtectionMode set to 1, file and registry permissions
       set to those recommended in Steve Sutton's NSA guide, Guest user enabled
       and allowed to log on locally, %SystemRoot% is on the C partition, and the
       exploit executables on the D partition (the only place writable by guest on
       my system).  I enabled auditing on the \?? object and no access was
       attempted.  So, it appears that something about my configuration stopped
       the exploit in its tracks ;)  When I run it from an admin account, it
       returns a message saying that the account is already a member of the
       administrators group.  Oh yeah, I had to enable the Posix subsystem too.
       As with the KnownDLLs exploit, good system administration should impede
       these kinds of exploits.  Though, they are doing a good job of scratching
       the surface of huge classes of local privilege escalation attacks for NT.
       Dominique Brezinski CISSP                   (206) 898-8254
       Secure Computing

 07.0  Fast friends, faster foes, from uebereleet to delete:life in the underground
       Some of us have been there, many of us have been into systems and gained
       the gnards and gno the shit, some decide to forge alliances or form groups
       others tend to stay out of the loop and usually out of detection and the lime
       light, here's a brief look into a situation that developed recently between
       HcV members discussing the spamming of underground webboards and alleged DoS
       attacks on their servers by one of their own.
       WARNING, this log is for the most part unedited and contains some fucked up
       shit about back stabbing, friends and general underground life....
       * THIS LOG HAS BEEN EDITED it is available on the web but i'm withholding
         the url, coz I don't want to step on certain ppl's toes. - Ed
        Starting logfile IrcLog
       IRC log started Tue Mar 16 20:45:21 1999
        Value of LOG set to ON
        NANCY MXXXX 
        8021 XXXXXX VIEW PL
        STANWOOD WA  98292
        I will give this # a call
        in 5 minutes
        wow yer ereet
        Starting logfile IrcLog
        Value of LOG set to ON
        and if you dont answer, i will persue you and really own you
        0wn me
        stop msg'ing me sil
        whats your # ill call you
        i dont give out my #
        silicosis is the kid who was spamming the board
        mindphasr just pasted his info
        yes i spamemd the board
        your so fucking stupid
       [silicosis(] keep it up, i want to get rid of this name.....
        silicosis: You have gotten yourself into some problems,
        masuashash come get me
        just ask pwr on unet
        [silicosis(] keep it up, i want to get rid of this name.....
        maybe you would have thought twice.
        silicosis: why? so you can rip someone elses name? like silicosis or k0de? LOL
        silicosis: go by aC1dbUrN and be fEEred
       [silicosis(] private chat me now
        [silicosis(] private chat me now
        DCC CHAT (chat) request from silicosis[ []]  
        BitchX: Type /chat to answer or /nochat to close
        im not private chatting you
        DCC CHAT: to silicosis closed
        quit messaging me bitch
        DCC CHAT (chat) request from silicosis[ []]  
        BitchX: Type /chat to answer or /nochat to close
        DCC CHAT (chat) request from silicosis[ []]  
        BitchX: Type /chat to answer or /nochat to close
        DCC CHAT (chat) request from silicosis[ []]  
        BitchX: Type /chat to answer or /nochat to close
        DCC CHAT (chat) request from silicosis[ []]  
        BitchX: Type /chat to answer or /nochat to close
       [mindspring]! Server flood protection activated for eCh0
        Server flood protection activated for eCh0
        lol private chat
        BitchX: Unknown command: IGNORELIST
        BitchX: Doing this is not a good idea. Add -YES if you really mean it
        Usage: /I  - See INVITE
        Usage: /IG  +|-
       - Ignores ALL except crap and public of nick!host matching 
        BitchX: No such command [IGL]
        BitchX: No such command [IG*]
        Usage: /Ig  +|-
       - Ignores ALL except crap and public of nick!host matching 
        Usage: /UnIg  
       - UnIgnores 
        BitchX: There are no nicks on your lame nick list
        #ILAH ON DALNET!
         silicosis invites you to join #l0cked.  ^A to accept.
        are you stupid?
        he is trying to be nice now since he is screwed
        he is going to end up like bronc
        yes, he is
        bronc is a hairy gay cowboy
        where is mosthated?
        log that
        HcV was a lame group i started under the name "DragonFyre" a long time ago
        log that too
        ironlungs was known as Hoss Boss
        he was an ereet winnuking m0f0
        i liked to ping flood quakers with windows 3.11
       #feed-the- ch0wn      H (
       #feed-the- chem1st    H (xF)
       #feed-the- silicosis  H (* I'm to lame to read BitchX.doc *)
       #feed-the- HowzeR     H (bobby)
       #feed-the- mindphasr  H (mindphasr)
       #feed-the- eCh0       H (T e a)
       #feed-the- Crimz0n    H (CriMz0N)
       #feed-the- LordGoat   H (LORD OF THE GOATS!)
       #feed-the- Debris     H (DIE)
       #feed-the- UT         H (UT)
       #feed-the- in0d3      H (magical )
       #feed-the- IL         H (magical )
       [msg(mindphasr)] hmm, im going to quit HcV, IL wont even kick silicosis out
        [- pwr -]
        Drew Cecil,Lucy(parents) Plummer
        Hamilton, ON L8E 1A1
        Phone: (905) XXX-6925
        Home Value: $89,699
        Cars: 1997 Black Ford Bronc, 1998 red Saturn (unkown make)
        Doctor: St. Marys Medical Hospital Uptown, Dr. Shwartz
        Estimated phone bill for 02-05-99: $9,900
        mindphasr: whos that?
        Name ... Erik J. XXXXXXX       
        Street ... 920 W 4TH AVE APT 1.       
        Phone Number ... 530-XXX-17XX       
        Mother ... 530-XXX-59XX       
        City ... CHICO CA, 95926-3674       
        U@H ... bronc@2600.COM       
        SS ... 556-XX-4X0X 
        a silicosis entry will look nice.
        ok thats it killall named
        (silicosis unlocks his elite haxoring secret: killall named)
        (everyone stares in awe)
        go on icq ech0
        so you can get my IP and DoS me?
        oh yeah
        thats smart
        hide on invisible then i dont give a shit
        i dont even have icq on
        im in windows using tribe making myself look elite
        well you must have screwed up somewhere
        fucking hell..... die named die
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
       [msg(ch0wn)] lol, this is funny shit, im gonna post the logs from this on packetstorm once he is done
        gargan [] has joined #feed-the-goats
       [msg(ch0wn)] and i'll add it on the goat page along with the dalnet #hackerz article and the LoU war one
       [ch0wn(] heh k
        hcv is the lamest shit ive ever seen, i never should have started it......
       [ch0wn(] heh...i though ppl liked silicosis, guess not
       [msg(ch0wn)] no one likes silicosis, he hides behind me and IL and the other members of HcV
        gH 0wns HcV :P
       [msg(ch0wn)] and all he does is DoS
       [ch0wn(] heh
        gH 0wns LoU
        gH > *
        eCh0 > gH
        i dont care for it anymore, thats why i quit last week, you all cause pointless damage
        you must all be bored to shit?
        pointless damage
        Yes, else we wouldn't be on here
        just like your rm -rf of hack-net?
        and your elite DoS attacks on EVERYONE?
        ohh lets go hack some japanese site....
        sil will be busy
        you wont be bored, i gurantee it
        im only here to say my last fuck you's and goodbyes
        mindphasr, lets get some gay porno mags mailed to him
         Hackers are cruel, vicious, lifesucking, bottom-dwelleing, scum
                      sucking, toilet licking, dog eating, freaks with too much free
                      time!(especially the ones who do it for fun!)
         you just say that because you have no skills
        No, pocket pussies!
        silicosis: thats nice, no one here likes you and wants your goodbye..just leave now
        silicosis: you will be hearing more from me
        later bro
        i hope you reconsider what your doing, you'll get busted one day like i did for pinching ech0s penis
        i dont do anything illegal to get busted man..
        eCh0: i will narc u for irc idling!
        im on ken's side, so you children go and have fun, hack all your ereet Japan sites....
        ken's side?
        ken will be having word with your mom soon man
        that is why ch0wn is here to see all of this
        who gives a shit about ken
        and that is why this is being logged
        you go ahead and log it, nothing matters to me anymore
        silicosis: Ken doesn't need 12 year old kids who spam webboards on his side man.
       --------------- --  -
       | silicosis ( (Internic Commercial)
        ircname  : * I'm to lame to read BitchX.doc *
       | channels : @#l0cked #feed-the-goats 
        server   : ([] The Black Hole for Pings!)
        all you can do is kick/ban/dos attack
        BitchX: Checking tables...
        BitchX: [silicosis!]:
        BitchX: IPs: [] 
        Might as well kill yourself and donate your body to science
        if you dont care then just leave
        chem1st rot will not be accepted
        chem1st: dedicated to the destruction of canada?
        mindphasr/#feed-the-goats puts sil up for adoption
        Yes I am a seperatist :>
        then you children stop DoS attacking sos.ent
        then you children stop DoS attacking
        silicosis, none of us are children, and none of us are DoS'ing anything, stop trying to turn this around
        silicosis, it doesn't matter either way though, because soon you'll either be in court or signing up for welfare after you get your new bills
        chown are you only here to try to impress people with what you heard on irc?
        ch0wn is cool now
        we are getting along
        i hereby declare crimz0n a goat
        The lord of the goats has spoken.
        Did he pass the "eating grass" test?
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ gargan   ][         ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
        ph34r the lord goat
        Scottit0 [] has joined #feed-the-goats
        real goats smoke grass, eating grass is nasty
        ahhh shit
        eCh0: Both actually..
        I smoke grass y0
        silicosis/#feed-the-goats is back from the dead. Gone 0 hrs 21 min 19 secs
       [ch0wn(] now silicosis is trying to play nice with me
       [msg(ch0wn)] LOL
       [ctcp(#feed-the-goats)] PING
        CTCP PING reply from IL: 0.820 seconds
        CTCP PING reply from in0d3: 1.110 seconds
        CTCP PING reply from Crimz0n: 1.112 seconds
        CTCP PING reply from UT: 1.000 seconds
        CTCP PING reply from Scottit0: 1.382 seconds
        CTCP PING reply from mindphasr: 1.690 seconds
        CTCP PING reply from ch0wn: 1.692 seconds
        CTCP PING reply from HowzeR: 1.693 seconds
        CTCP PING reply from Debris: 1.695 seconds
        CTCP PING reply from silicosis: 1.697 seconds
        CTCP PING reply from gargan: 2.200 seconds
        CTCP PING reply from LordGoat: 3.260 seconds
        CTCP PING reply from chem1st: 3.262 seconds
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ gargan   ][         ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ Scottit0 ][    ] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
        i didnt even see that gargan is here
        isnt it tho
       [ch0wn(] he says yer all blaming him for the b0rt/ezo0n's shit and i said "but u did do it didnt u" and hes like no they are just saying its me cause i said i quit and now they are all pissy
        Who's that? :P
        chem1st: never you mind
        just some loser
       [msg(ch0wn)] lol, he quit? more like he got kicked out, no one wanted him
        Ha, welcome to the club
       [ch0wn(] heh
        gargan is nicks butt buddy
        whos nick
        he isnt
        is it true cyberarmy got rm -rf'd?
        gargan is silicuntis ass friens?
        lol, cyberarmy
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ gargan   ][         ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ Scottit0 ][    ] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
        i dont talk to nick anymore
        cyberarmy got way too lame for me a long time ago
        that damn board
        "Cyberarmy has been involved in security auditing attacks of the Pentagon and robotics"
        oh jesus christ
        i will make robots from the models at radio shack
        that fucking about page...
       [ch0wn(] just emailed ken
        some german guy emailed me asking me to work for him cause of that damn thing
       [msg(ch0wn)] i'll send you the log of this, LOL
        i prolly still have the email somewhere
       [msg(ch0wn)] i'm going to post this shit everywhere, it will be hillarious
       [ch0wn(] k
        do you wanna no where the name cyberarmy really came from
       [ch0wn(] hehe, the public humilation of silicosis used to host him
        and he had an idea where he is a general and he orders little lamers to email bomb
        that was your server wasnt it?
        i just used it
        silicosis takes it up the ass
        Scottit0 = SilicoSiS
       [msg(ch0wn)] post on packetstorm and tell ken to come here
        scottit0 is not silicuntis
       [msg(ch0wn)] if you can
       -Crimz0n( DCC Chat (
        DCC CHAT (chat) request from Crimz0n[ []]  
        BitchX: Type /chat to answer or /nochat to close
        DCC Chat (
        DCC CHAT: to Crimz0n closed
       [ch0wn(] k, if ken replies to the email, i'll tell him he can come here and laugh at silicosis
       [msg(ch0wn)] oky
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ gargan   ][         ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ Scottit0 ][    ] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
        BitchX: Unknown command: QUESO
       p1mp.bx iz n0w loaded nigg0r!
       /phelp for a help screen
       Some of this code is ripped, much props to the ones who made it
           * Windoze 95/98/NT      *- Not Listen Unknown (may be loss of pkts) ?       *- Not Listen Unknown (may be loss of pkts) ?  
        gargan does nick irc      * Dead Host, Firewalled Port or Unassigned IP      * Dead Host, Firewalled Port or Unassigned IP       * Dead Host, Firewalled Port or Unassigned IP
        hmm, maybe not..
        i dont know
        i havent talked to him for months
        cept about that he hasnt paid Freshman
        silicosis fucks anal money up the ass
        what was it that freshman made for him?
        thing to add something to every text file on his server or something
        paid freshman for what??
        you havent been reading packet storm
        while back he made a delphi program to alter like 100 html files for nick
        i cant get there
        nick was sposed to pay him 50 bucks for it
       mosthated: No such nick/channel
       [msg(mindphasr)] ya there?
        whata ho mo
       [mindphasr(] sorta
       [msg(mindphasr)] silicosis is in here as Scottit0 now, lol
       [ Channel  ][ Nickname ][ user@host                       ][ level         ]
       [#feed-the-][ ch0wn    ][] [n/a]
       [#feed-the-][ chem1st  ][            ] [n/a]
       [#feed-the-][ Crimz0n  ][~h0@host-209-214-147-166.msy.bell] [n/a]
       [#feed-the-][ Debris   ][~Debris@ppp-5800-02b-3243.mtl.tot] [n/a]
       [#feed-the-][ eCh0     ][              ] [n/a]
       [#feed-the-][ gargan   ][         ] [n/a]
       [#feed-the-][ HowzeR   ][~bob@dial65.pm3abing1.abingdonpm.] [n/a]
       [#feed-the-][ IL       ][magical@hella.pimps.the.hoes.and.] [n/a]
       [#feed-the-][ in0d3    ][] [n/a]
       [#feed-the-][ LordGoat ][            ] [n/a]
       [#feed-the-][ mindphasr][] [n/a]
       [#feed-the-][ Scottit0 ][    ] [n/a]
       [#feed-the-][ silicosis][   ] [n/a]
       [#feed-the-][ UT       ][           ] [n/a]
       [mindphasr(] yeah, i see that
       ...........................LOG ON
       IRC log ended Tue Mar 16 21:14:42 1999

       Disclaimer: This log was provided by eCho and is shown in the form
       it was displayed on the web with minor editing, the hacker fight
       continued into the night and I left the channel after about three mins 
       so draw your own conclusions etc and welcome to the underground.

 09.0 Government Y2K Readiness

      Government Y2K progress
      Full story:

      The first in-depth data on the progress of Federal Government agencies
     in dealing with the Y2K problem shows that more than half of all agencies
     are now ready to deal with the problem -- but some are still struggling to
     catch up, including the department responsible for IT. The figures, which
     cover activities through to February this year, show that the total number
     of systems identified as compliant or back online is now 59%, up from
     44% in November. However, a handful of departments have not have half or
     less of their systems compliant. These include Communications, Information
     Technology and the Arts (36%), Immigration and Multicultural Affairs (48%),
     Treasury (50%) and Veterans Affairs (38%). Government officials said
     they were pleased with the progress to date, and that there were unlikely to
     beany major glitches come January 1, 2000.


 10.0 Voice mail fraud warning
     Companies with call-through facilities on their voice mail systems have
     been warned to watch out for exposure to fraudulent use. According to
     the Australian Communications Authority (ACA), a number of Australian and
     New Zealand organisations have been hit by a scheme in which call-through
     options on some voice mail facilities are used to dial other numbers,
     often overseas. The fraud is well organised and the ACA is considering whether
     a code or standard for such equipment is necessary to prevent it occurring
     in future.

    Watch out for voice mail fraud: ACA 
    Selina Mitchell 

    Companies with call-through facilities on their voice mail systems have
    been warned to watch out for exposure to fraudulent use. 

    According to the Australian Communications Authority (ACA), a number of
    Australian and New Zealand organisations have been hit by a scheme in
    which call-through options on some voice mail facilities are used to dial
    other numbers, often overseas. The fraud is well organised and the ACA is
    considering whether a code or standard for such equipment is necessary to
    prevent it occurring in future. 

    "The ACA advises organisations with voice mail systems which have such
    features to contact their supplier immediately to assess their susceptibility
    to this fraud, and either de-activate or limit the extent of the call-through
    facility and their possible exposure to the fraud," said ACA executive
    manager, Grant Symons in a statement. "They should also monitor their
    costs for international calls." 
    The modus operandi is for the perpetrators of the fraud to telephone an
    organisation (often after hours and on weekends) to gain access to their
    voice mail. If the voice mail system has the ability to direct a call back from
    voice mail to the organisation's PABX system (known as call-through), then
    they can dial out to international destinations, it said. 
    "The latest telecommunications equipment is very sophisticated and offers
    benefits to industry and consumers, but has the potential to be misused for
    fraudulent purposes," said Symons. "It may be necessary to protect the
    Australian community by regulating the equipment to limit the potential for
    future fraud." 
    The ACA is taking an increasingly active role in regulating
    telecommunications equipment. The warning comes just a week after it
    banned mobile phone jamming systems (see story).
    This article is located at 
 11.0 The iButton as jewellery with a purpose
       The iButton as featured in Volume 15 #4 of 2600 magazine is now
      available as a ring or watch and these things look pretty snazzy
      i've always worn electronics and ribbon cabling as jewellery but
      this is the ultimate since it actually has a use too ;-) ... - Ed
      Java-Powered Ring 
      The Java-Powered Ring is a special version of the Digital Decoder Ring that runs Java Card 2.0, enabling multiple applications to reside in a
      single iButton. Dynamic objects, large stacks, and garbage collection give the form exceptional functionality. Fast-write nonvolatile RAM lets
      applets be added or deleted on demand, giving you the ability to update. Services not even envisioned today can be added in the future by
      downloading applets. The 6K byte RAM lets this Java computer take on the more complex tasks envisioned for Internet commerce, requiring
      end-to-end connectivity. 
      Java-Powered Ring--$65 (iButton with Java included) 
      Note: You must know your ring size to order. You cannot re-size the ring. 
      To order, call 1-800-336-6933 from the U.S. or 972-371-6824 internationally. 

      Digital Decoder Ring 
      The magic ring that made many a super hero powerful now swoops down from the world of science fiction onto your hand. The Decoder Ring
      consists of a shank with a Memory iButton as the signet jewel. 
      Digital Decoder Ring--$59.50 (DS1996 8Kbyte iButton included) 
      Note: You must know your ring size to order. You cannot re-size the ring. 

 12.0 Courier and Press Newspaper hacked
      Via DC-STUFF posted by erehwon
       SJ Mercury News) EVANSVILLE, Ind. [2.20.99] -- A computer hacker
       gained access to online classified advertisements at the Courier &
       Press, said company president Vince Vawter. 
       The hacker altered wording in more than a dozen ads in the electronic
       edition of the ``Fast Trak'' automotive publication. Ads in the
       printed version of ``Fast Trak'' were not affected. The incident was
       reported to the FBI. Electronic advertising can be viewed by persons
       across the nation and is considered a form of interstate commerce. 
       ``I think it may have been a prank, but it's very serious,'' said
       Vawter. ``It's tampering with a commercial message. These advertisers
       are paying us to put that message out there.''
       The electronic ads are part of the Courier & Press online edition. 
       Online ads are protected with a password that is changed periodically.
       But further precautions will be instituted to protect the on-line
       Vawter said the ads were paid for by an area car dealer. He declined
       to identify the car dealer or what message the hacker posted in the
       dealer's ads. 
       The Courier & Press is taking steps to identify the hacker.  Vawter
       said it is important to protect the integrity of online advertising. 
       ``Electronic commerce is certainly in its infancy, but it's going to
       be a growing field. We consider this to be like somebody coming into
       our shop and changing the wording in our ads,'' he said. 
       Some day, on the corporate balance sheet, there will be
       an entry which reads, "Information"; for in most cases
       the information is more valuable than the hardware which
       processes it. -- Adm. Grace Murray Hopper, USN Ret.
  13.0 Youths busted in Backorifice fiasco
       FUD FUD FUD and FUD, I was toying with the idea of putting this in the
       humour section this article is so damn funny or even leave it out 
       completely but its included here for the archive if for no other use as
       to put a smile on your face and bring a tear to your eye... here it is
       in all its glory, pHEAR BO hax0rz (sniff sniff)
       Secrets of an Internet snoop exposed 

       Trojan Horse is the name of software that allows hackers to find out
       other users' passwords. Computer  experts from Singapore, Australia 
       and the US tell SAMANTHA SANTA MARIA about the software with a sting 
       in its tail.

       A TROJAN Horse program, which a hacker sends out to snoop and bring 
       back information from cyberspace,  can be followed back to the hacker's
    ** nest quite easily, computer experts said. 
       ** We live in trees now do we? - Ed  
       This is because such programs generate unique identification codes for
       the hacker while he is capturing information from his victims. 

   **  These codes allow the authorities to find out where the hacker came from. 
         ** codes? what codes? 31337 and 12345 or our ips?!? pHEER!! pHEER!
       The Singapore, Australian and US experts were commenting on the recent
       case here in which 17 SingNet users' passwords were posted on the Internet
       by a character called Acidgerm. 

       The Criminal Investigation Department arrested two youths two days after 
       The Straits Times reported on the  website containing the passwords. 

   **  The CID declined to say how it went about its work, but revealed that 
       the Trojan Horse method had been used. The experts The Straits Times 
       contacted said the most common Trojan Horse programs are Back Orifice and
       NetBus, which can be obtained from the Internet easily .
       ** I give up theres too much here to make fun of i'll leave the rest to 
          you guys to enjoy... - Ed

       Both work the same way: The hacker sends them to the victim as an attachment
       to an e-mail, or while the victim is exchanging files during a chat using a 
       program such as Internet Relay Chat. 

       The hacker's programs then gather information -- passwords and credit card 
       numbers, for instance -- and (pHEER!) send this back to him. 

       But each of these snooper programs generates a unique number for the hacker
       -- NetBus generates 12345 and Back Orifice, 31337. (least they got this bit
       right)  Normal Web users have other codes while they are in cyberspace. 

        And just like the Electronic Road Pricing system, which can detect what 
        kind of vehicle is passing under a gantry, the servers of the various
        Internet access service providers, such as SingNet or CyberWay, log the 
        traffic passing through. 

        Mr Stephen James, managing director of IT Audit & Consulting, an Australian
        computer security firm, said investigators need scan only the service providers'
        records for the numbers. 

        They can then track the source of the Trojan Horse: the telephone number from
        which it originated and to which the information gathered was sent. 

        Commenting on the expertise of those who used the Trojan Horse method of entry
        here recently, Mr James said that they appear to be inexperienced. 

        A spokesman for Infinitum, a local IT security firm, said: "The numbers, 12345
        and 31337, are default numbers in the Trojan Horse programs. "More advanced
        hackers would have known how to change them." 

         ACIDGERM: Net attack by two youths

           TWO youths, one a 22-year-old Nanyang Academy of
         Fine Arts student, and the other an unemployed
         19-year-old, used the Trojan Horse program to track
         down the passwords of 17 SingNet subscribers illegally.

         Going by the name Acidgerm, they set up a website
         called SickNet on, a host in the US and
         used it to reveal the log-in names and passwords of the

         They were tracked down by CID's computer crime
         branch sleuths and arrested two weeks ago.  

 14.0  Reno Looks To Curb Internet Crime
        Reno Looks To Curb Internet Crime
        Contributed by FProphet
        WASHINGTON  (AP)

        A NEW public-private alliance to curb Internet crime will help 
        teach children "that hacking is the same as breaking and 
        entering," Attorney General Janet Reno said Monday. 

        Educating children about acceptable online behavior is among three
        initiatives under the Cybercitizen Partnership, an initiative of 
        government and the high-tech industry to promote cyberspace ethics
        and help law enforcers track down online criminals. 

        "All children know it's wrong to break into a neighbor's house or 
        read your best friend's diary. Unfortunately, fewer realize that 
        it's wrong to break into their neighbor's computers and snoop through
        their computer files," Reno said. 

        The Cybercitizen Partnership also will feature a "personnel exchange
        program" between private business and federal agencies in which both
        will learn how the other responds to threats and crimes over the 
        Internet. Companies can find out how best to help law-enforcement
        agencies, and government officials will learn what business 
        interests and influences drive industry decisions. 

        The campaign also will create a directory of computer experts and 
        computer security resources so that "law enforcement will know where
        to turn," Reno said. 

        The partnership was announced, along with Reno's comments, during a
        high-tech industry summit sponsored by the Information Technology 
        Association of America. 

        "A decade ago, cybercrime and cyberterrorism didn't really exist 
        outside of Hollywood movies. Today, they are very real threats," 
        Reno said. 

        "We cannot allow cyberspace to become the Wild West of the 
        information age." 

        Last week, a top Pentagon official warned members of the Senate
        Armed Services Committee about an electronic Pearl Harbor by 
        cyberterrorists more likely to go after commercial targets than 
        military ones. 

        Deputy Defense Secretary John Hamre said he worries increasingly 
        about the vulnerability of commercial and financial interests. 

        "This Pearl Harbor's going to be different," he said last Tuesday.
        "It's not going to be against Navy ships sitting in a Navy shipyard;
         it's going to be against commercial infrastructure, and we don't 
         control that. And there's been little progress on that." 

        A follow up from dc-stuff list that sums up a pretty good reply
        to this proposal;
       Date: Tue, 2 Mar 1999 16:41:54 -0500 
       Subject: Re: Janet Reno launches anti-hacking initiative 
       On Tue, 16 Mar 1999 20:57:02 -0900 J K H  writes:
       >If you have pertinent information that you don't want anyone, aside 
       >from the specified receiver, to know; why put it on site?  Why put 
       >this kind of information on an insecure network?  
       perhaps a better question would be: why hide information?  not only
       should information be _free_, but people should realize that
       *information* is worthless.  it is only when information is transformed
       into knowledge that it is valuable.  only when companies and governments
       begin to realize that the archaic data model that used to work in the
       industrial age is not relevant to the age of knowledge will a rational
       and realistic definition of *cybercrime* exist...
       >>Educating children about acceptable online behavior is among three
       >>initiatives under the Cybercitizen Partnership, an initiative of
       >>government and the high-tech industry to promote cyberspace ethics 
       >>and help law enforcers track down online criminals. 
       >"Acceptable online behavior?"  This needs some salt to wet the palate, 
       >it's too dry and general.
       i would also question whether ms. reno or anyone in the clinadmin is
       capable of characterizing what is "acceptable online behavior."  they
       don't understand the net and they certainly cannot oversee it...
       leave that to its owners -- its users...
        ... 'nuff said - Ed

  15.0  Offtopic: Matter transportation in your future?
        This is an interesting post from the dc-stuff list, sure its probably
        full of baloney but it makes interesting reading nonetheless... - Ed

       Source: Max Planck Society 
       Posted 3/17/99 
       Munich Laser Emits A Beam Of Matter Waves 
       German scientists at the Max Planck Institute for Quantum Optics in
       Garching and the University of Munich have developed a laser that emits a
       continuous heam of matter waves instead of light (to be reported in
       Physical Review Letters). 
       Such unprecedented control over atomic motion becomes possible by the
       laws of quantum mechanics at very low temperatures, close to absolute
       zero, where the atoms reveal their wave nature. 
       Atom lasers open new prospects in many areas of science and technology.
       For instance, it should become possible to accurately deposit atoms on
       surfaces and thus to produce tiny nanostructures, as needed in future
       computer circuits. Atom lasers may also lead to extremely precise atomic
       clocks for future navigation and communication systems. 
       In their experiments, Tilman Esslinger, Immanuel Bloch and Theodor W.
       Hnsch have taken pictures of the shadow cast by their atom laser beam.
       The pencil-like beam contains about half a million rubidium atoms and is
       accelerated downwards by gravity. 
       Just as a beam of light, an atom laser beam can be focused and reflected
       by using lenses or mirrors consisting of laser light (or of magnets). It
       appears feasible to focus an atom laser beam to a spot size of one
       nanometer, which is a thousand times smaller than the smallest focus of a
       laser beam. 
       The atom laser is based on Bose- Einstein condensation. If a gas is
       cooled to a few millionth of a degree above absolute zero, the atoms lose
       their identity and behave as a single entity, some kind of "super atom".
       Such a Bose-Einstein condensate was first produced by American scientists
       in 1995. 
       In the Munich experiment, a dilute gas of rubidium atoms is captured in a
       sophisticated low-power magnetic trap and cooled down to reach
       Bose-Einstein condensation. With the help of a radiofrequency field the
       scientists flip the atomic spin so that atoms are allowed escape from the
       magnetic trap. In vacuum, the atoms are accelerated by gravity and form a
       parallel beam of coherent matter waves. 
       It the radiofrequency field is turned on before condensation sets in, the
       atom laser can only reach threshold, if there is laser "gain". Unlike a
       Bose-Einstein condensate, such a laser relies on matter wave
       amplification by stimulated elastic scattering of rubidium atoms just as
       an optical laser relies on light amplification by stimulated emission of
       Two years ago, a group at MIT demonstrated the first pulsed atom laser.
       The Munich group is the first to produce a continuous matter wave beam
       which can be maintained for a tenth of a second. The wave packet of each
       atom extends over the entire length of this beam, so that a quantum
       object of truly macroscopic dimensions is created. The high brightness
       and coherence of such a matter wave beam opens exciting perspectives for
       the young fields of atom optics and atom interferometry. 
       You don't need to buy Internet access to use free Internet e-mail.
       Get completely free e-mail from Juno at
       or call Juno at (800) 654-JUNO [654-5866]
 16.0  Hacking class?
       Businesses are actually holding classes for this...,3266,21458,00.html
       Cracking The Code
       The dress code is business casual--no jeans allowed, not to 
       mention pierced noses. It's the first day of class--hacking 
       class--and the instructors, smartly attired in matching 
       corporate polo shirts, point at screens full of code and 
       step-by-step directions on how to hack a host computer. 
       "Get this: No username, no password, and we're connected," 
       says one. "I'm starting to get tingles. They're going to be 
       toast pretty quick." Geekspeak, at least, is still de 
       In the world of corporate espionage, a company's host 
       computer is the mother lode, which means that protecting it 
       is vital. That's the goal of Extreme Hacking, one of a 
       growing number of counterhacking courses that teach 
       perfectly respectable people the how-tos of cracking their 
       own networks so they can better protect them. "We're kind 
       of wearing the white and black hats at the same time," says 
       Eric Schultze, the Ernst & Young instructor who gets 
       tingles from an exposed password file. 
       How easy is it to hack? If these guys can teach a novice 
       like me how to break through a firewall, I figure, then all 
       our networks --at least, the ones without encryption keys 
       or extremely alert administrators--are in trouble. Why? 
       Because this is the information age, and the average 
       computer gives up far too much information about itself. 
       Because a network is only as strong as its weakest user. 
       And because the most common log-on password in the world, 
       even in non-English speaking countries, is "password." With 
       users like this, who needs enemies?
       How big a problem is this in the real world? "Rarely is 
       there a moment when a hacker isn't trying to get into our 
       networks," says a senior Microsoft executive. "People go 
       looking for that weak link." Recently hackers found a 
       backdoor through a user in Europe--an administrator, no 
       less--with a blank password. This allowed the hacker root 
       access--the ability to change everyone else's password, 
       jump onto other systems and mess up the payroll file. 
       In our first class, we have no problem rooting around in 
       the Web servers of a top Internet company. We find three 
       open ports on the firewall and a vulnerable mail server. 
       "This network is a f___ing mess," says a classmate. "We 
       need to have a word with these people."
       Over the next few days, any faith I had in the security of 
       the world around me crumbles. Think your password is safe 
       because it isn't "password"? If it's in the dictionary, 
       there is software that will solve it within minutes. If 
       it's a complex combination of letters and numbers, that may 
       take an hour or so. There is software that will hijack your 
       desktop and cursor--and you won't even know about it. 
       Hacking doesn't require much hardware; even a Palm Pilot 
       can do it. What protection do you have? "Minimize 
       enticements," say the teachers. If you don't want to be a 
       victim of information rape, in other words, don't let your 
       network give out so many details to strangers.
       Old-school hackers scoff at the notion that businesses can 
       stop them. "Corporations can't teach hacking," says 
       Emmanuel Goldstein, editor of the hacker quarterly 2600. 
       "It has to be in you." Perhaps. But if a few more firms 
       learn to avoid becoming toast, that's no bad thing. END
       "Did you really think you could call up the devil and ask him to behave?"
       Get your free personalized email address at
 17.0  A blast from the past
       Heres an old text from my archives thats been gathering dust from the
       80's thought you might be interested in it some of the info is still
       valid but theres little of actual value;
       *       A beginners guide to:        *
       *          H A C K I N G             *
       *                                    *
       *                U N I X             *
       *                                    *
       *          By Jester Sluggo          *
       *         Written 10/08/85           *
         In the following file, all references made to the name Unix, may also be
       substituted to the Xenix operating system.
         Brief history:  Back in the early sixties, during the development of third
       generation computers at MIT, a group of programmers studying the potential of
       computers, discovered their ability of performing two or more tasks
       simultaneously.  Bell Labs, taking notice of this discovery, provided funds for
       their developmental scientists to investigate into this new frontier.  After
       about 2 years of developmental research, they produced an operating system they
       called "Unix".
         Sixties to Current:  During this time Bell Systems installed the Unix system
       to provide their computer operators with the ability to multitask so that they
       could become more productive, and efficient.  One of the systems they put on the
       Unix system was called "Elmos".  Through Elmos many tasks (i.e.  billing,and
       installation records) could be done by many people using the same mainframe.
         Note:  Cosmos is accessed through the Elmos system.
         Current:  Today, with the development of micro computers, such multitasking
       can be achieved by a scaled down version of Unix (but just as powerful).
       Microsoft,seeing this development, opted to develop their own Unix like system
       for the IBM line of PC/XT's.  Their result they called Xenix (pronounced
       zee-nicks).  Both Unix and Xenix can be easily installed on IBM PC's and offer
       the same functions (just 2 different vendors).
         Note:  Due to the many different versions of Unix (Berkley Unix, Bell System
       III, and System V the most popular) many commands following may/may not work.  I
       have written them in System V routines.  Unix/Xenix operating systems will be
       considered identical systems below.
         How to tell if/if not you are on a Unix system:  Unix systems are quite common
       systems across the country.  Their security appears as such:
       Login;     (or login;)
         When hacking on a Unix system it is best to use lowercase because the Unix
       system commands are all done in lower- case.
         Login; is a 1-8 character field.  It is usually the name (i.e.  joe or fred)
       of the user, or initials (i.e.  j.jones or f.wilson).  Hints for login names can
       be found trashing the location of the dial-up (use your CN/A to find where the
       computer is).
         Password:  is a 1-8 character password assigned by the sysop or chosen by the
             Common default logins
          login;       Password:
          root         root,system,etc..
          sys          sys,system
          daemon       daemon
          uucp         uucp
          tty          tty
          test         test
          unix         unix
          bin          bin
          adm          adm
          who          who
          learn        learn
          uuhost       uuhost
          nuucp        nuucp
         If you guess a login name and you are not asked for a password, and have
       accessed to the system, then you have what is known as a non-gifted account.  If
       you guess a correct login and pass- word, then you have a user account.  And,
       if you guess the root password, then you have a "super-user" account.  All Unix
       systems have the following installed to their system:  root, sys, bin, daemon,
       uucp, adm
         Once you are in the system, you will get a prompt.  Common prompts are:
         But can be just about anything the sysop or user wants it to be.
         Things to do when you are in:  Some of the commands that you may want to try
       follow below:
         who is on (shows who is currently logged on the system.)
         write name (name is the person you wish to chat with)
         To exit chat mode try ctrl-D.
         EOT=End of Transfer.
         ls -a (list all files in current directory.)
         du -a (checks amount of memory your files use;disk usage)
         cd\name (name is the name of the sub-directory you choose)
         cd\ (brings your home directory to current use)
         cat name (name is a filename either a program or documentation your username
       has written)
         Most Unix programs are written in the C language or Pascal since Unix is a
       programmers' environment.
         One of the first things done on the system is print up or capture (in a
       buffer) the file containing all user names and accounts.  This can be done by
       doing the following command:
       cat /etc/passwd
         If you are successful you will a list of all accounts on the system.  It
       should look like this:
       root:hvnsdcf:0:0:root dir:/:
       joe:majdnfd:1:1:Joe Cool:/bin:/bin/joe
       hal::1:2:Hal Smith:/bin:/bin/hal
         The "root" line tells the following info :
       login name=root
       hvnsdcf   = encrypted password
       0         = user group number
       0         = user number
       root dir  = name of user
       /         = root directory
         In the Joe login, the last part "/bin/joe " tells us which directory is his
       home directory (joe) is.
         In the "hal" example the login name is followed by 2 colons, that means that
       there is no password needed to get in using his name.
         Conclusion:  I hope that this file will help other novice Unix hackers obtain
       access to the Unix/Xenix systems that they may find.  There is still wide growth
       in the future of Unix, so I hope users will not abuse any systems (Unix or any
       others) that they may happen across on their journey across the electronic
       highways of America.  There is much more to be learned about the Unix system
       that I have not covered.  They may be found by buying a book on the Unix System
       (how I learned) or in the future I may write a part II to this........
       AFAIK a part two was never released to this, if you know of one let me know so
       I can add it to my collection of old texts... I believe this was a one-off classic
       from the 80's though - Ed
 18.0  Spam is ICQ's latest headache
     And you thought you only had to worry about DoS kiddies? well now
     the mass advertising a$$hole$ are after you with spam.
     Spam is ICQ's latest headache 
     By Rose Aguilar
     Staff Writer, CNET
     March 18, 1999, 12:10 p.m. PT 

     Most Netizens think of instant messaging software as a quick way to chat with
     friends and coworkers.

     But as some users of America Online's ICQ chat and instant message client are learning,
     the services also can give marketers an easy way to "seek" them.

     Unlike spam--most of which usually is left unopened or trashed upon receipt--ICQ's
     blinking yellow note, which signals users that a message is waiting, usually is opened
     seconds after it appears.

     Despite campaigns for new laws to curb junk email, most longtime email users have
     come to accept and even tolerate spam. It's almost inevitable with email, but with 
     ICQ, it's a different story. "I've gotten spam twice. Both times it was an invitation 
     to  visit a porn site. And no, I wouldn't keep using ICQ if spam  became a constant
     occurrence," one ICQ user told via email.

     "I received a URL to visit a porn site and was disgusted. Unlike email, I have no 
     idea what the message is about, so  I'm more inclined, even excited, to open it. I'm
     disappointed," wrote another reader, who received her first spam last week after having 
     used the service since it launched back in 1996.

     Ironically, AOL has been one of the most adamant opponents of junk email. It argued in
      several successful lawsuits that spam overburdens its network and received court orders 
     to ban junk  emailers from its service. The company also has worked closely with federal 
     lawmakers to draft legislation targeting spammers.

     ICQ's Terms of Service (TOS) says, "By using the ICQ Software and its privacy and
     security features, you may be subject to various risks, including among others: Spoofing,
     eavesdropping, sniffing, spamming, breaking password, harassment, fraud, and forgery."

     ICQ, which has 28 million registered users and was acquired by AOL last June, says it
     hasn't received enough complaints to ban the use of spam, but it does give users a
     variety of tools to block it. 

     "If you wanted to set your ICQ universe and limit it to three people, you could," said ICQ
     spokeswoman Jeanne Meyer. "You would only hear from those three people and shut the
     rest of the universe out."

     In order to send a message to someone, ICQ users must add recipients to a contact list.
     Spammers can either target specific individuals by typing in their name or email address,
     or they can target random users based on their interests, background, affiliation, phone
     number, or profession.

     Meyers says the best way to block spam is to set your preferences so that a potential
     spammer who wants to add you to the contact list must first receive your authorization.

     "If you don't do that, anybody could add you to their contact list and monitor you all the
     time," said Meyers.

     Users also can block individuals or groups of people from sending messages.

     But what if ICQ spam becomes more prevalent? Meyers says ICQ will "let members
     decide what's right for them."

     Since being acquired by AOL, ICQ has become ensnared in other Net content
     controversies. Earlier this week, it abruptly pulled a "dirty word" content filtering option
     that was pointing users to a list that also barred phrases such as "," the home
     page for the National Organization for Women.

     Some analysts say that as long as blocking tools are available, ICQ probably won't lose

     As for ICQ spam, William Blair equity analyst Abhishek Gami says it was inevitable.

     "Look at pop-up ads," he said. "Everyone hated AOL for pop-up ads, but now you can't go
     to GeoCities today without seeing a pop-up ad. You close it and move on. It's the price
     you pay for a free product."

     Even more interesting than porn-related and get-rich-quick spam is the marriage of instant
     messages and advertisements, he added.

     "[ICQ is] going to find a way to have people opt in to certain merchants or Web sites and
     let them know that they're interested in receiving messages in real time," said Gami.

     For example, bookseller Barnes & Noble might send out a "50 percent off" sale to a
     massive list of ICQ users who opt in. "[If customers] explicitly come to you and say,
     'Please bug me.' That's a gold mine waiting to happen."
 19.0 AOL Cracker busted
      March 19th
      From HNN

      contributed by shadow 
      Jay Satiro an 18-year old New York resident has been
      charged with computer tampering after breaking into the
      systems on America Online. AOL has claimed that it will
      costs $50,000 to repair the damage done to its data.
      AOL spokesmen have refused to give out details in the
      case such as how the intruder gained access, how long
      he went undetected and exactly what damage was
      cause. (Ed Note: Would sure be interesting to know how
      they justify that fifty grand figure. How much can it
      cost to restore from backup?) 
      Washington post article:
      Teen Accused of Hacking Into AOL 

      Thursday, March 18, 1999; 8:18 p.m. EST

      NEW ROCHELLE, N.Y. (AP) -- An 18-year-old high school dropout
      has been charged with computer tampering after hacking into the internal
      computers of America Online and altering some programs. 

      Jay Satiro was arrested and his computer confiscated Wednesday night
      after AOL officials contacted authorities. A complaint filed against Satiro
      said the teen-ager altered AOL data and programs that would cost about
      $50,000 to repair. 

      AOL spokesman Rich D'Amato refused to give details of what was
      altered or how long the intrusion went undetected. He said the intrusion
      ``really should mean absolutely nothing for America Online members.'' 

      Satiro's mother posted $5,000 bail. He did not return telephone messages
      seeking comment Thursday. 

      ``Jay's a genius, but his common sense is a little low,'' said his 15-year-old
      brother, Bobby. 

      First-degree computer tampering carries a maximum sentence of five to
      15 years in prison. 

                    Copyright 1999 The Associated Press

 20.0  Stolen calling card numbers are big business
      March 19th
      From HNN   
      contributed by Arik 
      Stolen calling card numbers are big big business racking
      up millions of dollars in fraud charges each year.
      Criminals are still using the tried and true method of
      shoulder surfing and the social engineering of corporate
      switchboard operators, but have gone so far as to
      electronically break into corporate PBX's to record
      calling card numbers automatically. Investigators are
      even claiming that organized crime may be involved. 

      Somehow the journalist who wrote this story figures
      that this just must be the work of "Hackers" as he uses
      the term through out the story. Activities such as this
      would be more appropriately attributed to Phreakers but
      I am sure not even they would appreciated being
      labeled as criminals. Exactly when did the word 'hacker'
      become synonymous with criminal? 
      Article follows;

      Hot Spot in Phone 
      Scam Is On Hold 

      Hustlers who sell black market long-distance calls were lying
      low yesterday  at least by the pay phones at Broadway
      and 50th St.  in the wake of a Daily News probe into the
      $1.8 billion-a-year stolen calling card number business.

      The few regulars working the popular scam site yesterday,
      collecting $10 cash for unlimited calls to Africa or Asia, were
      more discreet in taking cash hand-offs from customers than before
      The News' report.

      The 50th St. pay phones are just one of many illicit outdoor calling
      bazaars throughout the city in which customers are connected to
      friends and relatives overseas at rates far lower than commercially

      Thousands of calling cards are stolen monthly, many by skilled
      criminal computer hackers.

      By William Sherman

      Original Publication Date: 03/19/1999 
 20.1 More 'hackers' hacking GTE (snicker) phone systems for bucks...
      More 'Hackers' steal phone service 

      March 19th
      from HNN
      contributed by Fr3aKy 
      In Westerfield Center Ohio, an unknown 'hacker' has
      gained access to the Westfield Companies 800 number
      and rung up over $31,000 in long distance charges. This
      article is so full of misleading comments, assumptions,
      FUD, stereotypes, and downright inaccuracies I don't
      know where to begin. Interesting how the entire article
      blames the unknown 'hacker' and not the weak security
      on the companies phone system. 
      Article follows;
      Hacker rings up $31,518 in calls

      GTE investigates attack on phone system of Medina
      County firm

      Beacon Journal staff writer 

      WESTFIELD CENTER: A telephone hacker dialing an 800 number
      managed to break into the telephone system at the headquarters of Westfield
      Companies and rang up $31,518 worth of calls to foreign countries.

      The high-tech fraud occurred over the Feb. 6-7 weekend, according to
      Medina County Sheriff's Detective Tadd Davis.

      Shortly after the break-in, Davis said Westfield officials were notified by
      GTE of ``unusual telephone calls being made'' and took steps to block the

      The company, a 150-year-old regional insurance corporation, alerted the
      sheriff on Tuesday after receiving a GTE phone bill that revealed the full
      extent of the intrusion.

      Scores of phone calls had been charged to the company's account to
      countries in every continent of the globe accept Antarctica.

      In Asia, calls were placed to Hong Kong, the Philippines, Korea, India,
      Pakistan, Bangladesh and Sri Lanka.

      In the Middle East, Saudi Arabia and Kuwait were called.

      Countries called in Europe included the United Kingdom, Norway and

      Africa was represented on the bill by Egypt and Senegal, and South
      America by Equador and Peru.

      At least one call was placed to Australia.

      Davis said that the calls went through Westfield's automated phone system at
      all hours of the day and night over the two-day weekend.

      The duration of the calls ranged from a few minutes to more than three

      ``I couldn't believe it,'' Davis said. ``I've never before dealt with something
      this sophisticated.''

      Dan Sondles, Westfield's senior vice president for corporate communication,
      said the company's phone system had never been broken into before.

      Sondles said company officials are working with GTE officials to ensure it
      doesn't happen again.

      ``They are trying to get to the bottom of it, just as we are,'' he said.

      Sondles said Westfield officials also are negotiating with GTE over
      responsibility for the huge bill.

      ``I don't know how that will be resolved,'' he said.

      Davis said the case may never be solved because the telephone hacker
      could have called from anywhere in the nation using the corporation's
      toll-free 800 number.

      Because hackers can manipulate the computerized global telephone
      network, Davis said there often is ``no way to trace back to the person
      making the call.''

      Joseph Persichini, assistant special agent in charge at the FBI's Cleveland
      office, said the problem of hackers breaking into telephone systems has
      increased worldwide because of the computerization of the global telephone

      ``Telephone hacking is computer hacking,'' Persichini said. ``It is not easy to
      accomplish . . . It takes perseverance and knowledge.''

      Persichini declined to speculate on the purpose of the calls placed through
      the Westfield phone system.

      Some hackers break into systems just to show off and share their
      knowledge on the Internet.

      ``There are Web sites and groups that pride themselves on their ability to
      hack into systems,'' he said.

      Another possibility is that the break-in was part of an illegal commercial

      Persichini said a large corporation such as Westfield Companies ``is a good
      target because of the large volume of calls they place and the accessibility of
      their 800 number.''

 21.0 Promail freeware mail agent is really a trojan in disguise
        News and security advisories from Aeon Labs. 


        ProMail v1.21, an advanced freeware mail program for Windows 95/98, is a trojan.
        It has been spread through several worldwide distribution networks (, and others) as

        Upon discovering - through LAN sniffing - that the program would attempt to connect
        to SMTP instead of POP3 when a regular mail check was performed, we
        reverse-engineered the software.

        The executable, which appears to have been created with Borland Delphi, has been
        packed with Petite (a shareware Win32-EXE compressor) and then "hexed" to make
        disassembly harder.

        ProMail v1.21 supports multiple mailboxes; every time a new mailbox is created, an
        "ini" file containing the users full name, passwords, email addresses, servers and
        more is generated.

        Prior to doing any other action, the program performs a check for a valid network
        connection which, if found, allows for the sending of ALL of the personal user data,
        including the user's password in encrypted format, to an account on NetAddress - a
        free email provider.

        Apart from this "feature", the software is 100 % functional and very well done.

        For further information or a more detailed analysis contact us.
 22.0  Hackers taking toll on web sites ...


      Hackers taking toll on Web sites 

      By Steve Fidel
      Deseret News staff writer

       Businesses hanging out an Internet shingle don't like to make a big deal
      of it when their Web site gets hacked. But it happens.
      Hackers break in to Web servers just to show they can. Crackers break in
      to steal money or information. Political activists, known as "hactivists," plant
      political messages or disrupt traffic.
      "There is a problem getting good numbers. Financial institutions, health
       care  they are not going to go public that they were hacked. If they did,
      people wouldn't give them their money," said Todd Neilson, applications sales
      engineer for US WEST.
            In round numbers, the Web security problem cost businesses $6 billion
      last year, Neilson estimates. Most of that loss was not the result of corporate
      espionage or embezzlement but because of lost productivity from disruptions
      hackers caused, he said. "If your server is down for a week because you have
      to go in and fix a problem, that ends up costing a lot of money."
            Promoting awareness and introducing businesses to some of its products
      and business partners are the motives behind a conference on Internet
      security US WEST hosted in Salt Lake City Thursday.
            Neilson is on the circuit preaching Internet security in the major cities in
      US WEST's 14-state territory. He has a professional hacker in the act to
      demonstrate the ways Web security shortcomings are exploited.
            "A firewall that is 99 percent secure is 100 percent vulnerable," Neilson
      said. The biggest problem is finding the technology talent to stay ahead of
      the hackers.
            "The moral of the conference is: If you think that basic security is good
      enough, it really isn't. You really need someone who knows what they're
      talking about" engineering a commercial Web site.


 AD.S  ADVERTI$ING.           The HWA black market                    ADVERTISEMENT$.

       !                                                                            !       
       $                                                                            $       
       !     *** IT HAS BEEN FOUR YEARS! ***    FREE KEVIN MITNICK NOW!!!! **       !
       $                                                                            $              
       !                                                                            !
       $$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$$$?$?$??$??$??$????$$$?$$$?$$$?$$$?$$$?$ www.freekevi
       m www.freeke www.kev#  Support and the Free Kevin www.kevinmitnick.
       com  defense fund site, visit it now! .  # www.k#             FREE KEVIN!     www.kevinmitnic www.2600.########################################om www.fre www.kevinmitnic www.fre

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * webhosting, shell, unlimited hits bandwidth ... *
       *     *
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

        //  To place an ad in this section simply type it up and email it to        //
       //        hwa@press,, put AD! in the subject header please. - Ed    //


 HA.HA Humour and puzzles ...
              "why is a mouse when it spins?" 
                                       - Tom Baker
              "Thar she blows!" 
                            - Bill Clinton 1998
      1)  True or false: The lipstick that Monica Lewinski used when servicing
        Bill Clinton is constantly out of stock due to demand at the retailers.         
    This recently came thru from the DC-STUFF list and couldn't go by
    without a mention here, as it is quite hilarious;
       Date: Fri, 19 Feb 1999 16:48:53 -0700 (MST) 
       From: Adams  
       Reply-To: Adams  
       Subject: Funny as hell crypto-gram     
       A recent 'cryptogram' (by Bruce Schneier) discusses several psuedo-crypto
       companies, their "secure" algorithms, and misimformation...
       The complete text can be found at:  Check for the
       Feb. 15 edition.
       Here's a brief protion:
       Warning Sign #1: Pseudo-mathematical gobbledygook.  
       In the quote above, notice the "unique in-house developed incremental base
       shift algorithm."  Does anyone have any idea what that means?  Are there
       any academic papers that discuss this concept?  Long noun chains don't
       automatically imply security
       Meganet  has a beauty on their Web site: "The base
       of VME is a Virtual Matrix, a matrix of binary values which is infinity in
       size in theory and therefore have no redundant value.  The data to be
       encrypted is compared to the data in the Virtual Matrix.  Once a match is
       found, a set of pointers that indicate how to navigate inside the Virtual
       Matrix is created.  That set of pointers (which is worthless unless
       pointing to the right Virtual Matrix) is then further encrypted in dozens
       other algorithms in different stages to create an avalanche effect. The
       result is an encrypted file that even if decrypted is completely
       meaningless since the decrypted data is not the actual data but rather a
       set of pointers.  Considering that each session of VME has a unique
       different Virtual Matrix and that the data pattern within the Virtual
       Matrix is completely random and non-redundant, there is no way to derive
       the data out of the pointer set."  This makes no sense, even to an expert.
       US Data Security  has another beauty: "From a
       mathematical point of view, the TTM algorithm is intuitively natural and
       less cumbersome to use than methods that are number-theory based."
       SuperKrypt  tries to impress with an acronym:
       "SuperKrypt products utilize the DNGT bulk encryption method," whatever
       that is.  And Cennoid  just doesn't understand
       it's talking about: "Since key length and key structure vary and since the
       encryption engine does not use any mathematical algorithms, reverse
       engineering is impossible and guessing is not an option."
 HA.HA1 Some excerpts from ... :-) (-:
       Innerpulse takes the local and underground news and adds a touch
      (sometimes a bucket full) of humour and twists it around a bit to
      make things more interesting (although some stories I swear are
      true) its well worth checking out, just try not to drink anything
      while browsing this site unless u enjoy having coffee shoot out your
      nose ... - Ed
      Local Girl's Website Attacked by 'The Nugget' 
      Contributed by siko
      Friday - March 12, 1999. 06:24PM GMT 

          It seemed like any other day in the Northeast region of the United States.
      But unlike any other day, 'The Nugget' was busy cracking one local girl's

      "I went to post some news about myself and .. ", said local girl only known to
      Innerpulse as 'Amy', just before bursting into tears. "I didn't even do anything
      to The Nugget".

      Among the noticable changes to the website, The Nugget made several
      character distinctions in which local authorities hope to use to catch the raving

      "We have been able to confirm that this (The) Nugget character likes beer
      and hookers, among other things. We also have a rough sketch of (The)
      Nugget", said Warren Chief of Police John Scranton.

      The young victim has been sent to therapy to relieve stress and damage to her
      upstanding reputation.
      'cracked site link' ->
      Brazilian hackers ignore Ugly American 
      Contributed by Shredder Sledder
      Wednesday - March 17, 1999. 03:46PM UTC 

          Furthering his attempt to alienate 95% or more of the entire global
      population, John Vranesevich made disparaging comments about a nation of
      millions today. 

      Man on the wire interviews on a larger brazilian IRC network
      ( revealed spirited replies to this unprovoked ugliness: 

      "Who?" rang out 37 times in portugese, a few english, and one spanish reply
      as to the name "John Vranesevich" and/or "JP". 

      When an explanation was provided, along with quoted text, most hackers
      responded with random series of keystrokes signifying disgust and thought
      provoking wisdom. Translated excerpts include: 

      "Come to our country and say that, Fag!", "Skinny White Bitch, I have a
      BS in Computer Science AND I fucked your sister", "hehehe, I'll bet he's
      never seen a topless beach before." & "I don't get it, who did you say he

      Most brazilian hackers quickly ignored the news and went back to discussing
      inconsistencies between the portugese distributions of linux and english
      Excerpt of the "actual irc log" ... ;)
       GayPee [] has joined #hack
       jotao: [tSh] ===  NEWS  ===
        [GayPee] Hey GayPee!
       und3r [~uns@pbbgB26YagkM.200.244.84.O] has
       joined #hack
        [GayPee] Hey GayPee!
       BRASNET: [Logon News - 18 Fev 1999]
       PARABENS!! A BrasNET deu de presente para
       seus usuarios e-mail na
        forma! Para configurar
       isso basta ter um nick registrado e usar o
       comando [/msg nickserv set email
        seu-email-real]. Todos os nicks sao validos
       com exceao dos que possuem barras (| e \).
       Esse eh um servico :inedito
        criado apenas para voces, usuarios e amigos
       da BrasNET. Aproveitem!!
       BRASNET: [Logon News - 08 Mar 1999] Se as
       mensagens do NickServ/ChanServ/MemoServ
       estao aparecendo
        em ingles... e voce quer que apareca em
       portugues... digite /msg nickserv set
       LANGUAGE 5
       und3r [~uns@pbbgB26YagkM.200.244.84.O] has
       left #hack (Bye : KVirc 0.6.0 by Szymon
       Stefanek )
        have any of you heard of anyone here know "John
       Vranesevich" or "JP"?
        GayPee, what is it?
        JP Morgan?
        JP = Japan?
        c_orb whois
        c_orb whois
        c_orb: o cara da antionline
        falou varis merda do brasil
       ***my translation: he says some bad shit
       about Brasil***
        o q ele disse?
       ***my translation: What?!@ he dissed us?***
        I apologize for him in advance
        falai a pagina
       AcHeR [~GoiasEC@tEfvZyqhpMc.200.211.130.O]
       has left #hack
       chaosmaker> humm
        br tem muito hacko meu
       ***my translation: Brasil might hack you for
        whoa, "We even had one "user"
       trying to brute force their
        way into our administration
       realm. Needless to say, he was from Brazil,
        country which is
        connected to the rest of the
       internet via a long piece of yarn with tin
        attached to each end."
         does that guy get into irc?
        what chan?
        he is too scared of efnet
        do cdc and phrack like jp?
        deep hate would be my estimate
       analysis> sorry
        jp is dead
        Well, he's a little immature to say
       the least.
       <|WiZarD|> tsk tsk tsk
        he's gay
       CeZiNHa [] has
       joined #hackers
       ChanServ sets mode: +o CeZiNHa
        he's a loser with his own website,
       nothing new, but most people don't insult
        nations with them.
        oi :)
        CeZiNHa: :)
        ana: :)
       anony is away: (hackeando a geladeira)
       [BX-MsgLog On]
        analysis: :)
       <|WiZarD|> CeZiNHa: oizzz

      2600 Meeting Ends in Tragedy   
      Contributed by siko
      Wednesday - March 10, 1999. 08:41AM GMT 

          The local 2600 chapter in Hartford, Connecticut, experienced a serious
      disagreement late Tuesday night at the Hartford Civic Center, their meeting

      "Me and HoBeater were just chillin.. and all of a sudden I heard NetSpud and
      TerDberGER having some sort of disagreement", remembers JehriKirlz, who
      was an eye witness to a fight that broke out. "Next thing I know, punches are
      being thrown".

      "How much of an idiot can you be? He claims that Windows98 is nothing but
      a waste of hard drive space and that Windows95 is more compact. First of
      all, there are too many enhancements in the latest installation of Windows to
      overlook. He deserved it", said NetSpud as he was taken away in cuffs.

      The disagreement over which version of the popular Microsoft OS led to
      what some 2600 members are calling a 'terrible mess'. People passing by at
      the local mall remember the incident only as 'fucking hilarious'. Only two
      punches were thrown, both by NetSpud, landing blows to left ear and another
      to the chin.

      "I tried to grab his hair, there is so much of it. I keep telling that punk to cut
      his hair. Nooooo it makes him look more hackerish. This is a travesty of
      justice. Anyone with a brain knows Windows95 is better than that bloatware
      known as Windows98", said TerDberGER, as he was carried away on a
      stretcher, broken glasses and all.

      Police were called to the scene and immediately settled both parties down,
      but the 2600 meeting was cancelled. 

 HA.HA2 Business at the speed of Drool
        Via HNN who funnily enough had Pastydrone's name down as Patsy Drone (!)
        which is a joke in itself anyways ... moving right along 
        sorry..Pasty's a good guy he'll let me off with laughing at that 
        right Pasty?  
        This is a response to the Time story on Bill Gates's new book where
        he prints 12 steps to good business practices... funny stuff - Ed
        Business @ the Speed of Drool  by Pasty Drone (Newstrolls)
                    Business @ the Speed of Drool as it Oozes from the
                 Corner of your Mouth to Your Keyboard as You
                Lay Slumped Over your Latest Power Point Slide

                       (Editor's Note: This is humour. If you can't take a joke, click off.) 

                Bill Gates has written a book. It is his second book. It is a nice book and it is
                called Business @ the Speed of Thought and if you must buy it, at least help
                         support NewsTrolls by purchasing it through our link. 

               Time Magazine has an excerpt from the book entitled Bill Gates' New Rules in
               which it excerpts the following 12 rules of business according to Bill...I've added
               my own little insights to Bill's big ones (all caps). I suggest you read the article
                                   first and then come back here. 


               Email will never replace the face-to-face. No one who has been petrified by the
              company lawyer's fire-and-brimstone-lawsuit-lecture is going to put sensitive info
                                           in an email. 


              Read: Study sales data online so Microsoft can share you insights...via their nifty
                                         ID mechanics... 


                 Poor Bill...he's still deluded that executives actually READ the charts and
               worksheets of data...the middle managers are usually too busy creating the next
               set of data to analyze an earlier output, and you're lucky if your line employees
                                have junior college under their belt... 


              Sometimes this works (ala NewsTrolls), most times climbing the corporate ladder
              results in anti-team work. People compete to prove that THEIR way of using the
                digital tools is the best one, and with each new senior mid-management hire,
                  there's a new set of tools for you to feed your data into while the rest get


                Bill admits they can't even do it at his place (although they got it down to 60).
               Some things ARE better left on paper or you're just going to spend MILLIONS
                 more on programmer bills because you're updating your Intranet every two
               seconds (and don't even think you can automate THAT process; users refuse to
                                        look at HTML...) 


              Here's where Bill really makes $$$ off of you. Where before you had your data in
               a relatively inocuous Excel spreadsheet, now you also get to try and wrangle the
                  same data into MS Project, MS Access, and probably embed it in a MS
                 Powerpoint slide. MS digital tools eliminate Single Task jobs because they
                 replicate the single tasks into more numerous and time-consuming ones... 

                             7 CREATE A DIGITAL FEEDBACK LOOP 

                Well, it's more like a digital PLYBACK loop (same data, new MS program).
                                   Here's a neat quote from Bill: 
              The best projects are those in which people have the customer scenario clearly in
              Let's all remember to really think of MICROSOFT when you think of KEEPING
                                  THE CUSTOMER IN MIND... 


               Honestly I can't believe Bill has the balls to make point #8, but there you go...
               And, does ANYONE read those customer complaint emails? Well, ok...maybe if
               they're really bizarre... Actually in many instances the people who actually DO
               the product design are not native English speakers so having them answer the
                 mail could be rather amusing...and of course that's assuming your product
                              designers aren't in Bombay or elsewhere... 


                 This one could basically be summed up into: Hire more temps (think of the
                         benefits money you'll save). Oh, and then the kicker: 
               In the Web work style, employees can push the freedom the Web provides to its
                   In other words, GET USED TO the idea that you won't get benefits... 


                I think Bill meant to say "Barely-There Delivery". Witness Office 2000. And
              HEY!...whereas with paper you often turned in deadline documents the morning of
                an afternoon deadline, now you can wait up to 2:55 for a 3:00 deadline...that's


              Ah, now this is clever Bill at his finest...the subtext on this one is: Stock Brokers,
                Real Estate Agents...don't be scared!...Put your trust in Bill and through his
               products he will allow you to firmly entrench your job so that no one would ever
                         DARE call spreadsheet-shittin' YOU a "middle man". 


              Or, in other words it is better for your customer to get stuck in a phone tree from
              hell than to train a human to help them not panic when they see the Windows Blue
                                        Screen of Death. 

              So let's see Rules 4,6,8,9,11,and 12 all say USE DIGITAL. Rule 7 uses the word
              "create", but could just as easily be "use". And what do all the rules tell you dear

                                       BUY MICROSOFT. 
        The actual Time story can be found at the following URL or go 
        buy Bills book, god knows he needs the cash for an arboritium ...

 HOW.TO "How To Hack" March 1999 -> Part I (Steps 1 to 4)
         This is not coincidentally next to the HA.HA section in the zine in fact the name itself is a piss-take on the
        "scene" (if you can't take the piss out of yourself you're taking
        things way to seriously and won't survive 2 weeks out here) but its
        a fact that anyone that puts out a zine like this has to  deal with
        and thats the endless messages and questions from 'newbies' asking
        "HOW DO I HACK xxxx OS?" etc, well here's how you do it. I'll warn 
        you up front that i'm not going to be gentle and will be fucking
        blunt with you, if you don't have the balls fuck off now you're dead 
        meat and will be minced and made a laughing stock all over the net, 
        if you think you can handle it then read on, this is an excersize
        that is best learned by doing but do it on your own machine if you
        try any of these things on someone elses box without any experience
        you will end up in jail.
        Step 1.
        If you are not running FreeBSD, or a variation thereof or Linux in
        any of its incarnations, the first thing you need to do is either
        partition off 400M or so of your home machine for linux (easiest)
        or get a scrap 386 from somewhere (unix isn't windows and will
        run just fine with 8 or even 4 megs of ram for our purposes) and
        install linux or FreeBSD, I prefer BSD but there are more exploits
        written for linux. Why? because writing to the raw sockets in linux
        is a lot easier than it is in BSD, BSD is closer to *real* unix 
        than Linux is, when linux first came out it was little more than
        a toy shell and was buggy as hell, BSD on the other hand was raped
        of its best parts and incorporated into linux, thats why it has one
        of the best TCP stacks out there, you can thank BSD for that...NT
        also owes its existance to Linux and BSD so by using and learning
        one of these OS's you will be set in good stead for hax0ring your
        way to stardom. Thats what you want isn't it? if thats the case 
        this file is NOT for you. Stardom=recognition=fame or infamy=jail
        time. Are you ready for jail? no? ok maybe you're reading this for
        the humour value or maybe you want to persue or are persuing a
        career in security, cool its a fun job isn't it? you get to hack
        and you're on the side of the good guys. Ok keep reading...
        Step 2
        Locate all the texts you can that pertain to breaking into systems
        and locate a good source of exploit code, (aka scripts) you don't
        want to become a script kiddie but you do need example code to learn
        from and the best code is usually put out with security in mind but
        can be bent to 'evil' ends by turning it around and using it to enter
        rather than block holes in the system. Some good places to look for
        code are (they don't keep up to date as much as
        they used to since they were rewted by hackers using a hole in SSH
        but they still have a good variety of exploit scripts available) for
        up to the minute exploit code PacketStorm Security is probably the
        best site that you will ever find, they are located on the Genocide2600
        servers at and the site is run
        by Ken Williams a key member of EHAP. Proof that ethical hacking does
        Step 3
        Gather up every FAQ and RFC that you can pertaining to networking and
        network security, yes this means reading and learning new stuph, if 
        this sounds like work, well it is... and you better get used to it since
        staying on top of the daily exploits is key if you want to make sure that
        your system is secure once its on the net. "On the net you ask!?!?" well
        of course, we have to get you on the net to try out some of these mad 
        sploits don't we? unless you have a few machines laying around in which
        case we can do some intranet hacking as well.
        Step 4
        Set up your network. I will not give you any help with this, I assume 
        you know how to setup a basic network if you don't then you haven't been
        following the steps properly or are plain stupid. Advice: Give up now and
        become a grass cutter, we need more of those the lawns around here are
        Step 5 
        Breaking in. This is the bit you've all been waiting for, well guess what
        many zines and serials keep users hanging on by posting teasers to keep
        people interested, and shit, i'm no different, we'll continue with step
        P.S "Hacking IRC" is still in progress and will also be continued in a 
        further issue of the zine its not forgotten or dead by any means. - Ed

  H.W  Hacked websites Marc13th-March20th

     Note: The hacked site reports stay, especially with some cool hits by
           groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed

         * Hackers Against Racist Propaganda (See issue #7)
     Unconfirmed Hack Report: 
  by Moskos Sex Hackers Team     
     Posted on irc in our channel by Yo_Soy, but the site was down when I
     tried to check it out on several occasions... - Ed
     Also, direct from HNN's rumours section including disclaimer notice;
     March 15th 1999
      This is the rumour section. Anything posted in this area
      may or may not be true. Many people think that just
      because something is posted here it is gospel. While
      HNN attempts to verify everything on the site we are
      not always able to do so. Most thing posted here in the
      rumour section are true, however we are unable to
      verify them all. 

      contributed by Anonymous 
      We have recieved reports that the following sites have
      been compromised:

  A.0                              APPENDICES

  A.1  PHACVW, sekurity, security, cyberwar links

       The links are no longer maintained in this file, there is now a
      links section on the url so check
      there for current links etc.

      The hack FAQ (The #hack/alt.2600 faq)

      Hacker's Jargon File (The quote file)

      International links:(TBC)

      Foreign correspondants and others please send in news site links that
      have security news from foreign countries for inclusion in this list
      thanks... - Ed


    Got a link for this section? email it to and i'll
    review it and post it here if it merits it.



     1998, 1999 (c) Cruciphux/
    (r) Cruciphux is a trade mark of Hoary Wild Arachnids Inc.


                         puzzle answer: TRUE

   [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]

Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox

Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.