Plateforme de Hacking


HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)

Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.

Challenges
Vous pourrez également participer à de nombreux challenges
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: hwa-hn46.txt
      
      [63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
  ==========================================================================
  =                       <=-[ HWA.hax0r.news ]-=>                         =
  ==========================================================================
    [=HWA'99/2000=]                   Number 46 Volume 1 1999   Dec 12th 99
  ==========================================================================
    [                     61:20:6B:69:64:20:63:6F:75:                    ]
    [               6C:64:20:62:72:65:61:6B:20:74:68:69:73:              ]
    [              20:22:65:6E:63:72:79:70:74:69:6F:6E:22:!              ]        
  ==========================================================================
   
   "This newsletter/ezine has been Declassified for the phearing impaired"  
   
   
                    ____
                   / ___|_____   _____ _ __ __ _  __ _  ___
                  | |   / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
                  | |__| (_) \ V /  __/ | | (_| | (_| |  __/
                   \____\___/ \_/ \___|_|  \__,_|\__, |\___|
                                                 |___/

                  This is #46 covering Dec 6th to Dec 12th 
                      (** #47 covers Dec 13th to 19th)
    
  ==========================================================================                             

                         "ABUSUS NON TOLLIT USUM"
                         
  ==========================================================================                         
    
   Mailing list members: 447 Can we bump this up somewhat? spread the word!                          
   
  ==========================================================================                          
   
  
        Today the spotlight may be on you, some interesting machines that
                  have accessed these archives recently...
               
                               _   _       _
                              | | | | ___ | |_
                              | |_| |/ _ \| __|
                              |  _  | (_) | |_
                              |_| |_|\___/ \__|
                               _    _ _ _
                              | |  | (_) |
                              | |__| |_| |_ ___
                              |  __  | | __/ __|
                              | |  | | | |_\__ \
                              |_|  |_|_|\__|___/
                              
                            .gov and .mil activity
                              
                             
                             
                             proxy.gintic.gov.sg
                             doegate.doe.gov
                             sunspot.gsfc.nasa.gov
                             gate1.mcbh.usmc.mil 
                             homer.nawcad.navy.mil
                             maggie.nawcad.navy.mil
                             lisa.nawcad.navy.mil 
                             msproxy.transcom.mil
                             b-kahuna.hickam.af.mil
                             sc034ws109.nosc.mil
                             infosec.se
                             gate2.mcbutler.usmc.mil
                             sc034ws109.nosc.mil
                             shq-ot-1178.nosc.mil
                             dhcp-036190.scott.af.mil
                             mcreed.lan.teale.ca.gov
                             dodo.nist.gov
                             mc1926.mcclellan.af.mil
                             kwai11.nsf.gov
                             enduser.faa.gov
                             vasfw02,fdic.gov 
                             lisa.defcen.gov.au
                             ps1.pbgc.gov
                             guardian.gov.sg
                             amccss229116.scott.af.mil
                             sc022ws224.nosc.mil
                             sheppard2.hurlburt.af.mil                             
                             marshall.us-state.gov
                             digger1.defence.gov.au
                             firewall.mendoza.gov.ar
                             ipaccess.gov.ru
                             gatekeeper.itsec-debis.de
                             fgoscs.itsec-debis.de
                             fhu-ed4ccdf.fhu.disa.mil
                             citspr.tyndall.af.mil
                             kelsatx2.kelly.af.mil
                             kane.sheppard.af.mil                             
                             relay5.nima.mil
                             host.198-76-34-33.gsa.gov
                             ntsrvr.vsw.navy.mil
                             saic2.nosc.mil
                             wygate.wy.blm.gov
                             mrwilson.lanl.gov
                             p722ar.npt.nuwc.navy.mil
                             ws088228.ramstein.af.mil
                             car-gw.defence.gov.au
                             unknown-c-23-147.latimes.com
                             nytgate1.nytimes.com
                             
                             
  There are some interesting machines among these, the *.nosc.mil boxes are
  from SPAWAR information warfare centres, good Is It Worth It Followup to see
  our boys keeping up with the news... - Ed                             
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
  
  _   ___        ___      _                 ___
 | | | \ \      / / \    | |__   __ ___  __/ _ \ _ __ _ __   _____      _____
 | |_| |\ \ /\ / / _ \   | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __|
 |  _  | \ V  V / ___ \ _| | | | (_| |>  <| |_| | |_ | | | |  __/\ V  V /\__ \
 |_| |_|  \_/\_/_/   \_(_)_| |_|\__,_/_/\_\\___/|_(_)|_| |_|\___| \_/\_/ |___/

  
                             
                             
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
                     http://welcome.to/HWA.hax0r.news/                     
                                           
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                                            
  
  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ 
  #                                                                         #
  @      The HWA website is sponsored by CUBESOFT communications I highly   @ 
  #      recommend you consider these people for your web hosting needs,    #
  @                                                                         @   
  #      Web site sponsored by CUBESOFT networks http://www.csoft.net       #
  @      check them out for great fast web hosting!                         @ 
  #                                                                         # 
  #      http://www.csoft.net/~hwa                                          @
  @                                                                         #  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
                    
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       


          _   _            _             _    _____ _   _     _
         | | | | __ _  ___| | _____ _ __( )__| ____| |_| |__ (_) ___
         | |_| |/ _` |/ __| |/ / _ \ '__|/ __|  _| | __| '_ \| |/ __|
         |  _  | (_| | (__|   <  __/ |   \__ \ |___| |_| | | | | (__
         |_| |_|\__,_|\___|_|\_\___|_|   |___/_____|\__|_| |_|_|\___|



     Sadly, due to the traditional ignorance and sensationalizing of the mass
     media, the once-noble term hacker has become a perjorative.
     
     Among true computer people, being called a hacker is a compliment. One of
     the traits of the true hacker is a profoundly antibureaucratic and
     democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
     
     This ethic was best formulated by Steven Levy in his 1984 book Hackers:
     Heroes of the Computer Revolution. Its tenets are as follows:

      1 - Access to computers should be unlimited and total. 
      2 - All information should be free. 
      3 - Mistrust authority - promote decentralization. 
      4 - Hackers should be judged by their hacking not bogus criteria such as
          degrees, age, race, or position. 
      5 - You create art and beauty on a computer, 
      6 - Computers can change your life for the better. 

     The Internet as a whole reflects this ethic.


  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       


             _____                          _   _   _
            |  ___|__  _ __ _ __ ___   __ _| |_| |_(_)_ __   __ _
            | |_ / _ \| '__| '_ ` _ \ / _` | __| __| | '_ \ / _` |
            |  _| (_) | |  | | | | | | (_| | |_| |_| | | | | (_| |
            |_|  \___/|_|  |_| |_| |_|\__,_|\__|\__|_|_| |_|\__, |
                                                            |___/

               A Comment on FORMATTING: 
               
               
               Oct'99 - Started 80 column mode format, code is still left
                        untouched since formatting will destroy syntax.               
               
   
               I received an email recently about the formatting of this
               newsletter, suggesting that it be formatted to 75 columns
               in the past I've endevoured to format all text to 80 cols
               except for articles and site statements and urls which are
               posted verbatim, I've decided to continue with this method
               unless more people complain, the zine is best viewed in
               1024x768 mode with UEDIT.... - Ed
               
               BTW if anyone can suggest a better editor than UEDIT for
               this thing send me some email i'm finding it lacking in
               certain areas. Must be able to produce standard ascii.    
                       
  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
  
                       __  __ _
                      |  \/  (_)_ __ _ __ ___  _ __ ___
                      | |\/| | | '__| '__/ _ \| '__/ __|
                      | |  | | | |  | | | (_) | |  \__ \
                      |_|  |_|_|_|  |_|  \___/|_|  |___/

                       


     New mirror sites
                
          ***   http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***      
                http://datatwirl.intranova.net * NEW * 
                http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
                http://net-security.org/hwahaxornews
                http://www.sysbreakers.com/hwa
                http://www.attrition.org/hosted/hwa/
                http://www.ducktank.net/hwa/issues.html.          
                http://hwazine.cjb.net/
                http://www.hackunlimited.com/files/secu/papers/hwa/
                http://www.attrition.org/~modify/texts/zines/HWA/       
                         
              * http://hwa.hax0r.news.8m.com/           
              * http://www.fortunecity.com/skyscraper/feature/103/  
               
              * Crappy free sites but they offer 20M & I need the space...
              ** Some issues are not located on these sites since they exceed
                 the file size limitations imposed by the sites :-( please
                 only use these if no other recourse is available.
                 
            *** Most likely to be up to date other than the main site.    
                        
                        
     
     HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
     thanks to airportman for the Cubesoft bandwidth. Also shouts out to all 
     our mirror sites! and p0lix for the (now expired) digitalgeeks archive
     tnx guys. 
     
     http://www.csoft.net/~hwa
     
     
     HWA.hax0r.news Mirror Sites:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
     http://www.attrition.org/hosted/hwa/
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.ducktank.net/hwa/issues.html. ** NEW **
     http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
     http://www.csoft.net/~hwa/ 
     http://www.digitalgeeks.com/hwa. *DOWN*
     http://members.tripod.com/~hwa_2k
     http://welcome.to/HWA.hax0r.news/
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.projectgamma.com/archives/zines/hwa/
     http://www.403-security.org/Htmls/hwa.hax0r.news.htm

   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=         
   
   
  
 
                    ____                              _
                   / ___| _   _ _ __   ___  _ __  ___(_)___
                   \___ \| | | | '_ \ / _ \| '_ \/ __| / __|
                    ___) | |_| | | | | (_) | |_) \__ \ \__ \
                   |____/ \__, |_| |_|\___/| .__/|___/_|___/
                          |___/            |_|

     
   
   SYNOPSIS (READ THIS)
   --------------------
   
   The purpose of this newsletter is to 'digest' current events of interest
   that affect the online underground and netizens in general. This includes
   coverage of general security issues, hacks, exploits, underground news
   and anything else I think is worthy of a look see. (remember i'm doing
   this for me, not you, the fact some people happen to get a kick/use
   out of it is of secondary importance).

    This list is NOT meant as a replacement for, nor to compete with, the
   likes of publications such as CuD or PHRACK or with news sites such as
   AntiOnline, the Hacker News Network (HNN) or mailing lists such as
   BUGTRAQ or ISN nor could any other 'digest' of this type do so.

    It *is* intended  however, to  compliment such material and provide a
   reference to those who follow the culture by keeping tabs on as many
   sources as possible and providing links to further info, its a labour
   of love and will be continued for as long as I feel like it, i'm not
   motivated by dollars or the illusion of fame, did you ever notice how
   the most famous/infamous hackers are the ones that get caught? there's
   a lot to be said for remaining just outside the circle... 
   
   

   @HWA

   =-----------------------------------------------------------------------=

                     Welcome to HWA.hax0r.news ... 

   =-----------------------------------------------------------------------=


    
    We could use some more people joining the channel, its usually pretty
    quiet, we don't bite (usually) so if you're hanging out on irc stop
    by and idle a while and say hi...   
    
    **************************************************************************   

   
                            ____|  _|            |
                            __|   |   __ \   _ \ __|
                            |     __| |   |  __/ |
                           _____|_|  _|  _|\___|\__| 

     
                        Eris Free Net #HWA.hax0r.news
    
    **************************************************************************
    ***      /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed   ***
    ***                                                                    ***
    *** please join to discuss or impart news on from the zine and around  ***
    *** the zine or just to hang out, we get some interesting visitors you ***
    *** could be one of em.                                                ***
    ***                                                                    ***
    *** Note that the channel isn't there to entertain you its purpose is  ***
    *** to bring together people interested and involved in the underground***
    *** to chat about current and recent events etc, do drop in to talk or ***
    *** hangout. Also if you want to promo your site or send in news tips  ***
    *** its the place to be, just remember we're not #hack or #chatzone... ***
    **************************************************************************

      
    
    


  =--------------------------------------------------------------------------=
  
  
                     _____            _             _  
                    / ____|          | |           | |
                   | |     ___  _ __ | |_ ___ _ __ | |_ ___
                   | |    / _ \| '_ \| __/ _ \ '_ \| __/ __|
                   | |___| (_) | | | | ||  __/ | | | |_\__ \
                    \_____\___/|_| |_|\__\___|_| |_|\__|___/


           
  =--------------------------------------------------------------------------=
  [ INDEX ]
  =--------------------------------------------------------------------------=
    Key     Intros                                                         
  =--------------------------------------------------------------------------=
 
    00.0  .. COPYRIGHTS ......................................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. SOURCES .........................................................
    00.3  .. THIS IS WHO WE ARE ..............................................
    00.4  .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
    00.5  .. THE HWA_FAQ V1.0 ................................................
            
             ABUSUS NON TOLLIT USUM? 
             This is (in case you hadn't guessed) Latin, and loosely translated
             it means "Just because something is abused, it should not be taken
             away from those  who use it properly). This is our new motto.         

  =--------------------------------------------------------------------------=
    Key     Content 
  =--------------------------------------------------------------------------=
  

    01.0  .. GREETS ..........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ...........................
     01.2 .. Mailbag .........................................................
    02.0  .. From the Editor.................................................. 
    03.0  .. Melissa conviction to stop virus writers?........................
    04.0  .. Government asks hackers for Y2K break............................
    05.0  .. China Upholds Death Sentence For Electronic Intruder ............
    06.0  .. Symantec Discovers Another Worm .................................
    07.0  .. EPIC Sues NSA Over Echelon ......................................
    08.0  .. Wyoming Newspaper Attacked ......................................
    09.0  .. DoD Offers Military Docs to Surfers .............................
    10.0  .. NSA Funds Supercomputer Upgrade .................................
    11.0  .. "I was a teenage nmapper"........................................
    12.0  .. NIST Meeting Open To The Public .................................
    13.0  .. NT Passes Government Security Certifications ....................
    14.0  .. Mitnick's Codefendant Sentenced .................................
    15.0  .. Videon Suffers Second Intrusion .................................
    16.0  .. GSM Phones No Longer Secure .....................................
    17.0  .. DARPA Looks At Face Recognition Technology ......................
    18.0  .. More Info On the Phonemasters Revealed ..........................
    19.0  .. Proactive AntiVirus Software Now Available ......................
    20.0  .. South African Web Pages Defaced .................................
    21.0  .. Not Just a Game Anymore .........................................
    22.0  .. Y2K Fix Really An Extensible Worm ...............................
    23.0  .. Distributed DoS Attacks Becoming Popular ........................
    24.0  .. FBI to Remain on Alert Over Y2K .................................
    25.0  .. IOPS Sets Up Y2K Watch Center ...................................
    26.0  .. IDs Embedded In All Color Copies ................................
    27.0  .. Valiant of Halcon Speaks ........................................
    28.0  .. Scholarships for Surfing ........................................
    29.0  .. Dec 8th HNN Rumours..............................................
    30.0  .. Alleged Melissa Creator May Plead Guilty ........................
    31.0  .. Non-Anonymous Internet Violates First Amendment .................
    32.0  .. OSU Charges Two With Illegal Access .............................
    33.0  .. Microsoft Files Lawsuit Against Online Pirates ..................
    34.0  .. CERT Releases Distributed Attack Paper ..........................
    35.0  .. PWC Finds Serious Weaknesses in Pension Fund Company ............
    36.0  .. Freaks Macintosh Archives CD ....................................
    37.0  .. Nortell Releases Personal Hardware Firewall .....................
    38.0  .. sSh/Dap interview by Sla5h.......................................
    39.0  .. Melissa Creator Pleads Guilty ...................................
    40.0  .. Privacy of US Military Officers Breached ........................
    41.0  .. Commerce Dept. Introduces New Security Initiative ...............
    42.0  .. Attrition Celebrates One Year Birthday ..........................
    43.0  .. Russian Echelon? ................................................
    44.0  .. Russian Bug Did Frequency-Hopping ...............................
    45.0  .. Security Focus Newsletter #18....................................
   
    
    
    =-------------------------------------------------------------------------------=
    
        
    AD.S  .. Post your site ads or etc here, if you can offer something in return
             thats tres cool, if not we'll consider ur ad anyways so send it in.
             ads for other zines are ok too btw just mention us in yours, please
             remember to include links and an email contact. Corporate ads will
             be considered also and if your company wishes to donate to or 
             participate in the upcoming Canc0n99 event send in your suggestions
             and ads now...n.b date and time may be pushed back join mailing list
             for up to date information.......................................
             Current dates: POSTPONED til further notice, place: TBA..........
    Ha.Ha .. Humour and puzzles  ............................................
             
              Hey You!........................................................
              =------=........................................................
              
              Send in humour for this section! I need a laugh and its hard to
              find good stuff... ;)...........................................

    SITE.1 .. Featured site, .................................................
     H.W   .. Hacked Websites  ...............................................
     A.0   .. APPENDICES......................................................
     A.1   .. PHACVW linx and references......................................
 
  =--------------------------------------------------------------------------=
     
     @HWA'99
     
     

     
 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      
                            _                     _
                           | |    ___  __ _  __ _| |
                           | |   / _ \/ _` |/ _` | |
                           | |__|  __/ (_| | (_| | |
                           |_____\___|\__, |\__,_|_|
                                      |___/


          THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
          OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
          WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
          (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
          READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
     
          Important semi-legalese and license to redistribute:
     
          YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
          AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
          ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
          IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
          APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
          IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
          ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
          ME PRIVATELY current email cruciphux@dok.org
     
          THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
          WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
          THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
     
          I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
          AND REDISTRIBUTE/MIRROR. - EoD
     
     
          Although this file and all future issues are now copyright, some of
         the content holds its  own copyright and these are printed and
         respected. News is news so i'll print any and all news but will quote
         sources when the source is known, if its good enough for CNN its good
         enough for me. And i'm doing it for free on my own time so pfffft. :)
     
         No monies are made or sought through the distribution of this material.
         If you have a problem or concern email me and we'll discuss it.
     
         cruciphux@dok.org
     
         Cruciphux [C*:.]



 00.1 CONTACT INFORMATION AND MAIL DROP 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                     ____            _             _
                    / ___|___  _ __ | |_ __ _  ___| |_ ___
                   | |   / _ \| '_ \| __/ _` |/ __| __/ __|
                   | |__| (_) | | | | || (_| | (__| |_\__ \
                    \____\___/|_| |_|\__\__,_|\___|\__|___/


     Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
    Canada / North America (hell even if you are inside ..) and wish to
    send printed matter like newspaper clippings a subscription to your
    cool foreign hacking zine or photos, small non-explosive packages
    or sensitive information etc etc well, now you can. (w00t) please
    no more inflatable sheep or plastic dog droppings, or fake vomit
    thanks.

    Send all goodies to:
    

	    HWA NEWS
	    P.O BOX 44118
	    370 MAIN ST. NORTH
	    BRAMPTON, ONTARIO
	    CANADA
	    L6V 4H5
	    
	    
    
    WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
    ~~~~~~~  reading this from some interesting places, make my day and get a
             mention in the zine, send in a postcard, I realize that some places
             it is cost prohibitive but if you have the time and money be a cool
             dude / gal and send a poor guy a postcard preferably one that has some
             scenery from your place of residence for my collection, I collect stamps
             too so you kill two birds with one stone by being cool and mailing in a
             postcard, return address not necessary, just a  "hey guys being cool in
             Bahrain, take it easy" will do ... ;-) thanx.



    Ideas for interesting 'stuff' to send in apart from news:

    - Photo copies of old system manual front pages (optionally signed by you) ;-)
    - Photos of yourself, your mom, sister, dog and or cat in a NON
      compromising position plz I don't want pr0n. 
    - Picture postcards
    - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
      tapes with hack/security related archives, logs, irc logs etc on em.
    - audio or video cassettes of yourself/others etc of interesting phone
      fun or social engineering examples or transcripts thereof.
    
    
    Stuff you can email:
    
    - Prank phone calls in .ram or .mp* format
    - Fone tones and security announcements from PBX's etc
    - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
    - reserved for one smiley face ->        :-)            <-
    - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
    - burns of phac cds (email first to make sure we don't already have em)
    - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
    

    If you still can't think of anything you're probably not that interesting
    a person after all so don't worry about it 

    Our current email:

    Submissions/zine gossip.....: hwa@press.usmc.net
    Private email to editor.....: cruciphux@dok.org                                                                   
    Distribution/Website........: sas2@usa.net       

    @HWA



 00.2 Sources ***
      ~~~~~~~~~~~
      
                      ____
                     / ___|  ___  _   _ _ __ ___ ___ ___
                     \___ \ / _ \| | | | '__/ __/ _ Y __|
                      ___) | (_) | |_| | | | (_|  __|__ \
                     |____/ \___/ \__,_|_|  \___\___|___/


     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.

    News & I/O zine ................. http://www.antionline.com/
    Back Orifice/cDc..................http://www.cultdeadcow.com/
    News site (HNN) .....,............http://www.hackernews.com/
    Help Net Security.................http://net-security.org/
    News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
    NewsTrolls .(daily news ).........http://www.newstrolls.com/
    News + Exploit archive ...........http://www.rootshell.com/beta/news.html
    CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
    News site+........................http://www.zdnet.com/
    News site+Security................http://www.gammaforce.org/
    News site+Security................http://www.projectgamma.com/
    News site+Security................http://securityhole.8m.com/
    News site+Security related site...http://www.403-security.org/ s
    News/Humour site+ ................http://www.innerpulse.com
    News/Techie news site.............http://www.slashdot.org
    
    

    +Various mailing lists and some newsgroups, such as ...
    +other sites available on the HNN affiliates page, please see
     http://www.hackernews.com/affiliates.html as they seem to be popping up
     rather frequently ...

    
    http://www.the-project.org/ .. IRC list/admin archives
    http://www.anchordesk.com/  .. Jesse Berst's AnchorDesk

    alt.hackers.malicious
    alt.hackers
    alt.2600
    BUGTRAQ
    ISN security mailing list
    ntbugtraq
    <+others>

    NEWS Agencies, News search engines etc:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    http://www.cnn.com/SEARCH/
       
    http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
        
    http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
        
    http://www.ottawacitizen.com/business/
        
    http://search.yahoo.com.sg/search/news_sg?p=hack
        
    http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
        
    http://www.zdnet.com/zdtv/cybercrime/
        
    http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
        
    NOTE: See appendices for details on other links.
    


    http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
        
    http://freespeech.org/eua/ Electronic Underground Affiliation
        
    http://ech0.cjb.net ech0 Security
    
    http://axon.jccc.net/hir/ Hackers Information Report
        
    http://net-security.org Net Security
        
    http://www.403-security.org Daily news and security related site
        

    Submissions/Hints/Tips/Etc
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
            ____        _               _         _
           / ___| _   _| |__  _ __ ___ (_)___ ___(_) ___  _ __  ___
           \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
            ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
           |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/


    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at http://www.hackernews.com/affiliates.html

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.


    - Ed

    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
    
    
    ATTRITION.ORG's Website defacement mirror and announcement lists
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    http://www.attrition.org/mirror/attrition/    
    http://www.attrition.org/security/lists.html
    
    --
      
      defaced [web page defacement announce list]
      
      This is a public LOW VOLUME (1) mail list to circulate news/info on 
      defaced web sites. To subscribe to Defaced, send mail to 
      majordomo@attrition.org with "subscribe defaced" in the BODY of 
      the mail.
      
      There will be two types of posts to this list:
      
              1. brief announcements as we learn of a web defacement.
                 this will include the site, date, and who signed the 
                 hack. we will also include a URL of a mirror of the hack.
      
              2. at the end of the day, a summary will be posted
                 of all the hacks of the day. these can be found
                 on the mirror site listed under 'relevant links'
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: mcintyre@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
      (1) It is low volume on a normal day. On days of many defacements,
          traffic may be increased. On a few days, it is a virtual mail
          flood. You have been warned. ;)
      
    -=-
    
    --
      
      defaced summary [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced domains on a given day. To subscribe to Defaced-Summary, send mail to 
      majordomo@attrition.org with "subscribe defaced-summary" in the BODY of 
      the mail.
      
      There will be ONE type of post to this list:
      
              1. a single nightly piece of mail listing all reported
                 domains. the same information can be found on
                 http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
              
     -=-
     
      defaced GM [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced government and military domains on a given day. To subscribe to 
      Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" 
      in the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
     
      --
      
      defaced alpha [web page defacement announce list]
      
      This is a low traffic mail list to announce via alpha-numeric
      pagers, all publicly defaced government and military domains 
      on a given day. To subscribe to Defaced-Alpha, send mail to 
      majordomo@attrition.org with "subscribe defaced-alpha" in 
      the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the information
                 will only include domain names. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks. Further, it is designed for 
      quick response and aimed at law enforcement agencies like
      DCIS and the FBI.
      
      To subscribe to this list, a special mail will be sent to YOUR
      alpha-numeric pager. A specific response must be made within
      12 hours of receiving the mail to be subscribed. If the response
      is not received, it is assumed the mail was not sent to your 
      pager.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
         
      
    -=-     
      

    


    THE MOST READ:

    BUGTRAQ - Subscription info
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin . To subscribe to
    bugtraq, send mail to listserv@netspace.org containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

          http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

          

    About the Bugtraq mailing list
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the originator of the message. Please do not
    "CC" the bugtraq reflector address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words that you post on this list and that
    reproduction of those words without your permission in any medium outside the distribution of this list may be
     challenged by you, the author.

    For questions or comments, please mail me:
    chasin@crimelab.com (Scott Chasin)
    
    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    

      I am pleased to inform you of several changes that will be occurring
      on June 5th. I hope you find them as exciting as I do.
      
      
      BUGTRAQ moves to a new home
      ---------------------------
      
      
      First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
      to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
      below. Other than the change of domains nothing of how the list
      is run changes. I am still the moderator. We play by the same rules.
      
      
      Security Focus will be providing mail archives for BUGTRAQ. The
      archives go back longer than Netspace's and are more complete than
      Geek-Girl's.
      
      
      The move will occur one week from today. You will not need to
      resubscribe. All your information, including subscription options
      will be moved transparently.
      
      
      Any of you using mail filters (e.g. procmail) to sort incoming
      mail into mail folders by examining the From address will have to
      update them to include the new address. The new address will be:
      
      
                            BUGTRAQ@SECURITYFOCUS.COM
      
      
      Security Focus also be providing a free searchable vulnerability
      database.
      
      
      BUGTRAQ es muy bueno
      --------------------
      
      
      It has also become apparent that there is a need for forums
      in the spirit of BUGTRAQ where non-English speaking people
      or people that don't feel comfortable speaking English can
      exchange information.
      
      
      As such I've decided to give BUGTRAQ in other languages a try.
      BUGTRAQ will continue to be the place to submit vulnerability
      information, but if you feel more comfortable using some other
      language you can give the other lists a try. All relevant information
      from the other lists which have not already been covered here
      will be translated and forwarded on by the list moderator.
      
      
      In the next couple of weeks we will be introducing BUGTRAQ-JP
      (Japanese) which will be moderated by Nobuo Miwa 
      and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
      from Argentina  (the folks that brought you
      Secure Syslog and the SSH insertion attack).
      
      
      What is Security Focus?
      -----------------------
      
      
      Security Focus is an exercise in creating a community and a security
      resource. We hope to be able to provide a medium where useful and
      successful resources such as BUGTRAQ can occur, while at the same
      time providing a comprehensive source of security information. Aside
      from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
      herself!) have moved over to Security Focus to help us with building
      this new community. The other staff at Security Focus are largely derived
      from long time supporters of Bugtraq and the community in general. If
      you are interested in viewing the staff pages, please see the 'About'
      section on www.securityfocus.com.
      
      
      On the community creating front you will find a set of forums
      and mailing lists we hope you will find useful. A number of them
      are not scheduled to start for several weeks but starting today
      the following list is available:
      
      
      * Incidents' Mailing List. BUGTRAQ has always been about the
         discussion of new vulnerabilities. As such I normally don't approve
         messages about break-ins, trojans, viruses, etc with the exception
         of wide spread cases (Melissa, ADM worm, etc). The other choice
         people are usually left with is email CERT but this fails to
         communicate this important information to other that may be
         potentially affected.
      
      
         The Incidents mailing list is a lightly moderated mailing list to
         facilitate the quick exchange of security incident information.
         Topical items include such things as information about rootkits
         new trojan horses and viruses, source of attacks and tell-tale
         signs of intrusions.
      
      
         To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
         of:
      
      
                   SUBS INCIDENTS FirstName, LastName
      
      
      Shortly we'll also be introducing an Information Warfare forum along
      with ten other forums over the next two months. These forums will be
      built and moderated by people in the community as well as vendors who
      are willing to take part in the community building process.
      *Note to the vendors here* We have several security vendors who have
      agreed to run forums where they can participate in the online communities.
      If you would like to take part as well, mail Alfred Huger,
      ahuger@securityfocus.com.
      
      
      On the information resource front you find a large database of
      the following:
      
      
      * Vulnerabilities. We are making accessible a free vulnerability
         database. You can search it by vendor, product and keyword. You
         will find detailed information on the vulnerability and how to fix it,
         as well are links to reference information such as email messages,
         advisories and web pages. You can search by vendor, product and
         keywords. The database itself is the result of culling through 5
         years of BUGTRAQ plus countless other lists and news groups. It's
         a shining example of how thorough full disclosure has made a significant
         impact on the industry over the last half decade.
      
      
      * Products. An incredible number of categorized security products
         from over two hundred different vendors.
      
      
      * Services. A large and focused directory of security services offered by
         vendors.
      
      
      * Books, Papers and Articles. A vast number of categorized security
         related books, papers and articles. Available to download directly
         for our servers when possible.
      
      
      * Tools. A large array of free security tools. Categorized and
         available for download.
      
      
      * News: A vast number of security news articles going all the way
         back to 1995.
      
      
      * Security Resources: A directory to other security resources on
         the net.
      
      
      As well as many other things such as an event calendar.
      
      
      For your convenience the home-page can be personalized to display
      only information you may be interested in. You can filter by
      categories, keywords and operating systems, as well as configure
      how much data to display.
      
      
      I'd like to thank the fine folks at NETSPACE for hosting the
      site for as long as they have. Their services have been invaluable.
      
      
      I hope you find these changes for the best and the new services
      useful. I invite you to visit http://www.securityfocus.com/ and
      check it out for yourself. If you have any comments or suggestions
      please feel free to contact me at this address or at
      aleph1@securityfocus.com.
      
      
      Cheers.
      
      
      --
      Aleph One / aleph1@underground.org
      http://underground.org/
      KeyID 1024/948FD6B5
      Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
      



    
    Crypto-Gram
    ~~~~~~~~~~~

       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
      blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
      visit http://www.counterpane.com/unsubform.html. Back issues are available
      on http://www.counterpane.com.

       CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW. He
      is a frequent writer and lecturer on cryptography.


    CUD Computer Underground Digest
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    This info directly from their latest ish:

    Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09

 ISSN 1004-042X

 Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
 News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
 Archivist: Brendan Kehoe
 Poof Reader: Etaion Shrdlu, Jr.
 Shadow-Archivists: Dan Carosone / Paul Southworth
 Ralph Sims / Jyrki Kuoppala
 Ian Dickinson
 Cu Digest Homepage: http://www.soci.niu.edu/~cudigest



    [ISN] Security list
    ~~~~~~~~~~~~~~~~~~~
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed

    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
      
      --[ New ISN announcement (New!!)
      
      
      Sender:       ISN Mailing List 
      From:         mea culpa 
      Subject:      Where has ISN been?
      Comments: To: InfoSec News 
      To:           ISN@SECURITYFOCUS.COM
      
      
      It all starts long ago, on a network far away..
      
      
      Not really. Several months ago the system that hosted the ISN mail list
      was taken offline. Before that occured, I was not able to retrieve the
      subscriber list. Because of that, the list has been down for a while. I
      opted to wait to get the list back rather than attempt to make everyone
      resubscribe.
      
      
      As you can see from the headers, ISN is now generously being hosted by
      Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
      machine, and listserv that runs the list now.
      
      
      Hopefully, this message will find all ISN subscribers, help us weed out
      dead addresses, and assure you the list is still here. If you have found
      the list to be valuable in the past, please tell friends and associates
      about the list. To subscribe, mail listserv@securityfocus.com with
      "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
      
      
      As usual, comments and suggestions are welcome. I apologize for the down
      time of the list. Hopefully it won't happen again. ;)
      
      
      
      mea_culpa
      www.attrition.org
      
      
      
      --[ Old ISN welcome message
      
      
      [Last updated on: Mon Nov  04  0:11:23 1998]
      
      
      InfoSec News is a privately run, medium traffic list that caters 
      to distribution of information security news articles. These 
      articles will come from newspapers, magazines, online resources, 
      and more.
      
      
      The subject line will always contain the title of the article, so that
      you may quickly and effeciently filter past the articles of no interest.
      
      
      This list will contain:
      
      
      o       Articles catering to security, hacking, firewalls, new security
              encryption, products, public hacks, hoaxes, legislation affecting
              these topics and more.
      
      
      o       Information on where to obtain articles in current magazines.
      
      
      o       Security Book reviews and information.
      
      
      o       Security conference/seminar information.
      
      
      o       New security product information.
      
      
      o       And anything else that comes to mind..
      
      
      Feedback is encouraged. The list maintainers would like to hear what
      you think of the list, what could use improving, and which parts
      are "right on". Subscribers are also encouraged to submit articles
      or URLs. If you submit an article, please send either the URL or
      the article in ASCII text. Further, subscribers are encouraged to give
      feedback on articles or stories, which may be posted to the list.
      
      
      Please do NOT:
      
      
              * subscribe vanity mail forwards to this list
      
      
              * subscribe from 'free' mail addresses (ie: juno, hotmail)
      
      
              * enable vacation messages while subscribed to mail lists
      
      
              * subscribe from any account with a small quota
      
      
      All of these generate messages to the list owner and make tracking
      down dead accounts very difficult. I am currently receiving as many 
      as fifty returned mails a day. Any of the above are grounds for
      being unsubscribed. You are welcome to resubscribe when you address
      the issue(s).
      
      
      Special thanks to the following for continued contribution:
              William Knowles, Aleph One, Will Spencer, Jay Dyson,
              Nicholas Brawn, Felix von Leitner, Phreak Moi and 
              other contributers.
      
      
      ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
      ISN Archive: http://www.landfield.com/isn
      ISN Archive: http://www.jammed.com/Lists/ISN/
      
      
      ISN is Moderated by 'mea_culpa' . ISN is a
          private list. Moderation of topics, member subscription, and
          everything else about the list is solely at his discretion.
      
      
      The ISN membership list is NOT available for sale or disclosure.  
      
      
      ISN is a non-profit list. Sponsors are only donating to cover bandwidth 
          and server costs. 
          
          
     Win2k Security Advice Mailing List (new added Nov 30th)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
      To subscribe:
      
      
      send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
      to  listserv@listserv.ntsecurity.net
      
     
      
      Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
      questions or comments about the list please feel free to contact the list
      moderator, Steve Manzuik, at steve@win2ksecadvice.net.
      
      To see what you've missed recently on the list, or to research an item
      of interest, be sure to visit the Web-based archives located at:
      http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
      
      ==============
      NTSecurity.net brings the security community a brand new (Oct 99) and
      much-requested Windows security mailing list. This new moderated mailing list,
      Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
      discussion of Windows-related security issues.
      
      With a firm and unwavering commitment towards timely full disclosure, this
      new resource promises to become a great forum for open discussion
      regarding security-related bugs, vulnerabilities, potential exploits, virus,
      worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
      and we openly invite all security minded individuals, be they white hat,
      gray hat, or black hat, to join the new mailing list.
      
      While Win2KSecAdvice was named in the spirit of Microsoft's impending product
      line name change, and meant to reflect the list's security focus both now and
      in the long run, it is by no means limited to security topics centered around
      Windows 2000. Any security issues that pertain to Windows-based networking are
      relevant for discussion, including all Windows operating systems, MS Office,
      MS BackOffice, and all related third party applications and hardware.
      
      The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
      a security risk, it's relevant to the list.
      
      The list archives are available on the Web at http://www.ntsecurity.net,
      which include a List Charter and FAQ, as well as Web-based searchable list
      archives for your research endeavors.
      
      SAVE THIS INFO FOR YOUR REFERENCE:
      
      To post to the list simply send your email to
      win2ksecadvice@listserv.ntsecurity.net
      
      To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
      listserv@listserv.ntsecurity.net
      
      Regards,
      
      Steve Manzuik, List Moderator
      Win2K Security Advice
      steve@win2ksecadvice.net     

    



    @HWA


 00.3 THIS IS WHO WE ARE
      ~~~~~~~~~~~~~~~~~~
      
            __        ___                                      ___
            \ \      / / |__   ___   __ _ _ __ _____      ____|__ \
             \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
              \ V  V / | | | | (_) | (_| | | |  __/\ V  V /  __/_|
               \_/\_/  |_| |_|\___/ \__,_|_|  \___| \_/\_/ \___(_)

 
      Some HWA members and Legacy staff
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      cruciphux@dok.org.........: currently active/editorial
      darkshadez@ThePentagon.com: currently active/man in black
      fprophet@dok.org..........: currently active/programming/IRC+ man in black
      sas2@usa.net .............. currently active/IRC+ distribution
      vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
      dicentra...(email withheld): IRC+ grrl in black
      twisted-pair@home.com......: currently active/programming/IRC+


      Foreign Correspondants/affiliate members
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
       Qubik ............................: United Kingdom 
       D----Y ...........................: USA/world media
       HWA members ......................: World Media
       
      
      
      Past Foreign Correspondants (currently inactive or presumed dead) 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       Sla5h.............................: Croatia
       N0Portz ..........................: Australia           
       system error .....................: Indonesia           
       Wile (wile coyote) ...............: Japan/the East      
       Ruffneck  ........................: Netherlands/Holland 
       Wyze1.............................: South Africa

       
       Please send in your sites for inclusion here if you haven't already
       also if you want your emails listed send me a note ... - Ed

      Spikeman's site is down as of this writing, if it comes back online it will be
      posted here.
      
      http://www.hackerlink.or.id/  ............ System Error's site (in Indonesian) 
      
      Sla5h's email: smuddo@yahoo.com
       

       *******************************************************************
       ***      /join #HWA.hax0r.news on EFnet the key is `zwen'       ***
       *******************************************************************

    :-p


    1. We do NOT work for the government in any shape or form.Unless you count paying
       taxes ... in which case we work for the gov't in a BIG WAY. :-/

    2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
       events its a good idea to check out issue #1 at least and possibly also the
       Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...


    @HWA



 00.4 Whats in a name? why HWA.hax0r.news??
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             
      
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds'  this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


     @HWA

00.5  HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
                    _   ___        ___      _____ _    ___
                   | | | \ \      / / \    |  ___/ \  / _ \
                   | |_| |\ \ /\ / / _ \   | |_ / _ \| | | |
                   |  _  | \ V  V / ___ \ _|  _/ ___ \ |_| |
                   |_| |_|  \_/\_/_/   \_(_)_|/_/   \_\__\_\
                     

    Also released in issue #3. (revised) check that issue for the faq
    it won't be reprinted unless changed in a big way with the exception
    of the following excerpt from the FAQ, included to assist first time
    readers:

    Some of the stuff related to personal useage and use in this zine are
    listed below: Some are very useful, others attempt to deny the any possible
    attempts at eschewing obfuscation by obsucuring their actual definitions.

    @HWA   - see EoA  ;-)

    !=     - Mathematical notation "is not equal to" or "does not equal"
             ASC(247)  "wavey equals" sign means "almost equal" to. If written
             an =/= (equals sign with a slash thru it) also means !=, =< is Equal
             to or less than and =>  is equal to or greater than (etc, this aint
             fucking grade school, cripes, don't believe I just typed all that..)

    AAM    - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

    AOL    - A great deal of people that got ripped off for net access by a huge
             clueless isp with sekurity that you can drive buses through, we're
             not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
             least they could try leasing one??

   *CC     - 1 - Credit Card (as in phraud)
             2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

    CCC    - Chaos Computer Club (Germany)

   *CON    - Conference, a place hackers crackers and hax0rs among others go to swap
             ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
             watch videos and seminars, get drunk, listen to speakers, and last but
             not least, get drunk.
   *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
                 speak he's the guy that breaks into systems and is often (but by no
                 means always) a "script kiddie" see pheer
              2 . An edible biscuit usually crappy tasting without a nice dip, I like
                  jalapeno pepper dip or chives sour cream and onion, yum - Ed

    Ebonics - speaking like a rastafarian or hip dude of colour  also wigger
              Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
              ebonics, speaking in a dark tongue ... being ereet, see pheer

    EoC    - End of Commentary

    EoA    - End of Article or more commonly @HWA

    EoF    - End of file

    EoD    - End of diatribe (AOL'ers: look it up)

    FUD    - Coined by Unknown and made famous by HNN  - "Fear uncertainty and doubt",
            usually in general media articles not high brow articles such as ours or other
            HNN affiliates ;)

    du0d   - a small furry animal that scurries over keyboards causing people to type
             weird crap on irc, hence when someone says something stupid or off topic
             'du0d wtf are you talkin about' may be used.

   *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

   *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
            define, I think it is best defined as pop culture's view on The Hacker ala
            movies such as well erhm "Hackers" and The Net etc... usually used by "real"
            hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
            some coffee?' or can you hax0r some bread on the way to the table please?'

            2 - A tool for cutting sheet metal.

    HHN    - Maybe a bit confusing with HNN but we did spring to life around the same
             time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
             noun means the hackernews site proper. k? k. ;&

    HNN    - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html

    J00    - "you"(as in j00 are OWN3D du0d) - see 0wn3d

    MFI/MOI- Missing on/from IRC

    NFC   - Depends on context: No Further Comment or No Fucking Comment

    NFR   - Network Flight Recorder (Do a websearch) see 0wn3d

    NFW   - No fuckin'way

   *0WN3D - You are cracked and owned by an elite entity see pheer
   *OFCS  - Oh for christ's sakes

    PHACV - And variations of same 
            Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare

          Alternates: H - hacking, hacktivist
                      C - Cracking 
                      C - Cracking 
                      V - Virus
                      W - Warfare 
                      A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
                      P - Phreaking, "telephone hacking" PHone fREAKs ...
                     CT - Cyber Terrorism

   *PHEER -  This is what you do when an ereet or elite person is in your presence
            see 0wn3d

   *RTFM  - Read the fucking manual - not always applicable since some manuals are
            pure shit but if the answer you seek is indeed in the manual then you
            should have RTFM you dumb ass.

    TBC   - To Be Continued also 2bc (usually followed by ellipses...) :^0

    TBA   - To Be Arranged/To Be Announced also 2ba

    TFS   - Tough fucking shit.

   *w00t  - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
            from the underground masses. also "w00ten" 

            2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

    *wtf  - what the fuck, where the fuck, when the fuck etc ..

    *ZEN  - The state you reach when you *think* you know everything (but really don't)
            usually shortly after reaching the ZEN like state something will break that
            you just 'fixed' or tweaked.
            
     @HWA            
     
     
                            -=-    :.    .:        -=-
                            
                            
                            

 01.0 Greets!?!?! yeah greets! w0w huh. - Ed
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                           ____               _
                          / ___|_ __ ___  ___| |_ ___
                         | |  _| '__/ _ \/ _ \ __/ __|
                         | |_| | | |  __/  __/ |_\__ \
                          \____|_|  \___|\___|\__|___/


     Thanks to all in the community for their support and interest but i'd
     like to see more reader input, help me out here, whats good, what sucks
     etc, not that I guarantee i'll take any notice mind you, but send in
     your thoughts anyway.


       * all the people who sent in cool emails and support
       
     FProphet       Pyra                TwstdPair      _NeM_
     D----Y         Dicentra            vexxation      sAs72
     Spikeman       p0lix               Vortexia      Wyze1
     Pneuma         Raven               Zym0t1c       duro
     Repluzer       astral              BHZ           ScrewUp
     Qubik          gov-boi             _Jeezus_      Haze_
     thedeuce       ytcracker
     
     Folks from #hwa.hax0r,news and #fawkerz
     
     
               
     Ken Williams/tattooman ex-of PacketStorm,
          
     & Kevin Mitnick                      
     
     kewl sites:
     
     + http://www.hack.co.za  NEW
     + http://blacksun.box.sk. NEW
     + http://packetstorm.securify.com/ NEW
     + http://www.securityportal.com/ NEW
     + http://www.securityfocus.com/ NEW
     + http://www.hackcanada.com/
     + http://www.l0pht.com/
     + http://www.2600.com/
     + http://www.freekevin.com/
     + http://www.genocide2600.com/
     + http://www.hackernews.com/ (Went online same time we started issue 1!)
     + http://www.net-security.org/
     + http://www.slashdot.org/
     + http://www.freshmeat.net/
     + http://www.403-security.org/
     + http://ech0.cjb.net/

     @HWA


 01.1 Last minute stuff, rumours and newsbytes
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       "What is popular isn't always right, and what is right isn't
         always popular..."
                           - FProphet '99
                           
       

    +++ When was the last time you backed up your important data?
    
    ++  AMD demostrates 900 MHz chips
        December 17, 1999
        "Advanced Micro Devices Inc. has demonstrated two different versions of its Athlon microprocessor running at 900
        MHz. One uses the company's standard 0.18-micron process with aluminum interconnects, while the second is
        produced at the same line width but comes from AMD's Dresden, Germany, fab and features copper interconnects."
    
     
 
          
     
      Thanks to myself for providing the info from my wired news feed and others from whatever
      sources, also to Spikeman for sending in past entries.... - Ed
      
     @HWA

 01.2 MAILBAG - email and posts from the message board worthy of a read
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              
      Yeah we have a message board, feel free to use it, remember there are no stupid questions...
      well there are but if you ask something really dumb we'll just laugh at ya, lets give the
      message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org
      domain comes back online (soon) meanwhile the beseen board is still up...
        
      
    
      ==============================================================================
      
      
      
      
      

      

 02.0 From the editor.
      ~~~~~~~~~~~~~~~~

     #include 
     #include 
     #include 

     main()
         {
           printf ("Read commented source!\n\n");

     /*
          * *still sick* ! this will prolly be a shorter issue than
          * normal like last weeks, so enjoy what there is and we'll
          * be back on track soon... sorry for the lack of quality
          * I'm striving to catch up so I can provide you with the
          * info you're used to getting in these issues, the last
          * couple are definately not my best works.... hang in
          * there... This issue 'features' an interview with the
          * now defunct sSh... check it out, and I still want
          * articles so send em in!... cruciphux@dok.org          
          */
           
     printf ("EoF.\n");
           }

      

      Congrats, thanks, articles, news submissions and kudos to us at the
         
      main address: hwa@press.usmc.net complaints and all nastygrams and
         
      mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
         
      127.0.0.1, private mail to cruciphux@dok.org

     danke.

     C*:.
     
     -= start =--= start =--= start =--= start =--= start =--= start =--= start 
   
     
                       ____            _             _
                      / ___|___  _ __ | |_ ___ _ __ | |_
                     | |   / _ \| '_ \| __/ _ \ '_ \| __|
                     | |__| (_) | | | | ||  __/ | | | |_
                      \____\___/|_| |_|\__\___|_| |_|\__|
                           / ___|| |_ __ _ _ __| |_
                           \___ \| __/ _` | '__| __|
                            ___) | || (_| | |  | |_
                           |____/ \__\__,_|_|   \__|

             
     
                            
      -= start =--= start =--= start =--= start =--= start =--= start =--= 
                         
     
     
     
     
03.0  Melissa conviction to stop virus writers?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by Spikeman
      
      http://www.zdnet.com/filters/printerfriendly/0,6061,2406928-2,00.html

      --------------------------------------------------------------
      This story was printed from ZDNN,
      located at http://www.zdnet.com/zdnn.
      --------------------------------------------------------------
      
      Melissa conviction to stop virus writers?
      By Robert Lemos, ZDNN
      December 9, 1999 5:25 PM PT
      URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2406928,00.html
      
      Law enforcement officials and computer security specialists say that David L. Smith's conviction in
      the Melissa virus case -- the first successful prosecution of a virus writer in the United States --
      will have a strong chilling effect on other authors of malicious code.
      
      "We are hoping that the sentence has a significant deterrent impact," said Robert J. Cleary, the
      U.S. attorney for the District of New Jersey, who led the federal prosecution. "I think this will
      have the effect we want. Those predisposed to white-collar crimes really do balance risk versus
      reward."
      
      Smith, 31, pleaded guilty in both state and federal courts on Thursday, agreeing that the virus he
      wrote and released -- named "Melissa" after a Florida stripper -- caused $80 million in damages
      (the minimum monetary amount needed in order to trigger stiffer federal sentencing guidelines).
      
      Smith is expected to receive anywhere between a four- and five-year sentence in the federal case
      and up to a 10-year sentence in the state case, accompanied by total fines of up to $400,000. As
      part of the plea agreement, state prosecutors have recommended that the sentences run
      concurrently.
      
      "The sentencing guidelines attempt to minimize disparity. If that works here, then anyone else that
      sends a virus out that does $80 million in damage should expect a similar sentence," said Cleary.
      
      Melissa's March madness
      The Melissa macro computer virus hit companies on Friday, March 26 after being released to a
      Usenet newsgroup as part of a list of porn sites contained in a Word document infected with the
      virus.
      
      The virus, which mailed itself out to the first 50 addresses listed in the address book of Microsoft's
      Outlook e-mail client, caused a massive spike in e-mail traffic, flooding corporate e-mail servers.
      Companies such as Microsoft Corp. (Nasdaq:MSFT), Intel Corp. (Nasdaq:INTC), Lockheed
      Martin Corp. (NYSE:LMT) and Lucent Technologies Inc. (NYSE:LU) shut down their gateways
      to the Internet in the face of the threat.
      
      Smith -- then a resident of Aberdeen, N.J. -- was arrested on April 1 by New Jersey authorities.
      
      "This becomes a landmark case, because it's the first time the (U.S.) federal government has
      successfully prosecuted a computer virus writer," said Dr. Peter Tippett, chief technologist at
      computer security firm ICSA.net, which helped the U.S. prosecutors estimate the damages caused
      by Melissa.
      
      Deterrent effect
      Tippett and others point to a virus case in England as potential proof that such a deterrent could
      work.
      
      In November 1995, the UK courts sentenced Chris Pile -- known
      underground as the Black Baron -- to 18 months in jail. The 26-year-old,
      self-taught programmer admitted to five counts of unauthorized access to
      computers to facilitate crime and five unauthorized modifications of computer
      software over a two-year period.
      
      Since that time, no major viruses have come out of the UK, said Tippett.
      
      Smith appeared in Monmouth County, N.J., Superior Court at 10 a.m. ET
      on Thursday, followed by his appearance at the U.S. District Court in
      Newark at 1:30 p.m. ET to answer to federal charges in the case. In both
      courtrooms, Smith admitted his guilt and agreed with the damages.
      
      When the judge in the Monmouth County court case asked if Smith agreed that it caused $80
      million in damage to computer systems nationwide, Smith replied, "I certainly agree. It did result in
      those consequences -- without question."
      
      Edward Borden, Smith's attorney in the case, could not be reached for comment.


      @HWA      
      
04.0  Government asks hackers for Y2K break      
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2408969,00.html
      Contributed by Duro
      

      Government asks hackers for Y2K break
      
      President Clinton's Y2K guru asks for a hack
      moratorium during the New Millennium
      weekend.
      
      
      
      By Jim Wolf, Reuters 
      December 14, 1999 10:52 AM PT 
      
      
      WASHINGTON -- President Clinton's top aide on Y2K
      matters has urged computer hackers to exercise
      self-restraint until after year 2000 technology fears
      largely have passed. 
      
      In an unusual plea for mercy, John Koskinen, chairman of
      the President's Council on Year 2000 Conversion, said
      that some people regard piercing computer network
      security to be a "great public service" because it calls
      attention to security cracks. 
      
                    "Hopefully those people will recognize
                    we're going to have enough things
                    going on that (New Year's) weekend
                    that this will not be a particularly good
                    weekend to demonstrate the need for
                    more information security," he said on
                    Monday. 
      
      "If you want to, in fact, make those points, my hope is
      (you'll) make them the following weekend," when Y2K
      confusion is expected to have subsided, Koskinen said in
      reply to a reporter's question. 
      
      One major concern of authorities is that confusion during
      the century date change could mask a wide range of
      malicious anti-U.S. activity, including possible
      computer-based attacks by hostile nations or guerrillas. 
      
      Michael Vatis, the FBI agent who serves as the nation's
      top "cyber-cop," said last week that the interagency outfit
      he heads -- the National Infrastructure Protection Center
      -- would be on alert although it had no hard evidence of
      any planned attacks. 
      
      "It's natural to expect there might be people doing stupid
      things with computers," he said of possible cyber attacks
      timed to exploit any high-tech confusion sparked by the
      century date change. 
      
      Increased vigilance" urged
      Bruce McConnell, a former White House information
      technology expert who now runs the U.N.-sponsored
      International Y2K Cooperation Center, said viruses timed
      to trigger on Jan. 1 appeared to be spreading, notably
      hidden in e-mail attachments. 


                       "Clearly the end of the year is a
                       time for increased vigilance with
                       respect to computer security,"
                       McConnell said in a telephone
                       interview. 
      
                       Adding to the confusion may be
                       so-called denial-of-service attacks
      aimed at swamping government or private sector Web
      sites, according to Clark Staten, executive director of the
      Chicago-based Emergency Response and Research
      Institute. 
      
      Last week, the U.S. Office of Personnel Management
      announced it would interrupt its Internet services for
      "several hours" during the New Year's weekend as a
      guard against hackers, power surges and other possible
      Y2K headaches. The agency said it would bar access
      during that limited period to the many data banks
      normally available on its Web site. 
      
      The Defense Department and the U.S. Agriculture
      Department said last week they also were considering
      such precautions.
      
      Growing number of computer viruses seen
      Anti-virus software makers have reported a growing
      number of computer viruses timed to go off on or about
      Jan. 1, when systems engineered to recognize only the
      last two digits in a date field may confuse 2000 with
      1900. 
      
      "We are starting to see an increased frequency of viruses
      related to the year 2000. Some of them are timed to
      trigger on January first," said Narendar Mangalam,
      director of security strategy for Computer Associates, an
      Islandia, New York-based business computing firm. 
      
      The CERT Coordination Center, a Defense
      Department-funded computer security project at Carnegie
      Mellon University in Pittsburgh, said it did not consider
      Y2K viruses a greater threat than the many others it has
      tracked. 
      
      "There may be viruses that are particularly virulent that I'm
      not familiar with that are set to go off on January first,"
      Shawn Hernan, CERT's team leader for vulnerability
      handling, said in a telephone interview. 
      
      "In general, though, if you are susceptible to viruses that
      are spreading to be triggered on January first, you're
      going to be susceptible to those that are triggered to go
      off on January second and January third, and so on and
      so forth," he said. 
      
      The best defense, Hernan said, was keeping up to date
      with anti-virus software updates, avoiding running
      programs of unknown origin, maintaining backups, paying
      attention to anomalies and reporting them to network
      security administrators. 
      
      @HWA
      
05.0  China Upholds Death Sentence For Electronic Intruder 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/


      contributed by Ryan and Zorro 
      The death sentence, imposed as punishment for Hao
      Jingwen last year, was upheld by The Yangzhou
      Intermediate People's Court in eastern Jiangsu province.
      Jingwen, together with his brother Hao Jinglong,
      electronically broke into the system of a state run bank
      that one of them worked at and transferred somewhere
      between $31,000 and $87,000US (reports vary) into an
      account they opened under false names. The elder of
      the two brothers, Hao Jinglong, received life in prison
      instead of the death penalty for assisting the police in
      their investigation. 

      Reuters - via Yahoo
      http://dailynews.yahoo.com/h/nm/19991203/tc/china_hacker_1.html
      
      Associated Press - via Yahoo    
      http://dailynews.yahoo.com/h/ap/19991203/wl/china_death_sentences_1.html
      
      Friday December 3 11:47 PM ET 

      China Upholds Death Sentence for Computer Hacker

      BEIJING (Reuters) - A Chinese court has upheld the death sentence for a
      man who hacked into the computer system of a state bank to steal money,
      the Financial News reported on Saturday.

      The Yangzhou Intermediate People's Court in eastern Jiangsu province 
      rejected the appeal of Hao Jingwen, upholding a death sentence imposed
      last year, the newspaper said. Hao Jingwen and his brother Hao Jinglong
      hacked into the computer network of the Industrial and Commercial Bank 
      of China and shifted 720,000 yuan ($87,000) into accounts they had opened
      under false names, it said.

      They withdrew 260,000 yuan from the bank accounts in September last year,
      the newspaper said.

      Hao Jinglong, who was also originally sentenced to death, received a 
      suspended death sentence in return for his testimony, it said.

      ($1.0 - 8.28 yuan) 
      
      AP;
      
      Friday December 3 10:25 PM ET 

      Chinese Bank Hacker Gets Death

      BEIJING - A court in the southern city of Yangzhou has sentenced one man
      to death and his elder brother to life imprisonment for hacking into a 
      bank's computer system to steal $31,500, the state-run newspaper Beijing
      Morning Post said Saturday.

      An appeal by the two brothers was rejected after a higher court upheld the
      recent decision by the Yangzhou Intermediate Court, the report said.

      It said Hao Jingwen and Hao Jinglong used a homemade computer to hack into
      the Industrial and Commercial Bank of China's system, where they set up fake
      bank accounts.

      By the time they were caught, they had withdrawn $30,266 in embezzled funds.
      Police recovered all but $1,200 of it, the report said.

      It said the Hao Jinglong, the elder brother, got a lighter sentence because
      he had aided the police in their investigation.

      In a separate report, the newspaper Guangming Daily said Lin Guodi, the 
      director of the Machinery Bureau in central Hunan province, was sentenced 
      Friday to death for taking $638,000 in bribes. Lin's son, Lin Ruhai was given
      a life sentence and his wife, Zhao Youjuan, got a six-year jail term, it said.
      Lin and his son lost their appeals, it said.

      The reports did not say in either case if the death sentences had been carried
      out. 
      
      @HWA
      
06.0  Symantec Discovers Another Worm 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Nicola_Hibberd and no0ne 
      The W32.Mypics worm has four payloads. It emails itself
      to fifty people in your address book, changes the web
      browsers home page to a porn site and then attempts
      to reformat the local hard drive. Also on Jan 1, 2000 the
      worm attempts to overwrite the the checksum data in
      the host computer's CMOS. Symantic, the discoverer of
      the worm says that this is the fifth such virus it has
      found with a payload that triggers at the start of the
      new year. This worm appears to only infect people
      running email clients from Microsoft. 

      ZDNet UK
      http://www.zdnet.co.uk/news/1999/48/ns-11935.html
      
      Newsbytes - via CNNfn
      http://www.cnnfn.com/news/technology/newsbytes/140247.html
      
      Reuters - via Yahoo       
      http://dailynews.yahoo.com/h/nm/19991206/tc/yk_virus_3.html
      
      Fri, 03 Dec 1999 16:38:00 GMT
      Will Knight
      
      
      Symantec discover the nasty 'W32.Mypics worm' 
      
      A new mega-virus that combines three potentially devastating
      characteristics has been found in the wild by the research
      laboratories at Symantec Anti-Virus 
      
      Once the W32.Mypics worm arrives at an Outlook inbox, it sends
      itself out to 50 people in the address book and attempts to convert
      the Web browser's home page to a porn site. It also does its level
      best to format the local hard drive. 
      
      Although Symantec has received only a small number of reports of
      Mypics, Aled Miles managing director for Symantec UK and
      Ireland says now is a crucial period in the development of the virus
      that was found in the wild at 4.48 GMT Friday. "If it's going to
      break, it's going to do it soon," he warns. "This sort of thing
      happens very quickly." 
      
      Miles also believes Mypics represents a worrying new trend in
      virus technology. "The capability of viruses is increasing greatly,
      that's they key thing. There's a lot of talk about hype but you only
      need one of these to cause a lot of damage." 
      
      Another daunting prospect raised by Miles: "What happens if two
      or three of these happens at the same time? Time is definitely
      condensing. Is this going to be a trend continuing up to and
      beyond the New Year?" 
      
      A update for Symantec's anti-virus software that combats Mypics
      can be downloaded from the company's labs . 
      
      http://www.sarc.com/avcenter/venc/data/w32.mypics.worm.html
      
      -=-
      
      Dangerous Y2K Worm Starts Weekend With A Bang 
      December 03, 1999: 4:59 p.m. ET


      CUPERTINO, CALIFORNIA, U.S.A. (NB) -- By Steve Gold,
      Newsbytes. Symantec's [NASDAQ:SYMC] Anti-virus
      Research Center reported this morning that it has
      discovered a new worm virus that reformats PC users' hard
      disks and switches their Web browser home page to an
      adult site. 
        Yunsun Wee, a spokesperson for Symantec, told
      Newsbytes that the Y2K virus is no relation to the MiniZip
      worm virus that hit PC users earlier this week and is far
      more deadly. 
        "This is the fifth Y2K virus we've come across so far, but
      it's the most deadly in that it can reformat a user's hard
      disk, as well as cause other problems," she said. 
        Wee added that the virus was discovered overnight by the
      company's SARC operation, and, as a result, the company
      issued a public warning via the business wire service this
      morning. 
        "Unlike MiniZip, which everyone reported on earlier this
      week, and which was actually discovered some days earlier,
      we wanted to ensure that we got the warning message out
      as quickly as possible," she said. 
        Symantec says that the virus disguises itself as a Y2K
      problem, and is received as an e-mail attachment disguised
      as a picture. 
        Once the program infects the host PC, it attempts to
      send itself using Microsoft Outlook to up to 50 people in the
      users' Microsoft Outlook address book. It also changes the
      home page in Internet Explorer to a site containing adult
      content. 
        Additionally, Symantec warns, on Jan. 1, 2000, the
      program will overwrite the checksum data in the host
      computer's CMOS (complimentary metal oxide
      semiconductor) memory so when the system is rebooted
      the user will think that there may be a Y2K-related problem
      with the computer's BIOS (basic input/output system). 
        The firm says that, once the PC is restarted, the virus will
      attempt to format the local hard drives and erase all data. 
        Symantec says that the W32/Mypics.worm can be easily
      spotted, since it arrives in an e-mail, with no subject line.
      The body of the message reads, "Here's some pictures for
      you!" with a Pics4You.exe" attachment that is
      approximately 34,304 bytes in size. 
        Once the user opens the attachment, the worm loads
      itself into memory and executes by sending out copies of
      itself attached to e-mail addressed to up to 50 people in the
      user's address list. 
        In addition, Symantec says that the code modifies the
      system registry to load its dropped file "cbios.com" on
      system startup and also changes the user's home page in
      Internet Explorer to
      http://www.geocities.com/siliconvalley/vista/8279/index.html,
      a Web site that contains some adult content. 
        The firm advises PC users not to attempt to open the
      attached document. Symantec anti-virus users should also
      download a new definition set - available immediately
      through the company's LiveUpdate feature or from the
      Symantec Web site at
      http://www/symantec.com/avcenter/download.html . 
        Reported by Newsbytes.com, http://www.newsbytes.com
      . 
        10:22 CST Reposted 15:49 CST 
        (19991203/Press Contact: Yunsun Wee, Symantec
        
      -=-
     
      Monday December 6 2:43 AM ET 
      
      Virus Trackers Report Bug Aimed at Y2K
      
      SAN FRANCISCO (Reuters) - The computer world's mischief makers struck 
      this week with the first in what is expected to be a wave of viruses 
      set to go off Jan. 1, 2000, computer experts said on Friday.
      
      A virus was discovered in computer systems of a number of companies, set
      to go off at New Year's and erase data from users' hard drives, security
      experts reported.
      
      ``This is the first Y2K virus we've seen that has really infected a 
      number of people,'' said Sal Viveros, of Network Associates Inc. 
      (NasdaqNM:NETA - news) , the largest computer security firm in the world.
      
      Anti-virus firm Symantec Corp.(NasdaqNM:SYMC - news) director of research
      Vincent Weafer said, ``This is the kickoff for the Y2k -- which is going 
      to be like the Super Bowl for virus writers.''
      
      The new virus, called W32/Mypics.worm, is set to disable computers as 
      people try to start them up Jan. 1. The virus writer apparently is hoping
      to mislead users into thinking they've been hit by the much-publicized Y2K
      software bug, which is caused by computers' inability to read the ``00'' 
      of year 2000.
     
      The virus is sent by e-mail with no subject line to a target user. Inside
      the e-mail is a message saying ``Here's some pictures for you!'' Clicking
      on the picture launches the damaging virus, or worm, a kind of virus that
      does damage but doesn't continue to propagate itself inside the host computer.
     
      Like the earlier Melissa ``worm,'' the new infection uses the target 
      computer's Microsoft Outlook mailing list to send itself to 50 people via
      e-mail.
      
      It can be detected ahead of the Jan. 1 ``payload date'' through use of an 
      anti-virus software, or by noting a suspicious switch in the default page 
      of the user's Web browser.
      
      Computer security firm Symantech, the company that first sounded the alarm
      about the Y2K bug, said it has found five different Y2K viruses in recent 
      days, but none reaching the level of the W32/Mypics.worm, which it classed
      as a ``medium to high-risk virus.''
      
      Simon Perry, Computer Associate International Inc.'s (NYSE:CA - news) eTrust
      Business Manager said, ``As the year 2000 quickly approaches, we are starting
      to see an increased frequency of dangerous viruses.''
      
      The year has already been marked by a wave of destructive infections, 
      including the CIH, or Chernobyl Virus, which wiped out data on thousands of
      hard disk drives, and Melissa, which was one of the most widespread infections
      ever, though not as damaging to individual computers.
      
      A concerted effort to sound the alarm by computer protection services has 
      tended to dampen the spread of the viruses, though some see their alarms as
      self-serving, since most recommend a dose of their medicine, anti-virus 
      software, as the cure.
      
      ``Once a virus is in the wild, and it's on everyone's detection lists, it tends
      to chill a bit. But that doesn't mean it's not still a threat,'' said David 
      Perry, security firm Trend Micro Inc. (NasdaqSC:TIMC - news) pubic information
      director.
      
      The most basic advice the security experts give is to avoid opening unsolicited
      e-mails. ``Don't take candy from strangers,'' said Perry, ``and don't open 
      suspicious e-mails on your computer.'' 
      
      @HWA
      
07.0  EPIC Sues NSA Over Echelon 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by blueghost, knobdicker, and Alien Plaque 
      The Electronics Privacy Information Center (EPIC) has
      filed suit against the National Security Agency (NSA) in
      federal court in an attempt to gain more information
      about the agency's spy network dubbed Echelon, and to
      what extent the agency has been spying on American
      citizens. The NSA has 30 days to respond to the court
      filing. (I applaud EPIC for going after the NSA, however
      the courts have been very favorable to the NSA in past
      cases, so I personally doubt that much will come of
      this, but it's definitely worth a shot.) 

      Electronic Privacy Information center
      http://www.epic.org/
      
      Federal Computer Week
      http://www.fcw.com/pubs/fcw/1999/1129/web-lawsuit-12-3-99.html
      
      ZDNet       
      http://www.zdnet.com/zdnn/stories/news/0,4586,2404126,00.html?chkpt=zdnntop
      
      DECEMBER 3, 1999 . . . 17:35 


      Lawsuit claims NSA spying on Americans

      BY DANIEL VERTON (dan_verton@fcw.com)

      The privacy watchdog group Electronic Privacy Information Center today
      filed a lawsuit in federal court that aims to force the National Security Agency
      to release sensitive documents thought to contain evidence of surveillance
      operations against U.S. citizens.

      EPIC wants to obtain documents recently denied to Congress by NSA's
      General Counsel on the grounds of attorney/client privilege. NSA also has
      failed to reply to a Freedom of Information Act request filed by EPIC to
      obtain the documents. 

      The lawsuit centers on documents that are said to detail the operations of the
      so-called Echelon global surveillance network. Details surrounding Echelon
      came to light last year when the European Union launched a full-scale
      investigation into privacy abuses against European citizens by the NSA
      ["European Union may investigate U.S. global spy computer network,"
      fcw.com, Nov. 17, 1998].

      EPIC director Marc Rotenberg said in a statement released to the press, "The
      charter of the National Security Agency does not authorize domestic
      intelligence-gathering. Yet we have reason to believe that the NSA is engaged
      in the indiscriminate acquisition and interception of domestic communications
      taking place over the Internet."

      A spokesperson for the agency said, "NSA operates in strict accordance with
      U.S. laws and regulations in protecting the privacy rights of U.S. persons. Its
      activities are conducted with the highest constitutional, legal and ethical
      standards."

      Echelon, a Cold War-vintage global spy system, is believed to consist of a
      worldwide network of clandestine listening posts capable of intercepting
      electronic communications such as e-mail, telephone conversations, faxes,
      satellite transmissions, microwave links and fiber-optic communications traffic.

      EPIC is planning a major study of the Echelon network to be published next
      year that looks at the operations of signals intelligence agencies around the
      world, such as the NSA.

      "We expect that Congress will hold hearings on this early next year and we
      plan to pursue our case very aggressively," Rotenberg told FCW. "If the NSA
      is intercepting Internet communications of U.S. citizens -- and we believe they
      are -- then it is a critical question of Constitutional government to determine
       whether they are acting within the law or outside of it." 

      
      
      @HWA
      
08.0  Wyoming Newspaper Attacked 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Alien Plague 
      George Russell James, 26, of Laramie, Wyoming has
      been charged with one felony count of crime against
      computer users. James is accused of several
      unauthorized entries into Trib.com which is run by the
      Casper Star-Tribune. According to the Trib.com staff,
      the entries are said to have caused slowed online
      response time over a couple of days and disrupted the
      provider's news and information Web site. (From the
      information posted in this article it would seem that
      they don't have a very strong case against this guy.
      Unfortunately he will probably plead guilty instead of
      fighting these accusations.) 

      The Billings Gazette       
      http://www.billingsgazette.com/wyoming/991204_wyo02.html
      
      Laramie man charged with hacking into major Internet
      provider
     
      CASPER, Wyo. (AP) - A Laramie man has been
      charged with hacking into one of Wyoming's
      primary Internet service providers. 
     
      George Russell James, 26, surrendered at the
      Albany County Courthouse on Friday and was
      charged with one felony count of crimes against
      computer users, according to the state Division of
      Criminal Investigation. 
     
      James is accused of several unauthorized entries
      into trib.com, according to the Casper Star-Tribune,
      which administers the service. 
     
      Police searched James' apartment Thursday and
      seized a personal computer and other evidence,
      said Steve Miller, deputy director of the state
      Division of Criminal Investigation. 
     
      They also found about one-eighth ounce of
      marijuana and charged James with possession of a
      controlled substance, he said. 
     
      "Without going into a lot of detail, basically there are
      a lot of electronic footprints you can often trace
      back to the individual," he said of how James was
      pinpointed. 
     
      Trib.com staff said the tampering slowed online
      response time over a couple of days and disrupted
      the provider's news and information Web site. 
     
      "We haven't been able to manipulate the programs
      like we normally do, which has made stories
      awkward to read," Web site designer Fred Jacquot
      said. 
     
      Some subscribers who logged onto the site
      Thursday may have found pages with incomplete
      information or graphic artwork, he said. 
     
      Larry Ash, systems administrator for trib.com, said
      the problems resulted from a two-fold attack on the
      system. 
     
      First, the alleged hacker tapped into the trib.com
      server, which meant the entire system needed to be
      checked for possible flaws. 
     
      "We spent a lot of time tearing down the old system
      and building it up again from scratch," he said. 
     
      Then on Thursday, a program from a site in London
      jammed the trib.com network and slowed service to
      a crawl. The "denial of service attack" flooded the
      system with thousands of information requests. 
     
      "It's kind of like a water main that is split into lots of
      smaller pipes," said trib.com programmer Steve
      Claflin. "If one person draws all the water, no one
      else can get any." 
     
      The trib.com system was so tied up processing the
      information and repairing itself after the break-in that
      it could not respond as quickly to regular tasks. 
     
      Star-Tribune publisher Rob Hurless said trib.com
      staff were still checking computer logs Thursday to
      find out exactly what happened during the break-in. 
     
      The network was nearly back to normal operating
      speed Thursday afternoon, he said. 
     
      Miller said the trib.com break-in was among an
      increasing number of computer-related crimes DCI
      has looked into recently. 
     
      He said the agency, in cooperation with federal and
      local law enforcement agencies, has investigated
      18 reports of computer crimes in Wyoming,
      including seven in the last month. 
     
      "It's pretty crazy right now," Miller said. "I don't know
      if hacking is increasing or people are just identifying
      it more rapidly and reporting it." 
     
      Updated: Saturday, December 4, 1999
      Copyright  The Billings Gazette, a division of Lee Enterprises.
      
      @HWA
      
09.0  DoD Offers Military Docs to Surfers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      The Department of Defense has made available over
      100,000 documents on categories ranging from nuclear
      technology to explosives to communications security.
      There also seems to be a good chunk of information on
      TEMPEST. It is unknown how long this site will remain
      publicly available. Grab it while you can. 

      Defense Automation and Production Service       
      http://assist.daps.mil
      (Site appears locked up when I tried it... -Ed)
      
      @HWA
      
10.0  NSA Funds Supercomputer Upgrade 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      From HNN http://www.hackernews.com/

      contributed by biggranger 
      The National Security Agency is funding the upgrade of
      the San Diego Supercomputer Center from a Tera
      MTA-8 system to a MTA-16 system made by Tera
      Computer Company. The MTA-16 is based on a
      multithreaded architecture and retails for between 7 and
      10 million dollars. 

      Tera Computer Company         
      http://www.tera.com/www/press/mta16.html
      
      
      Tera Press Release;
      
      Tera Computer Company Receives First Purchase Order for a
                        Tera MTA-16 System 

               Funding Provided by National Security Agency 


      Contacts: 

      Lippert/Heilshorn & Assoc.
      Lillian Armstrong/David Barnard, CFA
      lillian@lhai-sf.com,david@lhai-sf.com
      415/433-3777
      Keith Lippert
      212/838-3777 

      Tera Computer Company
      Ken Johnson/Jim Rottsolk, 206/701-2000
      ken@tera.com,jim@tera.com
      or
      Terren S. Peizer, Chairman: 310/444-3222 



      SEATTLE, WASHINGTON, November 10, 1999 - Tera Computer
      Company (NASDAQ NM: TERA) today announced that it has received
      its first purchase order for a Tera MTA-16 system. This order represents
      an upgrade to the existing 8-processor Multithreaded Architecture (MTA)
      supercomputer now in use at the San Diego Supercomputer Center
      (SDSC). This upgrade, which doubles the size of SDSC's MTA system
      from 8 processors and 8 gigabytes of shared memory to 16 processors
      and 16 gigabytes of shared memory, is specially priced at $2.5 million.
      Initial purchases of Tera MTA-16 systems are typically priced at $7-10
      million, depending upon configuration. Delivery of the SDSC MTA-16 is
      expected by year-end 1999. 

      This order follows SDSC's successful evaluation of the MTA-8, which
      was initially funded by the National Science Foundation and the Defense
      Advanced Research Projects Agency. Funding for the MTA-16 upgrade
      is being provided by the National Security Agency (NSA). The MTA-16
      system will be used to run computationally demanding applications of
      interest to users, including medical researchers, graphics experts and
      computational chemists. 

      "Tera's multithreaded approach to parallel processing is of great interest
      not only to SDSC, but also to the entire high-end computing community,"
      said Sid Karin, Director of SDSC. "The performance achieved on our
      eight-processor MTA supports the argument that hardware multithreading
      will be the future of high-end computing. By doubling the size of our MTA,
      we expect to run some applications on it faster than on any other machine
      at SDSC. We further expect that this will allow us to transition some of our
      production workload to the MTA." 

      Jim Rottsolk, President and CEO of Tera Computer concluded, "The sale
      of an MTA-16 represents another significant milestone in our push toward
      full-scale commercialization of the MTA technology. The benefits of this
      transaction go beyond the purchase alone, as we will have access to the
      SDSC MTA-16 system, and plan to use it to demonstrate
      high-performance applications of interest to the industrial customer base,
      such as MSC NASTRAN and LS-DYNA3D. The currently installed base
      of vector processing supercomputers represents an attractive and timely
      market opportunity for the Tera MTA-16." 

      According to the International Data Corporation, there are approximately
      200 SGI/Cray Research vector supercomputers installed worldwide,
      constituting a large portion of the customer base of industrial
      supercomputing users. With an average selling price of approximately $10
      million each, this installed base is valued at $2 billion. Of those 200
      systems, about 60 T90s have been installed in the last three years, with the
      balance of that installed base representing previous generation systems
      such as the Cray C90. 

      Tera also announced that its Progress Report: Summer 1999 video is now
      available on VHS or CD-copies can be requested by visiting the Tera
      website at www.tera.com. Among those interviewed on this video are Sid
      Karin, SDSC's Director; Wayne Pfeiffer, SDSC's Deputy Director;
      Richard Charles, Greg Johnson, and Allan Snavely, three SDSC scientists;
      and Professor David McQueen, a medical researcher at New York
      University's Courant Institute. 

      About Tera Computer Company 

      Tera Computer Company designs, builds and sells high performance
      general-purpose parallel computer systems. Tera believes its Multithreaded
      Architecture system represents the next wave in supercomputer technology
      because of its unique ability to provide high performance, broad
      applicability and ease of programming in a single system. For more
      information about Tera and its MTA systems, contact Tera at 411 First
      Avenue South, Suite 600, Seattle, WA 98104-2860. Phone:
      206/701-2000. Fax: 206/701-2500. E-mail: info@tera.com, or
      www.tera.com. 

      Safe Harbor Statement 

      This press release contains forward-looking statements, among other
      things, Tera's plans to build larger MTA systems and the successful running
      of key applications on the MTA-16. There are certain factors that could
      cause Tera's execution plans to differ materially from those anticipated by
      the statements above. Among such factors are risks associated with
      building larger MTA systems, necessary modifications to software and
      hardware systems, timely availability of commercially acceptable
      components from third party suppliers and successful porting of third party
      applications. For a discussion of such risks, and other risks that could
      affect Tera's future performance, please see "Risk Factors" in Tera's most
      recent SEC Form 10-Q. 
      
      @HWA
      
11.0  "I was a teenage nmapper"
      ~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://geekmafia.dynip.com/~xm/
      
      
        I was a teenage nmapper.

        Perhaps the best place to start this story is with a disclaimer. Because 
        of possible legal implications and verbal agreements between the 
        sysadmin of an organization I am affiliated with, the companies involved 
        and myself, I am not       going to disclose any real information.

        The story begins at a large organization. I am a voluntary network / 
        network security consultant at times here. However, I am legally 
        forbidden to "attempt to bypass security restrictions on the network ... 
        or to aid others in doing so       by providing information (logins, 
        passwords, etc.) to do so with." However, the very nature of my informal 
        position involves me violating this agreement, with the permission of 
        the network admins. In the past, I have scanned the entire external 
        address block from my own personal network with permission. I recently 
        uncovered an unprotected webserver containing a network informational 
        chart listing unprotected netbios shares containing extremely sensitive 
        data. I attempted to see if these were exploitable without touching any 
        sensitive materials. After reporting my findings to the network admins, 
        I was given a little lecture about how I should have contacted them 
        before attempting something that potentially volatile.

        The organization where these events took place currently relies on a 
        filtering Internet proxy to provide web access to its ~1000 users. The 
        company that manufactures the proxy maintains the machine it runs on (an 
        UltraSPARC IV       running SunOS 5.7). Previously they have been given 
        some security alerts by me through the admin at my school. The proxy 
        maker was once a small startup but was recently acquired by a fairly 
        prominent software maker, so they have become increasingly corporate 
        since they began work with our organization.

        One day in mid/late November (1999), I was doing a little halfhearted 
        blackbox audit of one of the cgis in the package. I discovered a serious 
        vulnerability that could allow anyone to read any file on the system (by 
        transversing up       directories using "../../../../etc/motd" as a 
        parameter to a file argument in the cgi). I quickly reported this to my 
        sysadmin who passed in on to the company. I wanted to report the bug on 
        BugTraq but I was warned that this would be a violation of the agreement 
        I had signed (So I didn't).

        Meanwhile, I head home that day (Friday) and casually fire up nmap (nmap 
        -sS -O -v -v www.company.com) to see what they're running (out of 
        curiosity). On Monday afternoon, the sysadmin calls me into his office. 
        Apparently, the       company freaked out when they saw me scanning 
        them. During the code audit of the hole, they realized that the scope of 
        the bug was far greater than I had uncovered (I assume a buffer overflow 
        but the engineer I spoke to couldn't comment). They were about to email 
        me a thank-you when they saw the incoming scan. The company responded by 
        basically scanning me back and probing a few key services: sendmail 
        (actually postfix), finger and web. They realized that the "attack" 
        against their network was coming from a machine belonging to the guy who 
        had just discovered a huge hole in their network. Not knowing if I 
        realized the total potential of the hole in their system, they pulled 
        the plug on their network connection and made hard copies of all 
        relevant info. They consulted their legal counsel in their parent 
        company.

        Under Rhode Island, Massachusetts and federal law, my benign, simple 
        stealth port scan was perfectly legal. However, since the webserver I 
        scanned was located in Virginia (home of ambiguous anti-spam laws), I 
        may have violated       the Virginia Internet Policy Act (or some other 
        AOL/NSI-backed civil-liberty violating, 
        anti-freespeach^H^H^H^H^H^H^H^H^H^Hspam law). To quote CNET:

        "... Aiming in part to ease congestion on networks owned by Internet 
        service providers such as AOL and MCI WorldCom, the commission wants 
        unsolicited bulk email or communication that is "fraudulent, 
        unauthorized, or otherwise       illegal [to be] prosecuted just as it 
        would in any other medium." Virginia's "computer trespassing" law, which 
        means using an ISP's equipment without permission, also should be 
        updated, the Act states." 

        Anyway, I was informed about this on Monday afternoon. I was quickly on 
        the phone with Russell, a very friendly Cisco / TCPIP-oriented guy at 
        the company. He said they had decided not to pursue legal action and we 
        discusses       security issues. He was quite friendly and even invited 
        me to visit the proxy maker's offices if I was in the area. 

        What did we learn? 

           Nmap -D www.microsoft.com,www.aol.com,www.yahoo.com,ME            
           Corporate takeovers of small guys suck Don't disclose information 
           except through BugTraq. 

      If anyone has comments on the technical accuracy, legal accuracy, content 
      or wants to point me at some resources email xm@geekmafia.dynip.com.       
      
      @HWA
      
12.0  NIST Meeting Open To The Public 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The next meeting of the Computer System Security and
      Privacy Advisory Board of the National Institute of
      Standards and Technology will be open to the public.
      The meeting will be held from December 7, thru
      December 9, 1999. The meeting will be held in Lecture
      Room B of the NIST Administration Building in
      Gaithersburg, Maryland. 

      Computer System Security and Privacy Advisory Board
      http://csrc.nist.gov/csspab/
      
      Federal Register: December 2, 1999 - via Crytome      
      http://cryptome.org/csspab120299.txt
      
      @HWA
      
13.0  NT Passes Government Security Certifications 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench and KnobDicker 
      Windows NT has been certified as compliant with
      Federal Information Processing Standard 140-1 (FIPS
      140-1) and the C2 level of the Trusted Computer
      System Evaluation Criteria (TCSEC). Windows 95, 98
      and 2000 have also received FIPS 140-1 certification.
      The C2 certification only applies to stand-alone,
      non-networked machines. Operating systems used by
      the Department of Defense are supposed to carry a
      security rating of C2 or higher, despite the fact that
      DoD has used NT since 1996. This ends a long battle for
      Microsoft to achieve this security certification. (We still
      say "C2 my ass.") 

      Government Executive Magazine
      http://www.govexec.com/dailyfed/1299/120699j1.htm
      
      ZD Net
      http://www.zdnet.com/zdnn/stories/news/0,4586,2404702,00.html?chkpt=zdnntop
      
      HNN Archive for January 13, 1999
      http://www.hackernews.com/arch.html?011399
      
      NW Fusion - NT Failed FIPS a Year Ago
      http://www.nwfusion.com/news/1999/0222fips.html
      
      L0pht Heavy Industries - More Info Regarding Government Certifications      
      http://www.l0pht.com/cyberul.html
      
      December 6, 1999

      DAILY BRIEFING

      Microsoft wins government
      security certifications

      By Joshua Dean
      jdean@govexec.com

      Microsoft Corp.'s Windows NT Server and desktop operating
      systemsproducts that are heavily used at many federal
      agencieslast week received two important security
      certifications from the federal government. 

      The Windows NT 4.0 network operating system was certified
      as compliant with Federal Information Processing Standard
      140-1 (FIPS 140-1) and the C2 level of the Trusted
      Computer System Evaluation Criteria (TCSEC). The desktop
      operating systems Windows 95 and Windows 98 and the
      forthcoming Windows 2000 also won FIPS 140-1
      certification.

      "FIPS 140-1 is the certification which is more important," said
      Rick Therrien, leading edge services deputy in the Office of the
      Navy's Chief Information Officer. "FIPS 140-1 deals with
      information interchange on computers that are networked, as
      well as secure e-mail, authenticating onto a network and
      accessing secure Web sites." 

      Therrien estimates that the Navy uses Windows NT on more
      than 400,000 computers globally. In addition, the Marine
      Corps just converted from Banyan Systems Inc.'s Vines
      network software to Windows NT 4.0.

      FIPS 140-1 was created by the National Institute of Standards
      and Technology. It lays out security requirements for the
      cryptography module within an operating system.

      Windows NT 4.0 was also tested by a private laboratory and
      certified by the National Computer Security Center, a unit of
      the National Security Agency, as achieving the C2 level of
      security. C2 products have demonstrated they can:

           Identify and authenticate system users 
           Limit data access to only approved users 
           Audit system and user actions 
           Prevent access to files that have been deleted by others 

      Therrien cautioned that while certification for Windows NT 4.0
      is reassuring, "no operating system is 100 percent secure. What
      you have now is a way to calculate risks. We now have a way
      to quantify where our risks are. Without certification, there
      would be much more guesswork involved."

      Microsoft's new operating system, Windows 2000, is
      scheduled to be released in February.

      The network configuration used in evaluating the security of the
      NT 4.0 network operating system, as updated with Service
      Pack 6a consisted of single- and multi-processor Proliant
      servers from Compaq Computer Corp., along with Compaq
      PCs and printers and storage subsystems from
      Hewlett-Packard Co.
      
      -=-
      
      ZDnet;
      
      Microsoft wins high-level security rating

      After more than a year, Microsoft obtains the
      NSA's key C2 rating for NT 4.0.
      
      
      
      By Mary Jo Foley, Sm@rt Reseller
      UPDATED December 6, 1999 4:18 PM PT 
      
      
      As Microsoft closes in on completing development of
      its next-generation Windows 2000 operating system,
      it finally has managed to receive the elusive C2
      security rating for its NT 4.0 operating system. 
      
      On Dec. 2, Microsoft Corp. (Nasdaq:MSFT) announced it
      had received the C2 rating for NT 4.0 Server and
      Workstation. Prior to last Friday, Microsoft had received
      the C2 rating only for NT 3.5. 
      
                       C2 is a basic security rating that
                       is one of several evaluations
                       awarded by the National Security
                       Agency, based on its Trusted
                       Computer System Evaluation
                       Criteria, or "Orange Book" criteria.
                       Information systems purchased
                       by the Department of Defense are
      supposed to carry at least a C2 rating. 
      
      Microsoft has been in pursuit of the C2 rating for NT 4 for
      more than a year. Originally, Microsoft had hired an
      independent contractor named Edward Curry to help the
      company obtain a C2 rating for NT 3.5 in the mid-1980s.
      But in 1995, Microsoft ended Curry's contract for reasons
      the company declined to divulge publicly. 
      
                          Curry brought to the
                          Department of Defense's
                          attention late last year the fact
                          that Microsoft had not
                          obtained C2 certification for
                          any release of NT beyond 3.5.
      In March of this year, while continuing to make known his
      concerns regarding Microsoft's alleged lack of
      operating-system security, Curry died suddenly of a
      stroke. 
      
      Prior to Curry's death, Microsoft hired Science
      Applications International Corp. (SAIC) to continue its C2
      
      certification efforts. A year ago, SAIC was predicting
      Microsoft would pass its first C2 milestone within weeks. 
      
      Microsoft officials have said they expect to be able to
      submit immediately Windows 2000 for evaluation under a
      newly merged U.S./U.K. security evaluation process,
      called Common Criteria Consolidation. 
      
      @HWA
      
14.0  Mitnick's Codefendant Sentenced 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Ryan 
      Lewis DePayne has been sentenced by US District Judge
      Mariana Pfaelzer to six months of home detention with
      five years of probation, 225 hours of community service
      and a fine of $2,500. DePayne pleaded guilty earlier this
      year to a single count of wire fraud for his involvement
      in a scheme with Kevin Mitnick to defraud Nokia of
      proprietary software for mobile phones. 

      ZD Net       
      http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2404937,00.html
      
      Mitnick Codefendant Sentenced

      Accused hacker faces probation,
      community service, and fine.
      By Iolande Bloxsom  December 6, 1999 

      Kevin Mitnick's codefendant, Lewis
      DePayne, was sentenced today in federal
      court in Los Angeles. Unlike the imprisoned
      hacker, DePayne was not restricted in his
      use of computers. 

      US District Judge Mariana Pfaelzer
      sentenced DePayne to five years of
      probation, which includes six months of
      home detention. He will also be required
      to serve 225 hours of community service
      (to be determined by the probation office)
      and to pay a $2,500 fine and the cost of
      any home detention. 

      DePayne pled guilty on April 16 of this
      year to a single count of wire fraud.
      According to the plea agreement, in May
      of 1994 he and Mitnick participated in a
      scheme to defraud Nokia of proprietary
      software for mobile phones. DePayne
      admitted to placing a call to a Nokia office
      in Florida pretending to be a Nokia
      supervisor named K.P. Wileska. 

      In the plea agreement, the approximate
      value of the software was set at
      $240,000. However, the judge ordered
      DePayne to pay only about one tenth of
      that amount as a fine. In Mitnick's case,
      Judge Pfaelzer set the fine higher, at
      $4,125, but still significantly lower than
      the prosecution's suggested restitution of
      $1.5 million. 

      @HWA
      
15.0  Videon Suffers Second Intrusion 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by r@ven 
      Videon Internet, based in Winnipeg Canada, has
      suffered its second major intrusion in one week.
      Sensitive account information, including e-mail
      passwords, evidently were compromised. A complaint
      has been filed with the Winnipeg Police Service's
      commercial crimes unit. The company has has shut
      down their email server "for the security of Videon
      customers". 

      Winnipeg Free Press           
      http://205.200.191.20/cgi-bin/LiveIQue.acgi$rec=4241?local
      
      Videon security blown again

      Customers without e-mail after latest hack attack
     
     
      Sun, Dec 5, 1999

      By Paul McKie

      Staff Reporter

      THOUSANDS of Videon customers who pay a premium price for high-speed 
      Internet access are without e-mail today after another hacker broke into 
      the system.

      Videon general manager Debra Jonasson-Young confirmed the company was once 
      again the victim of a hacker who had access to sensitive account 
      information, including e-mail passwords.

      "We were hacked last week. This is a different hack. I want to make it 
      perfectly clear -- we were hacked both times," said Jonasson-Young.

      The second security breach was discovered Friday afternoon and a complaint 
      has been filed with the Winnipeg Police Service's commercial crimes unit, 
      Jonasson-Young said. A decision was made to shut down the @Home e-mail 
      server at 1:30 a.m. yesterday for the security of       Videon customers.

      Jonasson-Young said she didn't know how long the server would be down. 
      Customers still have web access, however, and can continue to surf the 
      Internet. 

      She said Videon is continuing to work with an outside security agency to 
      remedy the situation and has been advised not to bring the server back up 
      until it is secure. She couldn't say when the e-mail server would be 
      operational again.

      One Videon customer, who requested anonymity, said he was astounded when 
      he discovered the Videon Internet system had been hacked again and he 
      hadn't been warned.

      "A week ago when it happened, they promised it would never happen again," 
      he said. The customer, one of 2,700 who use the service, called Videon 
      yesterday to get his new password after his old password was compromised.

      "The lady said she was sorry, another breach had happened," he said. 
      "There are just too many things Videon does wrong . . . they're pretty 
      screwed up over there."

      Jonasson-Young said cable-modem customers were informed of the latest 
      breach when they called in yesterday. But she said Videon was also 
      beginning a call-out campaign to affected users. She said that last week 
      the company e-mailed customers, but that wasn't an option       this time 
      with the mail server down. 

      She noted the Internet is a public-domain area that presents a myriad of 
      security problems. "There's always a risk that something can happen, no 
      matter what kind of line you're on," Jonasson-Young said .

      Videon's competitors beg to disagree. Reg Parkin, corporate security 
      manager for Manitoba Telecom Services, agreed that when word gets out that 
      a site has been hacked, others will always try it again.

      However, Parkin said that at MTS, where Internet access is through phone 
      lines, personal information is kept in a different site not accessible 
      through the Internet.

      He said the trick to security is having several layers, like an onion 
      skin, so that if any one layer is stripped away, there's still protection 
      in place. "I don't recall there ever being a breach. There have been 
      attempts," he said.

      Videon isn't the only victim of hackers. Last summer, the mighty Microsoft 
      had its Hotmail system, with 50 million users, infiltrated.

      Parkin said that because of such incidents, security has to be constantly 
      evolving. "It's more vigilance. If you wait for something to happen and 
      react to it, you're in trouble," he said.

      Jonasson-Young said she's aware of the knocks against Videon and the 
      company is trying to correct them. "We're under the spotlight right now; 
      we recognize that."

      But she said people must also recognize that both the company and the 
      customers are victims.

      "It's been a crime perpetrated against us," she said.
      
      @HWA
      
16.0  GSM Phones No Longer Secure 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by C0nd0r 
      Alex Biryukov and Adi Shamir two Israeli researchers
      have discovered design flaws in the algorithm A5/1
      which is present in digital GSM phones. This algorithm is
      used in phones made by Motorola, Ericsson, and
      Siemens. Over 330 million GSM phones are in use around
      the world. While this research does indicate how the
      encryption may be broken, actually intercepting that
      signal is not explained. 

      Wired       
      http://wired.lycos.com/news/print/0,1294,32900,00.html
      
      Cell Phone Crypto Penetrated 
      by Declan McCullagh 
      
      10:55 a.m. 6.Dec.1999 PST 
      Israeli researchers have discovered design flaws that allow the 
      descrambling of supposedly private conversations carried by hundreds of 
      millions of wireless phones. 

      Alex Biryukov and Adi Shamir describe in a paper to be published this week 
      how a PC with 128 MB RAM and large hard drives can penetrate the security 
      of a phone call or data transmission in less than one second. 

      

      The flawed algorithm appears in digital GSM phones made by companies such 
      as Motorola, Ericsson, and Siemens, and used by well over 100 million 
      customers in Europe and the United States. Recent estimates say there are 
      over 230       million users worldwide who account for 65 percent of the 
      digital wireless market. 

      Although the paper describes how the GSM scrambling algorithm can be 
      deciphered if a call is intercepted, plucking a transmission from the air 
      is not yet practical for individuals to do. 

      James Moran, the fraud and security director of the GSM Association in 
      Dublin, says that "nowhere in the world has it been demonstrated --an 
      ability to intercept a call on the GSM network. That's a fact.... To our 
      knowledge there's       no hardware capable of intercepting." 

      The GSM Association, an industry group, touts the standards as "designed 
      to conform to the most stringent standards of security possible from the 
      outset [and] unchallenged as the world's most secure public digital 
      wireless system." 

      Not any more. 

      Shamir says the paper he co-authored with a Weizmann Institute of Science 
      colleague in Rehovot, Israel, describes a successful attack on the A5/1 
      algorithm, which is used for GSM voice and data confidentiality. It builds 
      on the       results of previous attempts to attack the cipher. 

      "It's quite a complex idea, in which we fight on many fronts to accumulate 
      several small improvements which together make a big difference, so the 
      paper is not easy to read or write," Shamir, a co-inventor of the RSA 
      public key       crypto system in 1977, said in an email to Wired News. 

      
      A group of Silicon Valley cypherpunks has organized previous efforts to 
      highlight what they view as the poor security of GSM encryption standards. 

      In April 1998 they reported that it was possible to clone a GSM phone, 
      which the US Cellular Telecommunications Industry Association dismissed as 
      more theoretical than practical. The North American GSM Alliance similarly 
      dismissed       cloning as a serious threat in a statement. 

      Earlier this year, the group, which includes Marc Briceno, Ian Goldberg, 
      and David Wagner, described how to penetrate the less-secure GSM A5/2 
      algorithm used in some Pacific rim countries in less than a second. In May 
      1999 they       released the source code to A5/1, which the Weizmann 
      Institute computer scientists used in their analysis of the cipher. 

      "Because of Biryukov and Shamir's real-time attack against A5/1 and our 
      group's 15 millisecond attack against A5/2, all the GSM voice privacy 
      ciphers used worldwide can be broken by an attacker with just a single PC 
      and some radio       hardware," Briceno said. 

      "Since the voice privacy encryption is performed by the handset, only 
      replacing the handset would address the flaws found in the recent 
      attacks," he said. 

      The GSM Alliance's Moran said he needed time to review the paper, which 
      has not yet been released. But he said it would be a topic of a discussion 
      at the next GSM security working group meeting on 16 December. 

      Previously the GSM encryption algorithms have come under fire for being 
      developed in secret away from public scrutiny -- but most experts say high 
      security can only come from published code. 

      Moran said "it wasn't the attitude at the time to publish algorithms" when 
      the A5 ciphers was developed in 1989, but current ones being created will 
      be published for peer review. 
      
      
      @HWA
      
17.0  DARPA Looks At Face Recognition Technology 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Face recognition technology has been around for a
      while. Cameras mounted on street lamps in a few British
      cities have been picking faces out of the crowd for over
      a year. Now DARPA is interested in using this technology
      in conjunction with other biometric technology such as
      thermal signature of the blood vessels in the head and
      the shape of a person's ear to create a more accurate
      and complete system. 

      Scientific American
      http://www.sciam.com/1999/1299issue/1299techbus5.html
      
      HNN Archive for October 20, 1998       
      http://www.hackernews.com/arch.html?102098
      
      Defense Technology 

                        SEEN BEFORE

  
      To guard against terrorism, the Pentagon looks to image-recognition 
      technology 
      
      
      In the East London borough of Newham, a surveillance network of more than 
      200 cameras keeps watch on pedestrians and passersby, employing a 
      facial-recognition system that can automatically pick out known criminals 
      and alert local authorities to their presence. Not surprisingly, civil 
      liberties groups oppose the system--Privacy International, a human-rights 
      group, gave the Newham council a "Big Brother" award last year on the 50th 
      anniversary of the publication of George Orwell's famous novel. The 
      council, however, claims overwhelming support from citizens who are more 
      concerned about crime than about government intrusions. It could count as 
      one of its supporters the U.S. Department of Defense, which is keeping 
      tabs on the Newham system as well as on other, related technologies. The 
      department hopes that some combination of "biometrics" will vastly improve 
      its ability to protect its facilities worldwide.

      For the military, biometrics usually means technologies that can identify 
      computer users by recognizing their fingerprints or voices or by scanning 
      their irises or retinas. But after a terrorist truck bomb blew up the 
      Khobar Towers U.S. military barracks in Saudi Arabia in 1996, killing 19, 
      the Pentagon elevated to the top of its priority list the need for "force 
      protection"--namely, keeping troops abroad safe from attack. That spurred 
      the Defense Advanced Research Projects Agency, essentially a Pentagon 
      hobby shop, to action. Building on some ongoing work with video 
      surveillance and modeling techniques, as well as on commercial (but still 
      experimental) technologies such as those used to identify automatic-teller 
      machine customers by scanning their faces, DARPA set out to investigate 
      the potential for a network of biometric sensors to monitor the outsides 
      of military facilities.

      The result is a program known as Image Understanding for Force Protection 
      (IUFP), which the agency hopes to get started in 2001. Described by the 
      Pentagon as "an aggressive research and development effort," IUFP is 
      supposed to improve site surveillance capabilities by "creating new 
      technologies for identifying humans at a distance."

      Biometric systems in use with ATM machines and computers have two 
      advantages over what DARPA has in mind: proximity and cooperation. For 
      military purposes, biometric sensors and networks must be able to "see" 
      and identify subjects from distances of between 100 and 500 feet--subjects 
      who probably don't want to be identified. In addition, they must be 
      capable of picking faces out of crowds in urban environments, keeping 
      track of repeat visitors who, according to DARPA's George Lukes, "might be 
      casing the joint," and alerting users to the presence of known or 
      suspected terrorists. Databases could even be shared by different 
      facilities, informing security officials, for example, that the same 
      person is showing up repeatedly near different potential targets.

      The software behind Newham's anticrime system that has drawn DARPA 
      interest is called FaceIt, from New Jerseybased Visionics Corporation. 
      FaceIt scans the visages of people and searches for matches in a video 
      library of known criminals. When the system spots one of those faces, the 
      authorities are contacted. A military version might work the same way. 
      Over the past year, according to a DARPA document recently sent to 
      Congress, "several new technical approaches have been identified" that 
      could provide improved face recognition at longer distances, as well as 
      extend the range of iris-recognition systems.

      DARPA believes, however, that combining several types of technologies 
      could form a network that is more capable than a single system. New 
      concepts it is exploring include the thermal signature of the blood 
      vessels in the head, which some researchers suspect is as unique to a 
      person as his or her fingerprints; the shape of a person's ear; and even 
      "the kinetics of their gait," in DARPA's words. "There are some unique 
      characteristics to how people move that allow you to recognize them," 
      explains DARPA's David Gunning. After conducting a "thorough analysis" of 
      existing technologies, the agency says it is "ready to begin immediately 
      with the new developments." The Pentagon hopes to spend $11.7 million in 
      2000 on the IUFP program--a good deal of money for a DARPA effort.

      The potential for an integrated network of identification techniques has 
      understandably generated significant interest among defense and 
      intelligence agencies that are prime targets for terrorists. "There's a 
      lot of enthusiasm," Gunning says--after all, through the marriage of 
      recognition systems and surveillance technologies, DARPA thinks it has a 
      handle on how to keep track of "one of the few detectable precursors" to 
      terrorist attacks.


      --Daniel G. Dupont
      
      
      @HWA
      
18.0  More Info On the Phonemasters Revealed 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Maggie 
      They were arrested almost five years ago but the
      massive inroads made into the nations
      telecommunications systems is only now becoming fully
      clear. The Phonemasters coordinated what is being
      called one of the largest computer intrusion schemes in
      U.S. history. As the case finnally draws to a close and
      the various members of the group receive their
      sentences a few new tidbits of information are coming
      out. (We are still amazed at how little press coverage
      this case has gotten.) 

      Union Tribune
      http://www.uniontrib.com/news/uniontrib/sun/news/news_1n5hacker.html
      (Story has moved, couldn't locate it online - Ed)
      
      HNN Archive for October 4, 1999       
      http://www.hackernews.com/arch.html?100499
      
      @HWA
      
19.0  Proactive AntiVirus Software Now Available 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Finjan Software has introduced a proactive first-strike
      security solution, SurfinShield Corporate, claims to block
      worms and other malicious code by monitoring the
      behavior of programs rather than relying on a known
      virus signature. By using a proactive monitoring
      technique to 'sandbox' programs and monitor their
      behavior SurfinShield can instantly block programs that
      violate a security policy, such as attempting to delete a
      user's files. 

      PR Newswire
      http://library.northernlight.com/FB19991206040000127.html?cb=0&dx=1006&sc=0#doc
      
      Finjan Software      
      http://www.finjan.com/
      
      TROJAN WORM ATTACKS CLOUD THE FUTURE OF REACTIVE ANTI-VIRUS SOFTWARE 
      FINJAN'S PROACTIVE FIRST-STRIKE SECURITY SOFTWARE STOPS MALICIOUS CODE By 
      Monitoring Code Behavior and Requires No Database Updates


      Story Filed: Monday, December 06, 1999 7:30 AM EST 

      SAN JOSE, Calif., Dec 6, 1999 /PRNewswire via COMTEX/ -- As last week's 
      MiniZip worm proved, current anti-virus software technology is not able to 
      protect users from first-strike attacks by malicious code in the Internet 
      age. Compression or "packer"       tools such as NeoLite can be used to 
      change the signature of known Trojan horse programs, making them invisible 
      to anti-virus software. Finjan Software's proactive first-strike security 
      solution, SurfinShield Corporate, blocks worms such as MiniZip by 
      monitoring the behavior of programs rather than relying on a known virus 
      signature. 

      "If you take the ten-thousand plus known Trojans multiplied by the ten or 
      more available compressor utilities, you're looking at more than 100, 000 
      Trojan horses that can pass right through anti-virus software today 

      -- without writing a single new attack," said Bill Lyons, president and

      CEO of Finjan Software, Inc. "Without a doubt, whether it's MiniZip 2 or a 
      new Trojan worm, more of these types of attacks are coming." 

      Compression Tools Packers are legitimate compression tools that can 
      compress windows executable (."EXE") files, much like how people use the 
      well-known WinZip product to compress document or graphics files before 
      e-mailing. However, with these       packer tools, the resulting 
      compressed executable will bypass any static anti-virus scanning engine 
      because the virus signature is changed and the anti-virus software will 
      not recognize it. 

      There are dozens of commercial and free compression tools that can be used 
      to hide known Trojan horses and worms from anti-virus software, including 
      AS-pack, PECompact, Petite, PKLite, NeoLite, Shrinker and WWpack32. 

      The real risk is that anyone now can take one of these packer tools and 
      easily develop new attacks with known Trojan horse programs. With easy to 
      use "point and click" interfaces, there is no more need for programming 
      skills. One simply takes an old attack,       compresses it with the 
      packer tool of choice and creates a brand new attack. 

      Why Anti-Virus is Not Enough Millions of dollars can be lost due to 
      deleted files and lost productivity in the first 24 hours when a malicious 
      code attack first strikes. Anti-virus companies and security experts agree 
      that anti-virus software cannot stop these new       types of attacks: 

      "The problem with anti-virus software is that it's inherently reactive," 
      said Dan Schrader, vice president of new technology at Trend Micro Inc. 
      "We have artificial intelligence for identifying viruses, but virus 
      writers are good at getting around heuristics." (source:       
      Computerworld) 

      Sal Viveros, Network Associates, Inc. marketing manager insisted no 
      available anti-virus product could have detected MiniZip. "It is 
      impossible to detect beforehand all the different variables out there they 
      use to write a malicious attack," said Viveros. (source:       
      Computerworld) 

      "We're at a turning point right now," said Carey Nachenberg, chief 
      scientist for the Symantec Anti-virus Research Center. "We need to 
      re-examine our anti-virus software, and companies need to re-examine their 
      anti-virus strategies." (source: ZDNet News) 

      "The pattern matching security offered by most anti-virus software 
      providers is antiquated. It's akin to practicing medicine with leeches," 
      said Dr. Gary McGraw, vice president of corporate technology at Reliable 
      Software Technologies. "To be truly effective,       modern security 
      approaches must be proactive, not reactive." 

      New Approach Needed: First-Strike Security Finjan's SurfinShield Corporate 
      software uses a proactive monitoring technique to "sandbox" programs and 
      monitor their behavior and instantly block programs that violate a 
      security policy, such as attempting to       delete a user's files. 
      Finjan's product acts as a filtering mechanism between a PC's operating 
      system and the program, to monitor and block malicious behavior. 

      "By itself, anti-virus software is not an effective defense against new 
      attacks because of its reactive nature," said Donna Slattery, security 
      analyst with The Hurwitz Group. "Companies should supplement their 
      anti-virus protection with proactive solutions like       Finjan's 
      first-strike security software." 

      Finjan educated its customers and partners this morning about compression 
      tools (alert is below). 

      About Finjan Software Finjan Software is the leader in First-Strike 
      Security(TM) software, delivering proactive security solutions that 
      protect companies and computer users from first-strike malicious code 
      attacks. Finjan allows companies to conduct e-business       and 
      e-commerce safely with best-of-breed security products that enforce 
      multiple lines of defense and protect critical data. Finjan is a privately 
      held company based in San Jose, Calif. For more information, visit 
      www.finjan.com. 

                                  Finjan Software, Inc.                                  
                                  Compression Tools Alert 12/6/99

          Finjan customers and partners,

      As MiniZip showed us last week, compression and packer tools are now being 
      used to pass Trojan executable files through anti-virus software and 
      successfully launch new attacks. We thought it might be helpful to show 
      you what we've found out about these       tools. 

          Compression Tools  (aka "Packers")

      OVERVIEW Compression tools or "packers" can compress windows executable 
      (."EXE") files much like the well-known WinZip product. The resulting 
      compressed executable will bypass any static anti-virus scanning engine 
      (because the virus signature is       compressed). However, these programs 
      allow a compressed file to decompress and run automatically without 
      requiring the same utility to open it. 

      MiniZip Worm was a "packed" version of the ExploreZip worm that struck in 
      June 1999. The only difference is that MiniZip was compressed with a 
      commercial utility called NeoLite. NeoLite is a publicly available "point 
      and click" software program ($25) that       can be used to "cloak" known 
      Trojan executables. 

      There are many different commercial and free packers available on the Web, 
      including: 

          ASPack           Cexe PECompact PE-Pack Petite PKLite Shrinker UPX 
          WWpack

      With an estimated 10,000-plus known Trojan horses, times a minimum of 10 
      packer tools, hackers can select from more than 100,000 Trojans to create 
      new attacks that may bypass your anti-virus software. And with these easy 
      to use compression tools, it no       longer requires programming 
      experience to create new attacks. 

      It appears that the immediate reaction by anti-virus vendors to stop 
      MiniZip is to block the NeoLite pattern. Finjan believes that there may be 
      legal issues with regards to blocking commercial applications from 
      operating at the desktop. Unfortunately, the only       approach that is 
      plausible, based on present AV technology, may be to spot the NeoLite or 
      other compression pattern, decompress, and compare the result to the 
      original pattern (e.g., ExploreZip). A major problem, however, comes from 
      recursive attacks; that is, wrappers around wrappers, where a Trojan worm 
      is packed multiple times with other packers. The negative affect of 
      resolving and analyzing such files is a massive performance hit. That's 
      why we believe that behavior blocking is the more appropriate answer. 

      HOW TO PROTECT YOURSELF Supplement your anti-virus software with 
      first-strike security solutions. Finjan's SurfinShield Corporate will 
      protect users from new "packed" Trojan executables through its proactive 
      monitoring technology that "sandboxes"       executables and blocks any 
      executable program that violate security policies. 

      By monitoring actual code behavior, Finjan's SurfinShield Corporate 
      protects PCs without requiring users to download any software patch or 
      pattern update. 

      SOURCE Finjan Software (C) 1999 PR Newswire. All rights reserved. 
      http://www.prnewswire.com 

      CONTACT:       Sharon Sim-Krause of Shandwick International, 650-596-5880, 

      ext. 4278, or skrause@shandwick.com, for Finjan Software; or Dave Kroll of 
      Finjan Software, 408-324-0228, ext. 307, or dave@finjan.com 

      WEB PAGE:            http://www.finjan.com GEOGRAPHY:     California 

      INDUSTRY CODE: CPR MLM 

      Copyright  1999, PR Newswire, all rights reserved.
      
      @HWA
      
      
20.0  South African Web Pages Defaced 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Zilly 
      The website of the SA Police Service (SAPS) along with
      a dozen other local sites was defaced last Sunday. The
      SAPS said it believed security measures were sufficient
      to prevent access to confidential information. The
      South African Law Commission is working on a new
      computer crimes act which is expected to have
      proposals for this sort of crime. 

      Business Day       
      http://WWW.BDAY.CO.ZA/99/1206/news/news2.htm
      
      
      Hackers deface police
      website with
      obscenities 

      Simphiwe Xako


      COMPUTER hackers claiming responsibility for two
      recent attacks on Statistics SA's website have vandalised
      several other internet pages, including the website of the
      SA Police Service (SAPS).

      The hackers, operating under the name "B1nary
      Outlawz", alerted newspapers to their most recent
      attacks with e-mail messages yesterday, one of which
      contains obscenities directed at Telkom. These messages
      characterised the attacks on the Stats SA website.

      "SA Police website hacked by B10Z - www.saps.co.za.
      Another high-profile hack by the B10Z crew 
      www.statssa.gov.za, www.eskom.co.za,
      www.saps.co.za," one e-mail said.

      Text and links on the default page of the SAPS website
      were replaced by obscenities directed at the police. The
      SAPS insignia was distorted and the hackers' insignia
      superimposed on it.

      About a dozen other locally-based websites were
      targeted in a similar way. 

      A Telkom representative, who asked not to be named,
      said she did not believe the hackers had anything against
      Telkom in particular, but targeted large companies in
      general. "This is a case of juvenile (delinquents seeking)
      approval. You can even see (it in) the type of language
      they use," she said.

      The SAPS could not confirm the extent of the attack on
      its website last night, but said it believed security
      measures were sufficient to prevent access to confidential
      information.

      Supt Welma Nortje of the SAPS's management services
      said: "We have a daily backup system to ensure that
      information remains highly confidential."

      Detectives would investigate the attack and trace the
      culprits.

      The SA Law Commission is working on a discussion
      document on a new computer crimes act which is
      expected to include proposals on ways of dealing with
      computer hackers.
      
      @HWA
      
21.0  Not Just a Game Anymore 
      ~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Brian Martin 
      The response to Brian Martin's previous article Is it
      Worth It proved so overwhelming that a more thorough
      article was warranted. This time Mr. Martin takes an in
      depth look at just what laws apply and who investigates
      web page defacements. 

      Buffer Overflow 
      http://www.hackernews.com/orig/buffero.html
      
      
      
      Not Just a Game Anymore


      By: Brian Martin 
 
 
      This is a followup to a previous article titlted Is it worth it?
      Dispelling the myths of law enforcement and hacking, released on
      November 22, 1999 via Hacker News Network.
 
      Included with this article are several sanitized copies of various
      documents pertaining to computer crime investigations. Names,
      dates and locations have been changed.
 
      Some of the information in this article may be a bit redundant
      from the last article, but is done in order to present a self
      standing article that is as complete as possible. Some of the links
      to agency homepages have been changed to point to their true
      home page, not just the system hosting the page.
 
      Topics:
      More on Search and Seizure
      The Search 
      The Seizure 
      Statute of Limitations
      What exactly is illegal?
      More on Punishment 
 
      Investigating Agencies:
      Federal Bureau of Investigations (FBI)
      Defense Criminal Investigative Service (DCIS)
      NASA Office of the Inspector General (NASA OIG)
      Naval Criminal Investigative Service (NCIS)
      U.S. Army Criminal Investigation Command (USACIDC)
      Royal Canadian Mounted Police (RCMP)
      Defense Computer Forensic Laboratory (DCFL)
 
      Appendix and Additional Information
      A - Search and Seizure Warrant
      B - Search and Seizure Warrant, Attachment A (apartment)
      C - Search and Seizure Warrant, Attachment A (colocated
      machine)
      D - Search and Seizure Warrant, Attachment C 
      E - Warrant for Arrest> 
      F - Indictment 
      G - USDOJ Press Release 
 
 
      More on Search and Seizure
 
      Before any Law Enforcement (LE) officer/agent may step foot in
      your place of living, they must obtain a search warrant that gives
      them explicit permission to do so. The warrant will list the
      physical address of the premises to be searched, a description of
      the establishment, a time frame for the search and seizure, and a
      list of acceptable material that may be seized. The warrant is
      likely to be issued by your District Court to the agent in charge of
      the investigation.
 
      Rather than explain each part of the search and seizure warrant,
      I have included a sanitized vrsion of one with this article. From
      my experience and communication with others, the warrant
      included can be taken as a very typical and standard version
      used throughout the U.S. Appendix A includes the first page of
      the warrant which details the premisis to be searched, dates,
      who will conduct the seizure and more. Appendix B is a copy of
      Attachment A which is a wordy description of the premises to be
      searched. Appendix C is a copy of Attachment C which lists all
      material covered under the search and seizure guidelines.
 
      Appendix A - Search and Seizure Warrant
      Appendix B - Search and Seizure Warrant, Attachment A
      (apartment)
      Appendix C - Search and Seizure Warrant, Attachment A
      (colocated machine)
      Appendix D - Search and Seizure Warrant, Attachment C
 
      Some notes and observations about the material contained in
      Appendix A. Outlined on the warrant, the agents may conduct
      the search and seizure either between the hours of 6:00am -
      10:00pm, OR "at any time in the day or night as I find reasonable
      cause has been established". One of the two options should be
      struck through and initialed by the Judicial Officer. Also included
      is a date that the search must be executed by.
 
      The Search
 
      Being subjected to an FBI search and seizure is an interesting
      experience to say the least. No official wording on any warrant
      can come close to explaining the experience. Typically arriving at
      your residence between 6:00 and 8:00am, almost a dozen agents
      are ready to toss your apartment to fufill the warrant. After being
      greeted at gunpoint and your residence secured, the agents will
      mark each room with a postit note and number. These numbers
      correspond to the receipt they leave you detailing what material
      was taken from each room.
      
      In keeping with standard search and seizure practice, not much is
      left unturned. Some of the places you can expect the agents to
      search:
      
      Under the bed, between the sheets, between the
      frame/box
      Behind each and every hanging picture, especially framed
      Under/Behind dressers and furniture
      In the reservoir of your toilet
      Any attic or crawl space
      Every drawer, cupboard, container, shelf or other storage
      area
      Inside the refridgerator/freezer
      Under/Inside any cushion with removable insides
      Between the pages of books
      In air vents or other commonly used places to conseal
      items
      
      If this does not help paint a picture that agents are rather
      thorough, let me clear it up. They are quite thorough. Do they
      find everything? Not all the time. In some cases agents even miss
      items out in the open that they might normally take. To balance
      this, they almost always take a considerable amount of material
      that is completely irrelevant or esoteric.
      
      For the most part, you can also dismiss any notions you may
      have about hiding items before the raid. When they knock on the
      door, they will not give you time to do anything short of opening
      the door and complying with their demands. If they have any idea
      that you may be destroying evidence, they are empowered with
      the ability to forcibly enter your residence, physically detain you,
      and carry on.
      
      The search and seizure will not be short by any means. You can
      expect it to last anywhere from a few hours to a full day. During
      this time you will be questioned by a number of agents regarding
      anything and everything they might think to ask. I don't know if it
      is intentional and designed to throw you off, but they may ask
      extremely bizarre questions that lead you to wonder about their
      intelligence. During this questioning do one of two things.
      
      Refuse to answer ALL questions until your lawyer is
      present.
      Answer questions honestly.
      
      Lying to law enforcement agents may seem like a clever thing to
      do at the time, but it is much more likely to hurt you in the long
      run. If caught in a single lie during questioning, it will further
      encourage the agents to question you more. They also have the
      option of charging you with obstruction of justice if so inclined.
      When an agent gets it through their head that you are guilty, bad
      news for you regardless of your guilt or innocense.
      
      It is extremely important that you realize your rights. UNDER NO
      CIRCUMSTANCE do you have to answer questions without the
      presence of your lawyer. No matter what the LE agent says,
      suggests, or implies, this is a fundamental right. In many cases,
      raid victims are not being charged with a crime. Because of this,
      their rights are not read to them. Just because you aren't under
      arrest does not mean those rights are waived! The courts have
      recently found that police can be sued if they discourage raid
      victims from consulting a lawyer. More on this ruling can be found
      in this Washington Post article.
      
      The Seizure
      
      What can LE Agents take from you? EVERYTHING. You can't
      argue about it either. While they may take material that is not
      explicitly covered under the warrant and may later be forced to
      give it back to you, that doesn't help you when they are
      rummaging through your house. Re-read the list of material that
      are covered under Attachment C again and think about how
      broad it is.
      
      It is safe to say that absolutely anything remotely computer
      related is covered under the warrant. There are a few things that
      are also covered under the guidelines that tend to surprise people
      when confiscated.
      
      "electronic organizers": these include ones with mini
      keyboards like the Sharp organizers, as well as touch
      screen like Palm Pilots.
      "personal diaries": even your little black journal detailing
      sexual exploits, or a notepad with poetry.
      "books, newspaper, and magazine articles concerning
      hacking": this includes ANY computer book in your
      residence. Newspapers or magazines that have security or
      hacker articles are included.
      "cassette tapes, video cassette tapes, and magnetic
      tapes": If it isn't a store bought tape, it is subject to
      seizure. Doesn't matter if it contains episodes of the
      Beavers or pornography.
      "fax machines": despite a fax machine typically not having
       the ability to store information long term, it is fair game.
                "indicia of occupancy or tenancy..": Any paperwork or proof
           that you own or rent your place. Any sales receipts, billing
           records or anything else close.
           "other items ... in violation of Title 18..": Perhaps the worst
           listing of them all, this allows them to take just about
           anything else they may deem necessary.
 
 
 
      Statute of Limitations
 
      Another often asked question is how long the feds can
      investigate you. As long as they want. For most cases, LE can
      investigate a crime for up to five years after it was committed.
      This is known as the Statute of Limitations and means how long
      they can investigate and press charges against you for the crime.
      Hypothetically that is. If the crime is serious, several agents have
      assured me that the U.S. Government will find a way to stretch
      that timeframe.
 
      Regardless, if the agents have not made a case against you, the
      government attorney's will not press charges. Even so, you can
      expect them to hold onto any seized equipment until the
      conclusion of their investigation. If they go so far as seizing
      equipment and not pressing charges, you can expect to get your
      stuff back 1,825 days after it was taken, just to spite you.
 
 
      What exactly is illegal?
 
      Thanks to the vague (or was it intentional?) wording of the Title
      18 laws, several actions you may consider harmless could fall into
      murky legal territory. As a DCIS agent recently said in a
      conversation about the last article, "Even if you telnet to a
      machine and type anything in, that can be attempted intrusion!".
      As fascist as that may sound, it is true. Any activity or
      connections to a remote machine without authorization may be
      illegal. Because it is partially based on intent and partially based
      on your activities, this is still somewhat uncharted territory. While
      it is highly unlikely you will be charged for portscanning a
      machine, repeated poking at an open port could be enough to
      spark interest in your activities.
 
      Another term often used by agents and lawyers is "illegal access
      device" (IAD). What has turned into another all encompassing
      term, this can be used for a wide variety of things in a case
      against you. Some of the few things that fall into this category:
 
           login/passwd: Any login and password for any type of
           system be it unix, VAX/VMS, voice mail or something else.
           ESN/MIN: Cloning cell phones is illegal as you know, but
           each ESN/MIN pair counts as one IAD.
           CC/Exp: Each Credit Card w/ Expiration Date. Remember, it
           takes both pieces to purchase anything.
           Access keycard: Find an access device in the dumpster?
           Pick it up after someone dropped it? This allows access
           (illegally) into a building.
           Employee ID: Like an access keycard, these are often used
           to bypass controlled access points or visual checks at
           guard desks.
 
      Consider that when some hackers are busted, they are caught
      with a list of thousands of logins and passwords to systems
      around the world. Disturbing to think that each one can be used
      as a felony charge against you. When federal agents hold up to a
      thousand felony charges over your head, it is often enough to
      make you want to cut a deal. This is one reason that strong
      encryption is the friend of hackers.
 
 
      More on Punishment
 
      The punishment for hacking crimes is growing. Convicted hackers
      five years ago could expect a light slap on the wrist, a few hours
      of community service, and not much else. These days, a single
      felony count of computer hacking can lead to 15 months in jail
      along with restitution in the tens of thousands of dollars. 
      Looking at a verbose list of restrictions placed on Kevin Mitnick,
      examine them closely and consider what they really entail.
 
      While the following restrictions may not be applied to every case,
      consider that they have been applied to one convicted hacker.
      Further consider that as such, these restrictions may be used as
      case law in future court hearings. The following restrictions are
      taken from a larger document concerning Kevin Mitnick and the
      restrictions.
      
      http://www.kevinmitnick.com/081898writ.html#release_conditions
      
      A. Absent prior express written approval from the Probation Officer,
      the Petitioner shall not possess or use, for any purpose, the
      following:
      
      1. any computer hardware equipment;
      
      2. any computer software programs;
      
      3. modems;
      
      4. any computer related peripheral or support equipment;
      
      5. portable laptop computer, 'personal information assistants,'
      and derivatives;
      
      6. cellular telephones;
      
      7. televisions or other instruments of communication equipped with
      on-line, internet, world-wide web or other computer network
      access;
      
      8. any other electronic equipment, presently available or new
      technology that becomes available, that can be converted to
      or has as its function the ability to act as a computer system
      or to access a computer system, computer network or
      telecommunications network (except defendant may possess a
      'land line' telephone);
      
      B. The defendant shall not be employed in or perform services for any
      entity engaged in the computer, computer software, or
      telecommunications business and shall not be employed in any
      capacity wherein he has access to computers or computer related
      equipment or software;
      
      C. The defendant shall not access computers, computer networks or other
      forms of wireless communications himself or through third parties;
      
      D. The defendant shall not acts as a consultant or advisor to
      individuals or groups engaged in any computer related activity;
      
      E. The defendant shall not acquire or possess any computer codes
      (including computer passwords), cellular phone access codes or other
      access devices that enable the defendant to use, acquire, exchange
      or alter information in a computer or telecommunications database
      system;
      
      F. The defendant shall not use any data encryption device, program or
      technique for computers;
      
      G. The defendant shall not alter or possess any altered telephone,
      telephone equipment or any other communications related equipment.
      
      For a period of THREE years, being subjected to these
      restrictions. Not only does your primary hobby go away, your
      means for stable income are at serious risk. Think of every job
      you could hold with these restrictions and life does not look so
      pleasant. Even working at Taco Bell requires the use of
      computerized registers. Telemarketing and other menial tasks that
      once were viable methods of income also go away. Jobs that
      consist mostly of physical labor become about the only option left
      to you. Don't forget, many companies will not hire convicted
      felons, even for physical labor.
      
      Court ordered restitution will be a new world of difficulty. Many
      people fail to realize that not only are restitution amounts fairly
      significant, but they must be paid back in a timely fashion. Oh
      yeah, remember that you are not likely to hold a job that pays
      more than six bucks an hour. So how much is US$50,000 when it
      comes down to it? Consider that you might be able to earn
      US$25,000 a year if you are fortunte. Giving up your entire salary
      would allow you to pay it off in two years. If you can live off of
      US$15,000 (poverty level), you could then pay back the
      restitution in only five years. Five years of living at a poverty
      level.
      
      Is defacing a web page and putting up a message "hackerX 0wnz
      j00" REALLY worth it?Not Just a Game Anymore
      
      
      By: Brian Martin 
      
      
      This is a followup to a previous article titlted Is it worth it?
      Dispelling the myths of law enforcement and hacking, released on
      November 22, 1999 via Hacker News Network.
      
      Included with this article are several sanitized copies of various
      documents pertaining to computer crime investigations. Names,
      dates and locations have been changed.
      
      Some of the information in this article may be a bit redundant
      from the last article, but is done in order to present a self
      standing article that is as complete as possible. Some of the links
      to agency homepages have been changed to point to their true
      home page, not just the system hosting the page.
      
      Topics:
      More on Search and Seizure
      The Search 
      The Seizure 
      Statute of Limitations
      What exactly is illegal?
      More on Punishment 
      
      Investigating Agencies:
      Federal Bureau of Investigations (FBI)
      Defense Criminal Investigative Service (DCIS)
      NASA Office of the Inspector General (NASA OIG)
           Naval Criminal Investigative Service (NCIS)
      U.S. Army Criminal Investigation Command (USACIDC)
      Royal Canadian Mounted Police (RCMP)
      Defense Computer Forensic Laboratory (DCFL)
 
      Appendix and Additional Information
      A - Search and Seizure Warrant
      B - Search and Seizure Warrant, Attachment A (apartment)
      C - Search and Seizure Warrant, Attachment A (colocated
      machine)
      D - Search and Seizure Warrant, Attachment C 
      E - Warrant for Arrest> 
      F - Indictment 
      G - USDOJ Press Release 
 
 
      More on Search and Seizure
 
      Before any Law Enforcement (LE) officer/agent may step foot in
      your place of living, they must obtain a search warrant that gives
      them explicit permission to do so. The warrant will list the
      physical address of the premises to be searched, a description of
      the establishment, a time frame for the search and seizure, and a
      list of acceptable material that may be seized. The warrant is
      likely to be issued by your District Court to the agent in charge of
      the investigation.
 
      Rather than explain each part of the search and seizure warrant,
      I have included a sanitized vrsion of one with this article. From
      my experience and communication with others, the warrant
      included can be taken as a very typical and standard version
      used throughout the U.S. Appendix A includes the first page of
      the warrant which details the premisis to be searched, dates,
      who will conduct the seizure and more. Appendix B is a copy of
      Attachment A which is a wordy description of the premises to be
      searched. Appendix C is a copy of Attachment C which lists all
      material covered under the search and seizure guidelines.
 
      Appendix A - Search and Seizure Warrant
      Appendix B - Search and Seizure Warrant, Attachment A
      (apartment)
      Appendix C - Search and Seizure Warrant, Attachment A
      (colocated machine)
      Appendix D - Search and Seizure Warrant, Attachment C
 
      Some notes and observations about the material contained in
      Appendix A. Outlined on the warrant, the agents may conduct
      the search and seizure either between the hours of 6:00am -
      10:00pm, OR "at any time in the day or night as I find reasonable
      cause has been established". One of the two options should be
      struck through and initialed by the Judicial Officer. Also included
      is a date that the search must be executed by.
 
      The Search
 
      Being subjected to an FBI search and seizure is an interesting
      experience to say the least. No official wording on any warrant
      can come close to explaining the experience. Typically arriving at
      your residence between 6:00 and 8:00am, almost a dozen agents
      are ready to toss your apartment to fufill the warrant. After being
      greeted at gunpoint and your residence secured, the agents will
      mark each room with a postit note and number. These numbers
      correspond to the receipt they leave you detailing what material
      was taken from each room.
 
      In keeping with standard search and seizure practice, not much is
      left unturned. Some of the places you can expect the agents to
      search:
 
           Under the bed, between the sheets, between the
           frame/box
           Behind each and every hanging picture, especially framed
           Under/Behind dressers and furniture
           In the reservoir of your toilet
           Any attic or crawl space
           Every drawer, cupboard, container, shelf or other storage
           area
           Inside the refridgerator/freezer
           Under/Inside any cushion with removable insides
           Between the pages of books
           In air vents or other commonly used places to conseal
           items
 
      If this does not help paint a picture that agents are rather
      thorough, let me clear it up. They are quite thorough. Do they
      find everything? Not all the time. In some cases agents even miss
      items out in the open that they might normally take. To balance
      this, they almost always take a considerable amount of material
      that is completely irrelevant or esoteric.
 
      For the most part, you can also dismiss any notions you may
      have about hiding items before the raid. When they knock on the
      door, they will not give you time to do anything short of opening
      the door and complying with their demands. If they have any idea
      that you may be destroying evidence, they are empowered with
      the ability to forcibly enter your residence, physically detain you,
      and carry on.
 
      The search and seizure will not be short by any means. You can
      expect it to last anywhere from a few hours to a full day. During
      this time you will be questioned by a number of agents regarding
      anything and everything they might think to ask. I don't know if it
      is intentional and designed to throw you off, but they may ask
      extremely bizarre questions that lead you to wonder about their
      intelligence. During this questioning do one of two things.
 
           Refuse to answer ALL questions until your lawyer is
           present.
           Answer questions honestly.
 
      Lying to law enforcement agents may seem like a clever thing to
      do at the time, but it is much more likely to hurt you in the long
      run. If caught in a single lie during questioning, it will further
      encourage the agents to question you more. They also have the
      option of charging you with obstruction of justice if so inclined.
      When an agent gets it through their head that you are guilty, bad
      news for you regardless of your guilt or innocense.
 
      It is extremely important that you realize your rights. UNDER NO
      CIRCUMSTANCE do you have to answer questions without the
      presence of your lawyer. No matter what the LE agent says,
      suggests, or implies, this is a fundamental right. In many cases,
      raid victims are not being charged with a crime. Because of this,
      their rights are not read to them. Just because you aren't under
      arrest does not mean those rights are waived! The courts have
      recently found that police can be sued if they discourage raid
      victims from consulting a lawyer. More on this ruling can be found
      in this Washington Post article.
 
      The Seizure
 
      What can LE Agents take from you? EVERYTHING. You can't
      argue about it either. While they may take material that is not
      explicitly covered under the warrant and may later be forced to
      give it back to you, that doesn't help you when they are
      rummaging through your house. Re-read the list of material that
      are covered under Attachment C again and think about how
      broad it is.
 
      It is safe to say that absolutely anything remotely computer
      related is covered under the warrant. There are a few things that
      are also covered under the guidelines that tend to surprise people
      when confiscated.
 
           "electronic organizers": these include ones with mini
           keyboards like the Sharp organizers, as well as touch
           screen like Palm Pilots.
           "personal diaries": even your little black journal detailing
           sexual exploits, or a notepad with poetry.
           "books, newspaper, and magazine articles concerning
           hacking": this includes ANY computer book in your
           residence. Newspapers or magazines that have security or
           hacker articles are included.
           "cassette tapes, video cassette tapes, and magnetic
           tapes": If it isn't a store bought tape, it is subject to
           seizure. Doesn't matter if it contains episodes of the
           Beavers or pornography.
           "fax machines": despite a fax machine typically not having
           the ability to store information long term, it is fair game.
           "indicia of occupancy or tenancy..": Any paperwork or proof
           that you own or rent your place. Any sales receipts, billing
           records or anything else close.
           "other items ... in violation of Title 18..": Perhaps the worst
           listing of them all, this allows them to take just about
           anything else they may deem necessary.
 
 
 
      Statute of Limitations
 
      Another often asked question is how long the feds can
      investigate you. As long as they want. For most cases, LE can
      investigate a crime for up to five years after it was committed.
      This is known as the Statute of Limitations and means how long
      they can investigate and press charges against you for the crime.
      Hypothetically that is. If the crime is serious, several agents have
      assured me that the U.S. Government will find a way to stretch
      that timeframe.
 
      Regardless, if the agents have not made a case against you, the
      government attorney's will not press charges. Even so, you can
      expect them to hold onto any seized equipment until the
      conclusion of their investigation. If they go so far as seizing
      equipment and not pressing charges, you can expect to get your
      stuff back 1,825 days after it was taken, just to spite you.
 
 
      What exactly is illegal?
 
      Thanks to the vague (or was it intentional?) wording of the Title
      18 laws, several actions you may consider harmless could fall into
      murky legal territory. As a DCIS agent recently said in a
      conversation about the last article, "Even if you telnet to a
      machine and type anything in, that can be attempted intrusion!".
      As fascist as that may sound, it is true. Any activity or
      connections to a remote machine without authorization may be
      illegal. Because it is partially based on intent and partially based
      on your activities, this is still somewhat uncharted territory. While
      it is highly unlikely you will be charged for portscanning a
      machine, repeated poking at an open port could be enough to
      spark interest in your activities.
 
      Another term often used by agents and lawyers is "illegal access
      device" (IAD). What has turned into another all encompassing
      term, this can be used for a wide variety of things in a case
      against you. Some of the few things that fall into this category:
 
           login/passwd: Any login and password for any type of
           system be it unix, VAX/VMS, voice mail or something else.
           ESN/MIN: Cloning cell phones is illegal as you know, but
           each ESN/MIN pair counts as one IAD.
           CC/Exp: Each Credit Card w/ Expiration Date. Remember, it
           takes both pieces to purchase anything.
           Access keycard: Find an access device in the dumpster?
           Pick it up after someone dropped it? This allows access
           (illegally) into a building.
           Employee ID: Like an access keycard, these are often used
           to bypass controlled access points or visual checks at
           guard desks.
 
      Consider that when some hackers are busted, they are caught
      with a list of thousands of logins and passwords to systems
      around the world. Disturbing to think that each one can be used
      as a felony charge against you. When federal agents hold up to a
      thousand felony charges over your head, it is often enough to
      make you want to cut a deal. This is one reason that strong
      encryption is the friend of hackers.
 
 
      More on Punishment
 
      The punishment for hacking crimes is growing. Convicted hackers
      five years ago could expect a light slap on the wrist, a few hours
      of community service, and not much else. These days, a single
      felony count of computer hacking can lead to 15 months in jail
      along with restitution in the tens of thousands of dollars. 
      Looking at a verbose list of restrictions placed on Kevin Mitnick,
      examine them closely and consider what they really entail.
 
      While the following restrictions may not be applied to every case,
      consider that they have been applied to one convicted hacker.
      Further consider that as such, these restrictions may be used as
      case law in future court hearings. The following restrictions are
      taken from a larger document concerning Kevin Mitnick and the
      restrictions.
 
      http://www.kevinmitnick.com/081898writ.html#release_conditions
 
      A. Absent prior express written approval from the Probation Officer,
      the Petitioner shall not possess or use, for any purpose, the
      following:
 
          1. any computer hardware equipment;
 
          2. any computer software programs;
 
          3. modems;
 
          4. any computer related peripheral or support equipment;
 
          5. portable laptop computer, 'personal information assistants,'
             and derivatives;
 
          6. cellular telephones;
 
          7. televisions or other instruments of communication equipped with
             on-line, internet, world-wide web or other computer network
             access;
 
          8. any other electronic equipment, presently available or new
             technology that becomes available, that can be converted to
             or has as its function the ability to act as a computer system
             or to access a computer system, computer network or
             telecommunications network (except defendant may possess a
             'land line' telephone);
 
      B. The defendant shall not be employed in or perform services for any
         entity engaged in the computer, computer software, or
         telecommunications business and shall not be employed in any
         capacity wherein he has access to computers or computer related
         equipment or software;
 
      C. The defendant shall not access computers, computer networks or other
         forms of wireless communications himself or through third parties;
 
      D. The defendant shall not acts as a consultant or advisor to
         individuals or groups engaged in any computer related activity;
 
      E. The defendant shall not acquire or possess any computer codes
         (including computer passwords), cellular phone access codes or other
         access devices that enable the defendant to use, acquire, exchange
         or alter information in a computer or telecommunications database
         system;
 
      F. The defendant shall not use any data encryption device, program or
         technique for computers;
 
      G. The defendant shall not alter or possess any altered telephone,
         telephone equipment or any other communications related equipment.
 
      For a period of THREE years, being subjected to these
      restrictions. Not only does your primary hobby go away, your
      means for stable income are at serious risk. Think of every job
      you could hold with these restrictions and life does not look so
      pleasant. Even working at Taco Bell requires the use of
      computerized registers. Telemarketing and other menial tasks that
      once were viable methods of income also go away. Jobs that
      consist mostly of physical labor become about the only option left
      to you. Don't forget, many companies will not hire convicted
      felons, even for physical labor.
 
      Court ordered restitution will be a new world of difficulty. Many
      people fail to realize that not only are restitution amounts fairly
      significant, but they must be paid back in a timely fashion. Oh
      yeah, remember that you are not likely to hold a job that pays
      more than six bucks an hour. So how much is US$50,000 when it
      comes down to it? Consider that you might be able to earn
      US$25,000 a year if you are fortunte. Giving up your entire salary
      would allow you to pay it off in two years. If you can live off of
      US$15,000 (poverty level), you could then pay back the
      restitution in only five years. Five years of living at a poverty
      level.
 
      Is defacing a web page and putting up a message "hackerX 0wnz
      j00" REALLY worth it?
      
      @HWA
      
22.0  Y2K Fix Really An Extensible Worm 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      W95.Babylonia seems to be a breakthrough in
      virus/worm technology. It is the first known 'extensible
      worm' which allows the author, or anyone else, to
      remotely change the capabilities of the software after
      infection. According to Symantec, the virus was
      authored by a group calling itself the 29A (666 in hex)
      virus writing group. The primary means of infection so
      far has been through IRC where it poses as a fix to the
      Y2K bug. More than 20 instances of infection have been
      reported so far. There have been four plug-ins
      discovered that the worm can download to extend its
      capabilities. 

      Wired
      http://wired.lycos.com/news/technology/0,1282,32956,00.html
      
      ZD Net       
      http://www.zdnet.com/zdnn/stories/news/0,4586,2405495,00.html?chkpt=zdnntop

      Wired; 

      Virus Masquerades as Y2K Fix 
      Wired News Report 

      2:25 p.m. 7.Dec.1999 PST 
      Virus fighters warned Tuesday of a new
      virus that is spreading in online chat
      rooms disguised as a Y2K bug fix. 

      Computer Associates and other antivirus
      software companies said W95.Babylonia is
      the first "extensible worm" computer virus
      of its kind and attacks users of Internet
      Relay chat (IRC) rooms. 


          More Infostructure in Wired News


      Experts said the virus is uniquely
      dangerous because its author can alter
      the damage or data-theft inflicted on a
      daily basis. 

      "It is particularly dangerous due to the
      virus writer's ability to change the virus'
      payload remotely and after infection,"
      Simon Perry, business manager for CA
      Security Solutions, said in a statement.
      "This virus represents a new level of virus
      capability." 

      To become infected a user of IRC
      software need only visit a chat room
      where the virus is being spread. 

      The virus infects Windows-based
      computers and can be spread by
      executing a downloaded file or by another
      infected machine via MIRC software, an
      application used to participate in IRC chat
      rooms. 

      According to a description on the
      Computer Associates Web site, the virus
      begins polling a Web site in Japan every
      60 seconds, looking for updates the
      author has written to extend the
      capabilities of the virus. The virus can
      download the updates to infected
      computers, where it can reformat a hard
      drive, delete files, or collect sensitive
      information. 

      The companies report there are currently
      four plug-ins that the virus can download
      to extend its capabilities. 

      Once a user's machine is infected,
      Babylonia will attempt to infect every
      executable and help file in the user's
      Windows environment, said Computer
      Associates. 

      Companies offering fixes to prevent the
      virus from infesting include Computer
      Associates and Symantec. 

      According to Symantec, the virus was
      authored by a group calling itself the 29A
      virus writing group. More than 20
      instances of infection have been
      submitted to Symantec, the company
      said in a statement. 
      
      -=-
      
      ZDNet;
      
      Experts warn of new, updatable virus
      
      W95.Babylonia uses the Web to upgrade
      itself -- and could pave the way for smarter
      viruses with heavy payloads.
      
      
      
      By Robert Lemos, ZDNet News
      UPDATED December 8, 1999 7:57 AM PT 
      
      
      Anti-virus firms are warning of a new computer virus
      that spreads through Internet chat rooms and
      updates itself automatically with files from the Web. 
      
                       "This is the tip of the iceberg," on
                       Tuesday said Eric Chien, senior
                       researcher for anti-virus software
                       maker Symantec Corp., who
                       stressed that the virus' capacity to
                       upgrade itself makes it a concern.
                       "Virus writers again are using
                       more network-centric ideas to
      create viruses." 
      
      Symantec (Nasdaq: SYMC) has only encountered two
      dozen reports of the virus, dubbed W95.Babylonia, since
      it was discovered on Friday, Dec. 3. Another security
      firm, Computer Associates Inc. (NYSE: CA), has only
      encountered 15 reports so far. Currently, the virus infects
      executible (.EXE) and help (.HLP) files. 
      
      While the computer virus has not spread widely and
      currently has no dangerous payload, anti-virus experts
      fear that a better-written clone could be more effective in
      the future. 
      
      Or, just as bad for users, the virus writer could decide to
      add a new payload to the virus. Unique in that it looks at
      a virus-exchange Web site in Japan for updates,
      Babylonia is actually just an 11KB program that spreads
      itself when an infected file is opened and transfers
      updates from the Web when the host machine is online. 
      
      Virus downloads four modules
      The current version downloads four modules from the
      Japanese virus-exchange site. The first module is just
      another copy of the virus, which could update the virus.
      The second module is a text file that replaces the
      autoexec.bat file on the host computer with a new one
      
      containing the message: 
      
           W95/Babylonia by Vecna (c) 1999 
           Greetz to RoadKil and VirusBuster 
           Big thankz to sok4ever webmaster 
           Abracos pra galera brazuca!!! 
           --- 
           Eu boto fogo na Babilonia! 
      
      The text identifies the writer as Vecna, which Symantec
      claims is a member of a Latin America virus group known
      as 29A (or 666 in hexadecimal). The Bubbleboy virus was
      allegedly created by Zulu, another member of the 29A
      group. 
      
                          The third module sends an
                          e-mail message to a Hotmail
                          account established to count
                          the number of computers
                          infected by Babylonia. And the
                          fourth module contains code
                          that causes infected users
                          who use mIRC chat software
                          to send a copy of the virus to
                          everyone in the chat room
                          using the DCC file transfer
                          feature of mIRC. 
      
                          In most cases, the chat
                          software will notify the
                          recipients that someone is
                          sending them a file. However,
                          users that have DCC
                          downloading set to
      "automatic" will receive no notification. Unless the file,
      which parades as a Y2K bug fix (not coincidentally called
      Y2k bug fix.exe), is run, the user's computer will not be
      infected with the virus. 
      
      However, any or all of these aspects of the virus could
      change. The writer could add a new set of updates to the
      Web to change the copies of the virus already infecting
      users' machines, tweak the methods the virus uses to
      spread, or even add a destructive payload. 
      
      "Tomorrow, it could be using Outlook to spread," said
      Symantec's Chien, referring to a number of recent
      viruses, including Melissa and ExploreZip, that have
      spread by sending themselves using Microsoft (Nasdaq:
      MSFT) Outlook and its address book. 
      
      Ironically, the ability to update a virus resembles the
      LiveUpdate technology that Symantec uses to keep its
      virus scanner in touch with the times. The ability to
      upgrade is one that has been used by the software
      industry for a few years to fix applications over the Net. 
      
      Problematic for home users
      "At this point, it is a proof of concept," said Narender
      Mangalam, director of security products for Computer
      Associates. "It spreads through chat rooms, it will mainly
      be a problem for home users, who tend to be more lax
      about security." 
      
      The current form of the virus can be detected by
      searching for a file called Babylonia.exe on any
      questionable computer. In addition, computers that show
      the aforementioned message at start up should be
      considered infected. 
      
      Just remember, however: Tomorrow, all bets are off -- the
      symptoms could change. 
      
      @HWA
      
23.0  Distributed DoS Attacks Becoming Popular 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      New Denial of Service tools, such as Trinoo and TFN,
      have security experts concerned. These new tools can
      launch a crippling attack on an Internet server with an
      overwhelming number of requests from several machines
      at once. CERT plans to release a report on this
      'distributed attack' method later this week. Currently
      there is no simple fix or patch. 

      USA Today       
      http://www.usatoday.com/usatonline/19991207/1723034s.htm
      
      (Document not found - Ed)
      
      @HWA
      
24.0  FBI to Remain on Alert Over Y2K 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Turtlex 
      Michael Vatis, director of the FBI's National
      Infrastructure Protection Center (NIPC), has said that
      the FBI would be on alert during the new year
      changeover. He explained that agents would be looking
      for malicious activities directed against Internet sites
      although they had no hard evidence of any planned
      attacks. (Hmmm, I think the key words here are "no
      hard evidence".) 

      Reuters - Via Excite News        
      http://news.excite.com/news/r/991207/11/net-internet-fbi
      
      FBI Official Says Primed for Y2K Internet Malice


                                        Updated 11:29 AM ET December 7, 1999

     LONDON (Reuters) - U.S. federal agents are prepared for malicious attacks
     on Internet web sites under cover of any broader confusion during the 
     transition to the new millennium, a senior official said Tuesday.

     Michael Vatis, director of the FBI's national infrastructure protection
     center, told a meeting of international business representatives and legal
     officials the bureau would be on the alert although it had no hard evidence
     of any planned attacks.

     "It's natural to expect there might be people doing stupid things with
     computers," he said, discussing concerns that computer confusion generated
     by the date change may provide cover for attacks on Internet computers.

     Some devices risk crashing if their internal programming does not enable 
     them to recognize 2000 as part of the next century. Fears have also been 
     voiced that computer hackers could exploit that confusion, especially with 
     viruses. 
     
     @HWA
     
25.0  IOPS Sets Up Y2K Watch Center 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      The Internet Operators Group (IOPS.ORG) is planning to
      coordinate real-time communications between major
      global ISPs, equipment vendors and government officials
      to handle any Y2K Internet problems that may arise.
      IOPS will sponsor a telephone conference bridge to keep
      major ISPs in continuous contact in order to report on
      and resolve any Internet related incidents. The
      telephone conference bridge initiative, named "Silent
      Night," will begin before midnight on December 31, New
      Zealand time and stay open for at least 48 hours. 

      PR Newswire      
      http://library.northernlight.com/FB19991207640000071.html?cb=0&dx=1006&sc=0#doc
      
      INTERNET OPERATORS PREPARE FOR 'SILENT NIGHT' ON THE INTERNET DURING 
      MILLENNIUM ROLLOVER IOPS.ORG SPONSORS UNIQUE YEAR-END TWO-DAY Worldwide 
      Telephone Bridge And 'Trouble-Ticket System' to Provide Early Warning and 
      Technical Assistance On Y2K Internet Incidents


      Story Filed: Tuesday, December 07, 1999 10:23 AM EST 

      RESTON, Va., Dec 7, 1999 /PRNewswire via COMTEX/ -- As the millennium 
      unfurls around the globe starting December 31, 1999 in New Zealand, The 
      Internet Operators Group (IOPS.ORG) will coordinate real-time 
      communications between major       global Internet Service Providers, 
      equipment vendors and government officials to handle any Y2K Internet 
      problems and facilitate resolving them before they have a significant 
      impact, especially in the United States, where a majority of the world's 
      160 million Internet users reside. 

      IOPS will sponsor a telephone conference bridge to keep Internet operators 
      in continuous contact in order to report on and resolve any Internet 
      incidents. The telephone conference bridge initiative, named "Silent 
      Night," will begin before midnight on December       31, New Zealand time 
      (early morning EST on December 31 in the US) and stay open for at least 48 
      hours with ports directly to 20-25 Internet service providers, equipment 
      vendors and other entities. 

      "Although we don't expect problems, by midnight on December 31 in the US 
      we should be well aware of any issues that will impact the Internet," 
      stated IOPS Executive Director, Ira Richer. "This is the first time that 
      so many major global Internet networks and       equipment vendors have 
      cooperated in real-time to identify and resolve potential Internet 
      outages, security hacks and other incidents around the world." 

      IOPS also will use its Web-based shared "trouble-ticket" system as an 
      alternative communications path, should Y2K issues affect the telephone 
      system. An open "trouble ticket" -- a continuously updated information 
      form accessible to authorized users via the       Web -- can provide 
      real-time status information and document Internet incidents and responses 
      among providers. 

      IOPS.ORG is a group of Internet Service Providers that fosters industry 
      cooperation in the public interest on joint technical problems and 
      operations concerning the global Internet ( http://www.iops.orq). Its 
      executive director, Richer, is an employee of       Corporation for 
      National Research Initiatives; which hosts IOPS. Members have tested their 
      own Internet systems for Y2K readiness, but are preparing for possible 
      problems beyond the scope of their own systems. 

      The IOPS conference bridge and trouble ticket system will be coordinated 
      with the President's Council on Year 2000 Conversion's Information 
      Coordination Center (ICC) -- the Federal Government's central point for 
      monitoring system operations during the       Y2K rollover. The ICC will 
      share information among the different economic sectors, coordinate with 
      international entities and provide reports to the public. 

      "This unprecedented cooperation between competing Internet networks and 
      providers will be enormously helpful to ensure United States preparedness 
      to meet any technical problem that could result from Y2K-related network 
      and telecommunication failures       around the world," said John 
      Koskinen, Chair of the President's Council on Year 2000 Conversion. "We 
      are pleased to partner with IOPS members who are committed to ensuring 
      that US Internet users and businesses can count on a reliable Internet 
      infrastructure." 

      G. Mark Hardy, Director of Professional Services at Secure Computing 
      Corp., a premiere security software and consulting firm, commented, 
      "Script-kiddies will be trying to take advantage of Internet and software 
      weaknesses during the millennium cross-over,       but the real hacker 
      pros will be out enjoying the millennium parties. Initiatives like the 
      IOPS "Silent Night" hotline could be extended to real-time linkups on 
      demand, so that Internet operators can quickly respond to major system 
      problems in the future, such as a massive outbreak of a new type of 
      virus." 

      IOPS' Internet Service Provider members include AT&T, BroadWing 
      Communications Inc., Cable&Wireless, Conxion, EarthLink, GTE 
      Internetworking, ICG, Qwest, and Sprint. Besides IOPS members, additional 
      Silent Night participants include: AboveNet,       America Online, MCI 
      WorldCom's UUNET and its east and west coast Metropolitan Area Ethernets 
      (MAEs), ISPs from the North American Network Operators' Group (NANOG) and 
      equipment vendors including Cabletron, Cisco, Juniper Networks, Lucent 
      Technologies, and Marconi. IOPS also will coordinate its activities with 
      cooperating operators of the Domain Name System and of Internet traffic 
      exchange points. 

      About IOPS IOPS.ORG is a group of Internet service providers who work 
      together in the public interest to resolve and prevent network integrity 
      problems and address other issues that require technical coordination and 
      information sharing 

      IOPS members, for example, worked with the Internet Engineering Task Force 
      (IETF), the Computer Emergency Response Team (CERT), equipment suppliers 
      and customers to cut down on so-called "smurf" denial-of-service attacks. 
      Such attacks can cause       a "packet storm" that could impair or disable 
      the target ISP's network. IOPS provided information on how networking 
      equipment can be configured to prevent these attacks. 

      SOURCE Conxion Corporation (C) 1999 PR Newswire. All rights reserved. 
      http://www.prnewswire.com 

      CONTACT:       Megan O'Reilly-Lewis of Conxion Corporation, 408-566-8546, 
      or 

      megan@conxion.net; or Ira Richer of IOPS.ORG, 617-621-7152, or 
      Richer@cnri.reston.va.us 

      WEB PAGE:      
      http://www.iops.orq 
      
      @HWA
      
26.0  IDs Embedded In All Color Copies 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Dr. Mudge 
      Rumors regarding color copier IDs have been circulating
      for a long time. While it has been well known fact for
      years that invisible IDs are inprinted on all color copies it
      has not been widely reported and has even reached the
      status of myth in some laymen circles. A recent report
      in the PRIVACY Forum Digest indicates that every color
      photocopier and printer does in fact include a unique
      identifier stegonagraphicly embedded into the image as
      background noise. 

      PRIVACY Forum Digest, December 6, 1999       
      http://www.vortex.com/privacy/priv.08.18
      
      
      PRIVACY Forum Digest     Monday, 6 December 1999     Volume 08 : Issue 18
      
                      (http://www.vortex.com/privacy/priv.08.18)  
      
                  Moderated by Lauren Weinstein (lauren@vortex.com)         
                    Vortex Technology, Woodland Hills, CA, U.S.A.
                               http://www.vortex.com 
              
                             ===== PRIVACY FORUM =====              
      
          -------------------------------------------------------------------
                       The PRIVACY Forum is supported in part by
                     the ACM (Association for Computing Machinery)     
                       Committee on Computers and Public Policy,      
                       Cable & Wireless USA, Cisco Systems, Inc., 
                                 and Telos Systems.
                                       - - -
                   These organizations do not operate or control the     
                PRIVACY Forum in any manner, and their support does not
                 imply agreement on their part with nor responsibility   
              for any materials posted on or related to the PRIVACY Forum.
          -------------------------------------------------------------------
      
      
      CONTENTS 
              IDs in Color Copies--A PRIVACY Forum Special Report
                 (Lauren Weinstein; PRIVACY Forum Moderator)
      
      
       *** Please include a RELEVANT "Subject:" line on all submissions! ***
                  *** Submissions without them may be ignored! ***
      
      -----------------------------------------------------------------------------
      The Internet PRIVACY Forum is a moderated digest for the discussion and
      analysis of issues relating to the general topic of privacy (both personal
      and collective) in the "information age" of the 1990's and beyond.  The
      moderator will choose submissions for inclusion based on their relevance and
      content.  Submissions will not be routinely acknowledged.
      
      All submissions should be addressed to "privacy@vortex.com" and must have
      RELEVANT "Subject:" lines; submissions without appropriate and relevant
      "Subject:" lines may be ignored.  Excessive "signatures" on submissions are
      subject to editing.  Subscriptions are via an automatic list server system;
      for subscription information, please send a message consisting of the word
      "help" (quotes not included) in the BODY of a message to:
      "privacy-request@vortex.com".  Mailing list problems should be reported to
      "list-maint@vortex.com". 
      
      All messages included in this digest represent the views of their
      individual authors and all messages submitted must be appropriate to be
      distributable without limitations. 
      
      The PRIVACY Forum archive, including all issues of the digest and all
      related materials, is available via anonymous FTP from site "ftp.vortex.com",
      in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
      enter your e-mail address as the password.  The typical "README" and "INDEX"
      files are available to guide you through the files available for FTP
      access.  PRIVACY Forum materials may also be obtained automatically via
      e-mail through the list server system.  Please follow the instructions above
      for getting the list server  "help" information, which includes details
      regarding the "index" and "get" list server commands, which are used to access
      the PRIVACY Forum archive.  
      
      All PRIVACY Forum materials are available through the Internet Gopher system
      via a gopher server on site "gopher.vortex.com".  Access to PRIVACY Forum
      materials is also available through the Internet World Wide Web (WWW) via
      the Vortex Technology WWW server at the URL: "http://www.vortex.com";
      full keyword searching of all PRIVACY Forum files is available via
      WWW access.
      -----------------------------------------------------------------------------
      
      VOLUME 08, ISSUE 18
      
           Quote for the day:
      
              "It's not the heat, it's the humanity!"
      
                 -- Jeff Douglas (Van Johnson)
                    "Brigadoon" (MGM; 1954)
      
      ----------------------------------------------------------------------
      
      Date:    Mon, 6 Dec 99 13:31 PST
      From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
      Subject: IDs in Color Copies--A PRIVACY Forum Special Report
      
      Greetings.  We've recently seen a tirade of stories about "hidden"
      identification codes and what many would consider to be surreptitious
      centralized information flowing from various popular Internet products and
      packages.  These have tended to highlight an important truth--whether or not
      users really would be concerned about the particular identifiers or data
      involved, they tend to get the most upset when they feel that an effort was
      made to perform such functions "behind their backs."  While it can be argued
      how routine, intrusive, or even mundane and innocent a particular case may
      be, it's certainly true that people feel a lot better when they know what's
      going on.
      
      This issue isn't restricted only to the Internet world.  A case in point--
      the recurring rumors floating around regarding the presence or absence of
      identification codes in color copies (or color prints xerographically
      generated from computer output systems).
      
      A recent story involved a customer who was refused permission to make a
      color copy of his driver's license (to deal with an identification problem
      with his local telephone company).  A Kinko's (copying center) worker
      reportedly told him that such a copy was "illegal," and could be traced back
      to the store through a "hidden ID."
      
      Regardless of whether or not the Kinko's employee was being overzealous in
      his interpretation of the rules, what's really going on here regarding a
      so-called hidden ID code?
      
      In fact, rumors about this, often chalked up as an "urban legend," have been
      circulating for a long time.  This is a bit ironic, given that in the
      copier/printer industry it's been well known for years--no secret--that
      "invisible" IDs *are* imprinted on virtually all color xerographic output,
      from (apparently) all of the manufacturers.  But for persons outside of 
      "the trade," this hasn't been as widely known (even though the issue goes
      back to the early 90's, and the topic has appeared in publications such as
      the Wall Street Journal).  However, it does not appear that the
      privacy-related aspects of this technology have ever been subject to
      significant public discussion.
      
      In an effort to pin down the current state of the art in this area, I had a
      long and pleasant chat with one of Xerox's anti-counterfeiting experts, who
      is the technical product manager for several of their color-copying
      products.  The conversation was quite illuminating.  Please note that the
      details apply only to Xerox products, though we can safely assume similar
      systems from competing manufacturers, although their specific policies may
      differ.
      
      Years ago, when the potential for counterfeiting of valuable documents on
      color copiers/xerographic printers became apparent in Japan (where such
      machines first appeared) manufacturers were concerned about negative
      governmental reaction to such technology.  In an effort to stave off
      legislative efforts to restrict such devices, various ID systems began being
      implemented at that point.  At one stage for at least one U.S.
      manufacturer, this was as crude as a serial number etched on the underside
      of the imaging area glass!  
      
      Modern systems, which are now reportedly implemented universally, use much
      more sophisticated methods, encoding the ID effectively as "noise"
      repeatedly throughout the image, making it impossible to circumvent the
      system through copying or printing over a small portion of the image area,
      or by cutting off portions of printed documents.  Effectively, I'd term this
      as sort of the printing equivalent of "spread spectrum" in radio technology.
      
      To read these IDs, the document in question is scanned and the "noise"
      decoded via a secret and proprietary algorithm.  In the case of
      Xerox-manufactured equipment, only Xerox has the means to do this, and they
      require a court order to do so (except for some specific government
      agencies, for whom they no longer require court authorizations).  I'm told
      that the number of requests Xerox receives for this service is on the order
      of a couple a week from within the U.S.
      
      The ID is encoded in all color copies/prints from the Xerox color
      copier/printer line.  It does not appear in black and white copies.  The
      technology has continued to evolve, and it is possible that it might be
      implemented within other printing technologies as well (e.g. inkjet).  At
      one time there were efforts made to also include date/time stamps within the
      encoded data, but these were dropped by Xerox (at least for now) due to
      inconsistencies such as the printer clocks not being set properly by their
      operators, rendering their value questionable.
      
      It's interesting to note that these machines also include other
      anti-counterfeiting measures, such as dumping extra cyan toner onto images
      when the unit believes it has detected an attempt to specifically copy
      currency.  These techniques have all apparently been fairly successful--the
      Secret Service has reported something on the order of a 30% drop in color
      copying counterfeiting attempts since word of such measures has been
      circulating in the industry.  The average person might wonder who the blazes
      would ever accept a xerographic copy of money in any case... but apparently
      many persons are not very discerning.  I'm told that the Secret Service has
      examples in their files of counterfeit currency successfully passed that was
      printed on *dot matrix* printers.  So counterfeiting is certainly a genuine
      problem.
      
      OK, so now you know--the IDs are there.  The next question is, what does
      this really mean?  Obviously the vast majority of uses for color copies are
      completely innocuous or even directly beneficial to the public good (e.g.
      whistleblowers attempting to expose a fraud against the public).  Is it
      acceptable for an ID to be embedded in all color copies just to catch those
      cases?  The answer seems to be, it depends.
      
      In some cases, even having an ID number doesn't necessarily tell you who
      currently owns the machine.  While some countries (e.g. China) do keep tight
      reign on the ownership and transfer of such equipment, there is no
      "registration" requirement for such devices in the U.S. (though the routine
      servicing realities of large units might well create something of a de-facto
      registration in many situations).
      
      Xerox points out that non-color copies (at least on their machines) have no
      IDs, and that most copying applications don't need color.  It is however also
      true that as the prices of color copiers and printers continue to fall, it
      seems only a matter of time before they become the "standard" even for home
      copying, at which time the presence of IDs could cover a much vaster range
      of documents and become increasingly significant from a routine privacy
      standpoint.
      
      It's also the case that we need to be watchful for the "spread" of this
      technology, intended for one purpose, into other areas or broader
      applications (what I call "technology creep").  We've seen this effect
      repeatedly with other technologies over the years, from automated toll
      collection to cell phone location tracking.  While there is currently no U.S.
      legislative requirement that manufacturers of copier technology include IDs
      on color copies, it is also the case that these manufacturers have the clear
      impression that if they do not include such IDs, legislation to require them
      would be immediately forthcoming.
      
      It is important to be vigilant to avoid such perceived or real pressures
      from causing possibly intrusive technology creep in this area.  In the
      copier case, that ID technology being used for color copies *could* be
      adapted to black and white copies and prints as well.  The addition of
      cheap GPS units to copiers could provide not only valid date/time stamps,
      but also the physical *locations* of the units, all of which could be
      invisibly encoded within the printed images.  
      
      Pressures to extend the surveillance of commercial copyright enforcement
      take such concepts out of the realm of science-fiction, and into the range of
      actual future possibilities.  What many would consider to be currently
      acceptable anti-counterfeiting technology could be easily extended into the
      realm of serious privacy invasions.  It would only require, 
      as Dr. Strangelove once said, "The will to do so."
      
      Perhaps the most important point is that unless we as a society actively
      stay aware of these technologies, however laudable their initial
      applications may often be, we will be unable to participate in the debate
      that is crucial to determining their future evolution.  And it's in the
      vacuum of technology evolving without meaningful input from society that the
      most serious abuses, be they related to the Internet or that copy machine 
      over on your desk, are the most likely to occur.
      
      --Lauren--
      lauren@vortex.com
      Lauren Weinstein
      Moderator, PRIVACY Forum - http://www.vortex.com
      Co-Founder, PFIR: People for Internet Responsibility - http://www.pfir.org
      Member, ACM Committee on Computers and Public Policy
      
      ------------------------------
      
      End of PRIVACY Forum Digest 08.18
      ************************
      
      @HWA
      
27.0  Valiant of Halcon Speaks 
      ~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Mark 
      Recently blamed for for a massive attack on the
      Australian Republican Movement website the long time
      underground group Halcon Technologies has remained
      unusually quiet. Now one of the groups members Valiant
      has offered the first interview from the group to explain
      just what the hell went on down under. 

      QuadCon #1 
      http://the.wiretapped.net/security/textfiles/quadcon/quadcon-1.txt
      
      ****************************************************************************
      ***************************<-=- QuadCon -=->********************************
      ****************************************************************************
      *************The Newsest Zine To Hit Australia And The World****************
      */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
      */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/
      ============================================================================
      December 1999 - Issue 1
      ============================================================================
      
      Whats In This Issue:
          # Halcon Hacker Valiant Gives QuadCon An Exclusive Interview And Some
            Special Tips In Trying To Prevent Your Machine From Being Hacked
          
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
      The Interview Of Valiant The Leader Of Halcon.  |   http://www.halcon.com.au
      ----------------------------------------------
      
      BackGround:
      Halcon was founded in 1993 as a Bulletin Board System and by 1996 had grown
      to atleast ten members.  Still growing, in October 1996 the group took on
      the name Halcon Technologies and in 1997 Valiant registered a business name,
      allowing them to register the halcon.com.au domain name.  Although the group
      was not widely known, on 22nd October 1999, Halcon was blamed for a massive
      hack on the Australian Republican Movement website.  Despite denials and
      misquotations, the story was covered by news outlets, an example of which is
      at the following URL:
      
                     http://www.halcon.com.au/arm0001.html
                     
      Following this incident, Halcon received massive amounts of publicity (most
      of it was unwanted) and Valiant claims that Halcon has become the most
      popular hacking group in Australia.  It currently has 24 members and thousands
      of supporters.
      
      Having been misquoted once, Valiant has since denied all interviews to the press,
      including an offer from Channel Nine.  QuadCon is therefore proud to present
      an exclusive, uncut interview with Valiant.
      
      -------------------------------------------------------------------------------
      The Interview
      -------------
      QuadCon: If you were a system administrator of a newly installed slackware 
               linux machine and you had 20 minutes to secure it what would you do?
      
      Valiant: Go to all the available sites (www.halcon.com.au/links.html) that
               cater for that, and quickly grab and install as many patches for 
               your software available.  Close all services (especially fingerd)
               that arn't needed, relocate telnet to a different port (I know it
               breaches RFC's, but fuck it.) and make sure that you don't
               adduser lamers.  :)
      
      QuadCon: What is the most common thing to hack to gain access to?
      
      Valiant: Fingerd is the most exploitable feature on machines, the good old 
               crackers highway.  Allthough these days it's neglected as a mode of 
               system penetration, also alot of sysadmins don't understand the point
               of finger anymore and remove it anyway.  As for hacking, the best
               method available that I remember overusing would be a buffer overflow
               in a certain software which makes calls to root.  Flood the software,
               bang, down it goes and you have root.  :)
      
      QuadCon: Does the name Halcon have any relavence to you and why did you choose
               it for the name of the group?
      
      Valiant: Halcon .. well, I chose that many years ago, so I can't really
               remember why it was chosen, other than that it sounds funky.  :P
      
      QuadCon: How would you characterize the media coverage of you?
      
      Valiant: Trivial and biased.  They just want an 'evil hacker genious' who 
               brags about how he hacked NASA, they don't really like me as 
               basically I won't brag, and I prefer to explain how idiotic the 
               consumers are for purchasing fucked computers, etc, and other 
               consumer related problems.
      
      QuadCon: What do you think about hacks done in your name--for instance, the
               Australian Republican Movement hack?
      
      Valiant: I wasn't expecting such media coverage on that topic, however they
               have no evidence against me, and I have yet to admit to even being 
               born at this point in time.  So fuck 'em all.  :)
      
      QuadCon: What's the biggest misconception perpetuated by Hollywood 
               cybermovies? 
      
      Valiant: There is no such thing as a hot female hacker named Acid Burn who has
               pert tits and lips that would look very nice wrapped around my hard 
               disk.  :)
      
      QuadCon: In your own words, define hacker.
      
      Valiant: There's two meanings.  I fall into both.  The code hacker, who lives
               to program and does it the hard way, and the system hacker, who loves
               finding exploitable features in systems to gain access, does so, 
               notifies the sysadmin and patches the hole.
      
      QuadCon: What is your technical background. (Which platform do you prefer 
               PC/MAC? What is your online background? Do you do networking? Do you
               know programming languages,etc.)
      
      Valiant: At the moment my prefered operating system is Windows 98 due it's
               usability and comprehensive system architecture, when it comes to
               personal use, for industrial things such as networking, I prefer any
               linux distribution.  I am a PC user, allthough I have a few old Apple
               Classics in my computer collection.  I've been using the internet
               through BBS gateways for ten or more years.  I network when I have
               to, but I used to work as a network engineer.  As for programming
               languages, I have a bad memory and generally have to 'relearn' things
               when I need them, however it's more a refresh than a relearn.  :)
      
      QuadCon: I understand that hackers assume an online nickname to become known
               by - how did you acquire your nickname?
      
      Valiant: I was seven years old when I logged onto a BBS using an audio coupler
               900 bps modem at a friends place.  It asked for a handle, Valiant was
               my current dungeons and dragons charracter, so I typed it in
               sheepishly.  I've been known by it ever since.  :) 
      
      QuadCon: What do you portray system administrators are like?
      
      Valiant: Fail-safe devices that take care of systems, that if programmed 
               correctly would never need human assistance.  :)
      
      QuadCon: What do you think of ALOC, another aussie hacking group?
      
      Valiant: Who?  :)
      
      QuadCon: What currently is Halcon working on?
      
      Valiant: Currently working on?  We're currently working on the ultimate 
               encyclopeadia of how to be slothenly and lazy.  :)
      
      QuadCon: What would you like Halcon to be in the future?
      
      Valiant: I don't know, that's a hard question really.  I never wanted it to be
               anything to begin with, time has just made it bigger than I ever 
               expected.  Back when I was a kid and it first started, I never really
               thought it would exceed a BBS group of users who were of the same 
               interests.  Now it's allmost like a religious cult for some.  :)
      
      QuadCon: Who in the world do you dislike most?
      
      Valiant: Anyone with an IQ under 110.  :)  100 is average, so I like people a
               tad over.  The others should be neutered and shot.  :)
      
      QuadCon: Any last comments?
      
      Valiant: I like being a cunt-rag.
      
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      Special Thanks
      --------------
      
      Valiant of Halcon         http://www.halcon.com.au
      
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      Support Us
      ----------
      
      Please support us - we are looking for a fast permanent unix box to host
      a website with all our zines on. If you believe you can help see the contact
      section below. Also if you know anyone who wants or deserves to be interviewed 
      also see the contact section below.
      
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      Contact
      -------
      I can be contacted on IRC irc.wiretapped.net or on the email address 
      marena@iinet.net.au
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      Copyright 1999 QuadCon
      
      -=-
            
      http://www.halcon.com.au/arm0001.html
      
      Hackers deny Republican attack
      From AAP
      22oct99

      AN underground computer hacking group blamed for today's
      sabotage of the Australian Republican Movement's head office has
      denied responsibility. 

      The group, known both as Halcon and as the Australian Underground
      and Empire Loyalist Movement, was blamed for jamming phones and
      e-mails into ARM and shutting down its computer system. 

      Halcon hacker "Valiant" tonight denied the group was responsible for
      the incident. 

      He said the sabotage was probably done by a "scriptkiddy", a young
      teenager working alone trying to get the group's attention. 

      "You only need a modem and a computer, a 12-year-old could do it,"
      Valiant told AAP. 

      "We are anti-republican, but we wouldn't take that sort of action,
      we consider that lame." 

      ARM was also faxed a list containing 200 names of ARM staff and
      supporters along with threats of violence. 

      Halcon is Australia's oldest underground hacking group, formed in
      1993. 

      It has 24 current members and thousands of supporters. 
      
      @HWA
      
28.0  Scholarships for Surfing 
      ~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Fran 
      2500 one and two person teams will once again be able
      to compete for scholarships to Florida State University
      by Surfing the Web. Registration for is now open for the
      third annual Florida State University Online Scholar
      Challenge. The competition pits teams of high school
      students against one another in finding answers to
      tough questions online. 

      FSU Online Scholar Challenge       
      http://www.fsu.edu/~unicomm/challenge.html
      
      High School Juniors and Seniors!
      Are You an Online Scholar?

      If you're a high school junior or senior, and you're good at finding information online, you
      can win a four-year tuition scholarship to Florida State University, along with other great
      prizes.

      Florida State University's Online Scholar Challenge is an "online information scavenger
      hunt."

      The Challenge, now in its third year, pits high school juniors and seniors against one
      another in seeking information and answering tough questions on a wide variety of topics
      through the LEXIS-NEXIS Scholastic Universe information service.

      Qualifying rounds are conducted on the Internet. The five top-scoring teams will receive
      all-expense-paid trips to Florida State University April 7-8, 2000, for the FSU Online
      Scholar Challenge finals.

      Act Today! Registration is limited to the first 2500 teams (a team may have one or two
      students).
  
      (Follow link for further info and rules etc - Ed)
      
      @HWA
      
29.0  Dec 8th HNN Rumours
      ~~~~~~~~~~~~~~~~~~~     
      
      From HNN http://www.hackernews.com/
      
      contributed by Valiant 
      
      We aren't sure what to make of this but it would appear
      that the Australian government is out to silence certian
      individuals. While we have nothing to go on for
      verification of this story, other than this web page, we
      are hoping that some more resourceful individuals can
      gather additional information. 

      Big Brother -is- Watching! 
      http://www.halcon.com.au/bigbrother.html
      
      Big Brother -is- Watching! 

      This is a true story, only the names and other identifying details
      have been changed to protect the innocent. The person this story is
      about, who we shall name Citizen X, is still on the run from the
      powers that be, even though he is innocent. 
 
      This story will be updated when-ever Citizen X can contact us. 
 
      6th of December, 1999 - Introduction to The Machine. 
 
      As I sit here writing this, I realise that out there I am on the 'most
      wanted' list of Australia. I am Citizen X, for years I have been in the
      Australian underground, and I am probably one of the highest profile
      political hackers in Australia. Telstra and Optus have been wanting me
      out of the scene for years. 
 
      My crime is that I tell the truth, my crime is that I seek the truth. For
      this I am marked as a dangerous criminal mastermind by 'them'. Who
      -is- Big Brother I hear you ask? 
 
      Big Brother is what we call them, the conglomeration of the
      government, the federal bodies, the police (state and federal, aswell
      as all the little spook divisions on the side) and also into 'them' goes
      the corporations. The corporations -do- have power in the 'system'
      because they have the money. We all know the government loves
      them and will back them to the hilt. 
 
      Six months ago Big Brother had no idea who I was, except I made one
      mistake. I trusted Australia's privacy laws and a corporation. I was
      asked to call a mates school and make a bomb threat just to get him
      out of class, which is pretty lame, I agree, however I wanted to see
      whether our privacy existed, or whether Australia is as bad as
      America when it comes to monitoring the populace and controlling
      them. 
 
      A few weeks ago I was called up by a spook, he said that the call
      was traced to my cellular phone and that due to the fact I gave a
      fake address for the account, I am on the most wanted list. He said
      that my options are to turn myself in, or be hunted down practically. 
 
      Now normally a prank call is let go of, however, when the police got
      to the school they said, in their over ambitious way, that they found
      'seven potentially explosive devices' in the premises. Mind you there
      was nothing in the school, however the moronic police made that
      statement and lo, they have to stick to it. Now they need someone
      to crucify so they don't lose face in front of Big Brother, they need to
      find the Xibomber. 
 
      Some spook in his corporate office in Big Brother's bedroom spotted
      the links between me and my political hacks, even though my hacks
      promoted morals and lawful upholding of Australian citizens freedom,
      they persist that now, I, Citizen X, am a dangerous criminal. I must
      be caught and punished for my crimes against 'them' and for planting
      seven explosive devices in a school on the other side of Australia I've
      never heard of nor seen. 
 
      Don't trust the government, don't trust the system. They want to
      control us, they want to keep us as mindless zombie-like consumers
      who work, raise kids to follow in our footsteps, consume, and die. All
      telecommunications companies are also in with 'them', I know this
      now because of this situation. I cannot explain it perfectly, as it is
      I've given away too much information and am risking even more
      trouble from Big Brother. But let me say that, at this moment in time,
      they will never catch me. 
 
      Due to their own fuck up, they now have the need to find a sacrificial
      lamb to publically crucify to make them seem 'right'. Why don't I go
      public? Why don't I tell the Australian Associated Press? Simple,
      because they are part of the system also. There's no escape once
      the government have it in for you, other than making a new identity,
      getting fake ID's made up for it, and living as the other being. 
 
         I am Citizen X, an unlawful evil sadistic serial killer hacker with
       attitude, I must be caught, and I must be punished for my crimes
      against society. What a crock of shit, I am a lawful hacker who likes
      to tell the truth about the conspiracy behind Australia's 'system', but
               hey, I may aswell be a serial killer in 'their' eyes.
 
           This story will be updated when Citizen X can contact us.
 
                        Welcome to the Machine! 
                        
                        
      @HWA
      
30.0  Alleged Melissa Creator May Plead Guilty 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Alex 
      The accused creator of the Melissa virus, David Smith,
      is scheduled to appear in Monmouth County NJ Superior
      Court on Thursday. He is also scheduled to appear in
      the US District Court in Newark, New Jersey later the
      same day. Insiders believe that he will plead guilty to
      charges of interruption of public communication, theft of
      computer service, and wrongful access to computer
      systems. 

      ZD Net
      http://www.zdnet.com/zdtv/cybercrime/news/story/0,3700,2344196,00.html
      
      (Note: There is an audio/video report that accompanies this article on 
       ZDNet - Ed)                        
       
      Accused Melissa Author to
      Plead Guilty
 
      Sources close to law enforcement say
      David Smith will plead guilty to state
      and federal charges on Thursday.
      By Alex Wellen and Luke Reiter
        December 8, 1999 
 
 
      3:25 a.m. EST
      (UPDATED 3 p.m.)
 
      Paul Loriquet, a spokesman for the New Jersey
      attorney general's office, confirmed that
      accused Melissa author David Smith was
      scheduled to appear before Judge John
      Riccardi in Monmouth County Superior
      Court at 10 a.m. EST on Thursday.
      Loriquet would not comment on the
      reason for Smith's appearance. 
 
      A second Smith appearance is scheduled
      in the US District Court in Newark, New
      Jersey, at 1:30 p.m. Smith is set to
      appear before Federal District Court Judge
      Joseph A. Greenway, Jr. Court documents
      indicate Smith will enter a plea at that
      time, according to a staff member at the
      federal courthouse. 
 
      The New Jersey attorney general's office
      plans to release a media advisory
      regarding Smith's appearance at 4:30 p.m. on
      Wednesday, Loriquet said. The advisory is
      expected to contain only logistical
      information on the appearances. 
 
      Edward Borden, Smith's attorney, would
      not confirm the appearance or a plea late
      Tuesday. 
 
      The slow road to resolution 
 
      Smith, a 31-year-old former computer
      programmer, was charged in New Jersey
      with interruption of public communication,
      theft of computer service, and wrongful
      access to computer systems in early April.
 
      According to a source close to law
      enforcement and familiar with the
      investigation, New Jersey faced difficulty
      prosecuting the case because companies
      hit by Melissa were unwilling to step
      forward and publicly admit they were
      victimized by the virus. 
 
      Federal investigators were involved in this
      case from its inception, but to date have
      not filed formal federal charges. Among
      other offenses, Smith could be charged
      under the Computer Fraud and Abuse Act,
      Federal Statute Title 18, USC Sec.
      1030(a)(5)(A), which makes it illegal to
      send code that causes damage to a
      "protected" computer. 
 
      On Melissa's trail 
 
      Smith, of Aberdeen, New Jersey, was
      arrested on April 1, 1999, on charges he
      created and distributed the Melissa
      virus-- a Word macro that swept through
      the email systems of thousands of
      computers in late March and brought
      down mail servers around the world. 
 
      Although the virus does not corrupt files,
      it resulted in significant server slowdowns,
      and forced the shutdown, in some
      companies, of entire email systems. 
 
      Smith reportedly admitted to investigators
      at the time of his arrest that he created
      the Melissa virus, according to court
      papers filed by the New Jersey attorney
      general's office. 
 
      Worst security breach since 1988 
 
      The virus, which authorities said was
      named after a topless dancer in Florida,
      spread via Microsoft's Outlook email
      program and could instantly generate
      dozens of outgoing email messages. 
 
      It affected tens of thousands of
      workstations, propagating itself into
      commercial, government, and military
      email gateways and systems. An analyst
      from Panda Software said Melissa caused
      the worst security breach since the Morris
      Worm, which took down the entire
      Internet in November, 1988. 
 
      A user would contract Melissa by opening
      an infected Word attachment in Office 97
      or Office 2000, which would then execute
      the macro. 
 
      From there, the swift-moving macro would
      prompt Outlook to send an infected
      document to the first 50 names in a user's
      address book, with the subject line
      "Important Message From [the sender's
      name]." The message itself said, "Here is
      that document you asked for, don't show
      anyone else. ;-)." 
 
      Once the email had been sent to the first
      50 names, each person who opened the
      document would then send it on to 50
      more and so on. The result was rapidly
      overloaded servers. 
 
      In the first 48 hours alone, both Microsoft
      and Intel were forced to shut down mail
      servers due to Melissa. Other major
      companies, including Lucent, Motorola,
      Dupont, and Compaq were hit. 
 
      The VicodinES connection 
 
      Investigators looked for a link between
      the Melissa author and a virus writer who
      goes by the name of VicodinES who has
      been considered a source of the code. 
 
      In late March, a CyberCrime investigation
      revealed that Smith and VicodinES were
      both linked to the same Internet service
      provider in New Jersey. Further research
      indicated that Smith and VicodinES shared
      a number of similarities, including the
      same age, location, and profession. 
 
      Smith's attorney would not respond to
      that allegation. However, the New Jersey
      attorney general's office said that Smith is
      not VicodinES. 
      
      @HWA
      
31.0  Non-Anonymous Internet Violates First Amendment 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Anonymity on the Internet should be protected and
      deserves to be treated no differently than anonymous
      pamphlets or other speech, according to a study
      released today by the Cato Institute. U.S. and foreign
      law enforcement officials regard anonymity as a threat
      to public order and talk about limiting anonymity online.
      Proposals to limit anonymous communications on the
      Internet would violate free speech rights long
      recognized by the Supreme Court. Anonymous and
      pseudonymous speech was used to great extent by the
      founding fathers such as Thomas Paine, Alexander
      Hamilton, John Jay, James Madison, Samuel Adams, and
      others. Today, human rights workers in numerous third
      world countries have reestablished anonymity and free
      speech. Given the importance of anonymity as a
      component of free speech, the cost of banning
      anonymous Internet speech would be enormous. It
      makes no sense to treat Internet speech differently
      from printed leaflets or books. (Finally some sanity in
      the anonymity debate.) 

      Nameless in Cyberspace: Anonymity on the Internet - PDF       
      http://www.cato.org/pubs/briefs/bp-054es.html
      
      @HWA
      
32.0  OSU Charges Two With Illegal Access 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by boomer 
      Oklahoma State University has charged students in
      connection with an illegal entrance into a computer
      system owned by General Atomics, a company based in
      San Diego. General Atomics initiated the investigation on
      October 18 when they noticed an OSU Internet address
      illegally accessing their system. 

      The O'Colly       
      http://www.ocolly.okstate.edu/issues/1999_Fall/991208/stories/hack.html
      
      Published: Wednesday, December 8, 1999
      
      Two OSU students suspected of hacking
      
      
      From Staff Reports
      
      An intrusion into a Department of Energy subcontractor's computer system
      has two Oklahoma State University students charged in suspicion of the crime. 
      
      Maxwell Evan Mishkin, 18, and his roommate, Gary Steven Holmes, 19, were 
      arrested Nov. 18, in connection with an illegal entrance into a computer 
      system owned by General Atomics, a company based in San Diego, according 
      to a press release.
      
      Mishkin is charged with two counts of violating the Oklahoma Computer Crimes
      Act. Holmes is charged as an accessory to a felony.
      
      Both were arraigned at Payne County Courthouse Nov. 18, the release said.
      Mishkin was released on $5,000 bond, and Holmes was released on $2,500 bond.
      
      General Atomics, according to its website, is one of the world's leaders in
      high technology systems development and nuclear technology. 
      
      The press release states that both students will also face disciplinary
      action through the university because of violating OSU policy.
      
      The investigation began Oct. 18, when an General Atomics security analyst
      alerted OSU's Computing and Information Services that someone with an OSU
      Internet address illegally accessed the General Atomics system.
      
      The 1998 Oklahoma Computer Crimes Act states that any person gaining access,
      or attempting to gain access to computer systems without authorization can 
      be convicted of a misdemeanor punishable by up to 30 days in county jail 
      and a $5,000 fine. 
      
      @HWA
      
33.0  Microsoft Files Lawsuit Against Online Pirates 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Microsoft has filed lawsuits against auction Web sites or
      online software sellers in six states that frequently use
      spam to advertise. Microsoft says that it was made
      aware of these illegal activities through its anti-piracy
      hotline. 

      Wired 
      http://www.wired.com/news/technology/0,1282,32985,00.html
      
      Microsoft Sues Online Pirates by Wired News Report 

      1:55 p.m. 8.Dec.1999 PST       Microsoft has filed lawsuits against 
      businesses in six states to stop allegedly counterfeit sales of the 
      company's software. 

      Microsoft said it investigated the companies, which are either auction Web 
      sites or online software sellers that frequently use spam to advertise. 
      The company said it had received thousands of tips about the questionable 
      sales       activities on its anti-piracy hotline.       

      The lawsuits, which sought to obtain injunctions to prevent the sellers 
      from continuing to offer the software, were filed Wednesday. 

      The organizations alleged to have counterfeited copies of Microsoft 
      Office, Windows, and Office Professional include Abu Salahuddin in 
      Morgantown, West Virginia; Capital One CDRom Warehouse, aka Internet 
      Marketing in Corpus       Christi, Texas; KT Services, aka Vantage 
      Software and Pacific Ventures, in Los Angeles; Martin Johns in Fond Du 
      Lac, Wisconsin; NC Software in Wilmington, North Carolina; and Software 
      Blowouts in Hackettstown, New Jersey. 

      Microsoft said in a statement that by filing the suits, it hopes to help 
      "make holiday Internet shopping safer for millions of consumers." 

      According to the Business Software Alliance estimates there are 840,000 
      Internet sites selling counterfeit software as genuine product. 

      In addition to being illegal, counterfeit software also has the potential 
      to include viruses and miss key software codes, and it renders customers 
      ineligible for technical support, warranties, and upgrades, according to 
      the company. 

      "Internet piracy is growing nearly as rapidly as the Internet itself, and 
      it is severely harming consumers and their confidence in feeling safe to 
      conduct legitimate business online," said Tim Cranton, corporate attorney 
      in charge of       Microsoft's Internet piracy efforts, in a statement. 

      "There is a possibility that this problem could spiral out of control, and
      we need consumers to help us hold back the floodgates by being knowledgeable
      online shoppers." 
      
      @HWA
      
34.0  CERT Releases Distributed Attack Paper 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by jgrasett 
      The Computer Emergency Response Team has released
      the paper mentioned on HNN yesterday regarding
      distributed DoS attacks. The paper examines the use of
      distributed-system intruder tools and notes that better
      forensic techniques and training are needed. 

      Results of the Distributed-Systems Intuder Tools Workshop - PDF
      http://www.cert.org/reports/dsit_workshop.pdf
      
      (CERT should be commended for using the word
      'intruder' throughout this document as opposed to the
      word 'hacker')       
     
     
      @HWA 
      
35.0  PWC Finds Serious Weaknesses in Pension Fund Company 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Mr Man 
      It appears that during an audit the security auditors of
      Price Waterhouse Coopers were able to break into
      computers at The Pension Benefit Guaranty Corporation
      in Washington using dial up lines. Once inside, the
      auditors had the ability to not only create fictitious
      beneficiaries and send them money, but they could also
      edit or delete files and information on individuals in the
      systems. Pension Benefit Guaranty Corp. is owned by
      the federal government and guarantees the retirement
      checks of 42 million Americans. (Hmmm, I wonder how
      long those lines where vulnerable before the audit? And
      how many other companies have modems dangling off
      their network behind the firewall?) 

      NY Times       
      http://www.nytimes.com/library/tech/99/12/biztech/articles/08pension.html
      (Subscription required to retrieve this article - Ed)
      
      @HWA
      
36.0  Freaks Macintosh Archives CD 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Freaky 
      Freaks Macintosh Archives has produced a CD that
      contains all the Macintosh underground files known to
      exist. The CD also contains edited versions of Freaks
      talk at Defcon VII where Space Rogue officially directs
      users of the Whacked Mac Archives to Freaks Macintosh
      Archives. The CD is ready for pre-orders, this will assure
      that you get the low 20.00 price. To Pre-Order send a
      email to freaky-order@staticusers.net 

      Freaks Macintosh Archives       
      http://freaky.staticusers.net/
      
      @HWA
      
37.0  Nortell Releases Personal Hardware Firewall
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by AlienPlaque 
      Users of Cable modems, DSL, ISDN and even dedicated
      dial up connection are rapidly discovering the hazards of
      being online all the time. To help protect these users
      Nortel has introduced the personal hardware firewall
      that will sit on the line between your modem and
      computer. Currently 'Secure Cable' is only available for
      cable modem users but other bandwidth types will be
      available soon. (I hope this thing does an auto update
      or it will be out of date very quickly.) 

      Associated Press - via Yahoo
      http://dailynews.yahoo.com/h/ap/19991208/tc/cable_internet_security_1.html
      
      PR Newswire - via Yahoo       
      http://biz.yahoo.com/prnews/991208/nortel_sec_1.html
      
      Wednesday December 8 3:13 PM ET 

      Device Protects Internet Cable Users
     
      NEW YORK (AP) - Nortel Networks today introduced a new device that cable
      operators can use to protect their Internet subscribers from computer 
      hackers.
     
      While cable TV modems provide speedier Internet service than dial-up 
      connections through a telephone wire, the cable link is more vulnerable
      to hackers because it is usually on all the time.
     
      Some cable-Internet subscribers protect their computers from hacker 
      intrusions with special software or ``firewall'' hardware.
     
      Secure Cable, a feature of a new network connection box developed by Nortel,
      is a firewall that's designed to block hacker attacks in the network, before
      they reach subscriber computers.
     
      Nortel has introduced similar devices for dial-up service and digital 
      subscriber line, or DSL, a high-speed link over a telephone wire that 
      shares the vulnerabilities of cable.
     
      ``Having these types of solutions ... makes a lot of sense,'' said Lisa 
      Pierce, analyst at the Giga Information Group, noting that more than 10 
      percent of high-speed Internet users have experienced security problems.
       ``The average user shouldn't have to think about these technical issues.''
     
      The new Nortel firewall is part of its Shasta 5000 Broadband Service Node.
      A node is the part of a cable network that connects a group of neighboring
      subscribers to the Internet. It also enables users to subscribe to different
      Internet service providers.
     
      Nortel, based in Ontario, is one of the largest suppliers of network 
      hardware. It had sales of $17.6 billion last year. 
      
      -=-
      
      PR Newswire;
      
      Wednesday December 8, 9:01 am Eastern Time

      Company Press Release
      
      SOURCE: Nortel Networks Corporation      
      
      Nortel Networks Launches 'Secure Cable' Anti-Hacking Protection for 
      Residential and Small Business PC Users

      On-Line Security Critical as U.S. Operators Open Their Cable Networks For 
      Internet Access

      BOSTON, Dec. 8 /PRNewswire/ - Personal computer users subscribing to 
      `always-on` cable Internet access can now be protected from hackers -- an 
      increasing problem as cable modems become more and more popular -- thanks 
      to a new, mass market       security solution being launched by Nortel 
      Networks (NYSE/TSE: NT), the company announced today.

      Nortel Networks and its Shasta IP Services division are launching Secure 
      Cable, which offers anti-hacking protection for Internet cable subscribers 
      by securing each cable connection with network-based firewalls.

      Because cable Internet connections are always on, personal computers 
      linked to cable are exposed to hacker attacks. And, as broadband becomes 
      more widely deployed here and abroad and cable and telecommunications 
      companies offer high-speed Internet       access through cable or Digital 
      Subscriber Line (DSL), more consumers are reporting hacker attacks on 
      their PCs, sometimes leading to copying or destruction of sensitive data. 
      And the problem could get worse.

      It is predicted that by 2003, more than 30 million U.S. households will be 
      eligible for high-speed access cable. Furthermore, more than 12 million 
      U.S. households will have high-speed Internet access over cable or DSL by 
      2003, according to industry analyst       firm, The Strategis Group (Cable 
      Trends, June 1999). This represents a massive increase from today's 1.4 
      million cable and DSL Internet access subscribers throughout the country.

      `At least one out of 10 high-speed Internet users will experience or be 
      victimized in a hacker attack,` said Ron Westfall, senior analyst, Current 
      Analysis. `We see an increased demand for a basic, secure access solution 
      for high-speed connections like cable and       DSL. A basic 'door lock' 
      solution from Internet Service Providers would help protect customers from 
      simple hacker attacks and help speed the adoption of broadband. Nortel 
      Networks addresses the problem with a network-based firewall solution in 
      its Shasta 5000.`

      Nortel Networks' Shasta 5000 Broadband Service Node (BSN) also provides 
      cable operators with an IP services platform to provide for wholesale 
      access to their high-speed cable networks, allowing subscribers the choice 
      of Internet service providers. It is       the latest in a suite of 
      enhanced broadband services provided by Nortel Networks, which earlier 
      this year, launched its Secure Dial and Secure DSL solutions that are now 
      being used by service providers around the world.

      `Nortel Networks is at the heart of the Internet revolution and is a 
      global leader in the cable, Internet and telephony market,` said Anthony 
      Alles, president and general manager of the company's Shasta IP Services 
      business unit. `Besides building a faster, more       reliable Internet, 
      it also means enhancing broadband security for Internet users of DSL, 
      cable and other high-speed technologies, and we're achieving that for our 
      customers.`

      Nortel Networks has a major presence in the cable industry, providing high 
      speed optical networks, switches and routers, head-end equipment, cable 
      telephony systems, cable modems, and the Shasta Broadband Services Node 
      for value-added cable internet       services. The company and its Arris 
      Interactive joint venture with Antec supplies cable solutions to major 
      customers such as AT&T BIS, Time Warner, GTE, Comcast, Cox, Cablevision, 
      Rogers Communications, UPC, SPTA, Csii and Mitsui.`

      Nortel Networks is a global leader in telephony, data, wireless and 
      wireline solutions for the Internet. The Company had 1998 revenues of 
      US$17.6 billion and serves carrier, service provider and enterprise 
      customers globally. Today, Nortel Networks is       creating a 
      high-performance Internet that is more reliable and faster than ever 
      before. It is redefining the economics and quality of networking and the 
      Internet through Unified Networks that promise a new era of collaboration, 
      communications and commerce. For more information, go to 
      www.nortelnetworks.com. 
      
      @HWA
      
38.0  Interview with dap from sSh
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Exclusive by Sla5h
      
      Dap has since disbanded sSh (Sesame Street Hackers) the EFNet irc channel 
      #sesame is still in operation but has suffered several takeovers as is the
      way with 'scriptkiddy/cracker' channels these days. This interview was done
      when sSh was still active, a few weeks ago, and didn't make it to these 
      pages until now due to connectivity problems between the interviewer and
      myself. Dap dropped the ftp info for http://www.sShackers.com/ in several
      channels inviting people to 'deface' the site, which of course happened
      readily. The current state of the site has this message:
      
                 ALL OF YOU GIMPS THAT SO CALLED "HACKED" THIS SITE ARE STUPID!%$@^ 
                 IF YOU HIT THIS PAGE... ITS CAUSE I GAVE YOU THE FUCKIN' FTP INFO 
           ALL YOU GUYS ARE GIMPS... NOT HACKERS... IT WAS SUPOSED TO BE A BIG JOKE... 
            NOT ANOTHER DEFACED SITE TO ADD TO YOUR ATTRITION SHIZM... 
      AND SEEIN' AS I WAS A MEMBER OF gH, GH IS DEAD, YOU STUPID COCK SUCKIN' MUTHER FUCKER.. 
   GO BACK TO WHERE YOU CAME FROM... AND TRY AND CONVINCE SOMEONE YOU ARE ELITE QUOTE UN-QUOTE SOMEWHERE ELSE! 
                                        GOT IT?????
                                   STUPID PIECE OF SHIT... 
     sSh IS GAY... I KNOW THAT... THAT HAS TO MEAN A LOT COMIN' FROM THE EX-FOUNDER. 
                                   GO ./HACK A BOOK. 
                                       IDIOTS. 
                                       - DAP
                                       
                                       
     sSh/dap interview with Sla5h:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Session Start: Sun Nov 28 14:53:06 1999
      Session Ident: slash- (slash@ad5-m80.tel.hr)
       ---start interview---
       sup?
       sup G
       well
       nadda.
       thanx for taking the time for this interview
       pleasure is all mine 
       :D
       Can U tell us who came up with the idea to start sSH ?!?
       well.. the idea came to me while I was a member of gH.
       gH had recently went legit, and a lot of the members still wanted to do penetration
       but seeing as a few of the members got raided..
       hacking under the name of gH was like a death wish.
       ..so U started sSH
       yes.
       How many members sSH counts today ?!?
       about 20
       we've grown rapidly since our media hype with ytcracker.
       and fuqrag
       I heard they got raided ?!
       is that true !?
       they haven't got raided...
       yet
       :)
       U aint afraid to get raided ?!
       I was told that rackmount, ytcracker and fuqrag will be raided soon.
       well... if you look at most of my defacements... only a few are .mil's and .gov's
       I dont target the government as much as the other members do
       seeing as im not into the IIS4 shit.
       only government boxes I hit are running an operating system unix based.
       Will sSH end like gH ?
       I hope not...
       y'see... sSh is always excepting new members...
       we will always exist...
       if 5 members get raided...
       they'll prolly be another 6 joining.
       within the next month or so
       I dont want the group to be to big... but I dont want it to die out 
       Why do You deface ?
       well...
       hmm...
       :)
       Ok ..
       the thing is...
       most of the systems I deface, I've had root on for a while...
       about a month or so...
       So they had the time to fix the holes
       and the funny thing is... they didn't even know til I defaced the site...
       they had more then enuf time.
       but still...
       Someone once said that hackers do it to satisfy their ego
       I have gotten a few job offers from sites that I have defaced.. and they have contacted me for technical support etc.
       I like that attitude in an admin.
       slash.. thats somewhat true...
       some due it for the media hype. i.e (ytcracker)
       Yeah
       yt really hit the media
       yah ...
       You don't do it for fame !?
       its not really hard to get into the media like that.
       but... ytcracker needs to take a reality check.
       did real hacking loose sense ?!?
       he is a good friend... and whatever he wants to do, I got his back.
       is it all about fame these days
       ?
       but he thinks he is in a dream world and that he wont get raided.
       did real hacking loose sense...
       thats another one of the reasons I started sSh ..
       I have been in the 'scene' for some time now.
       and the ethics sure have changed since 4 years ago.
       (when I was 12)
       nobody did it for the media...
       cept for LOU
       a lot of people just wanna be known...
       now a days
       nobody cares about ethics anymore... it just turned into a big popularity contest
       U plan to retire some day !?
       well... im sure I will just say fuck it.. and stay off irc for good.
       but.. 
       seeing as I do penetration testing for a living, I gotta stay ontop of security
       So we'll be seeing you in the future as an individual or U'll do defacments for sSH ?1
       if you wont see me defacing for sSh, you prolly wont see me at all..
       Is there anyone in this scene truly the king?
       hold?
       k
       talking to a fed on the fone...
       ;\
       :(
       can we continue now ?
       hold
       hello?
       yah
       sup?
      Session Close: Sun Nov 28 15:38:48 1999
      
      
      Session Start: Mon Nov 29 15:49:30 1999
      Session Ident: slash- (slash@ad9-m74.tel.hr)
       hi
       sorry about yestrday
       I got disconnected
       ok
       sup?
       you wanna finish the interview?
      Session Close: Mon Nov 29 15:53:17 1999
      
      
      Session Start: Tue Nov 30 14:37:12 1999
      Session Ident: slash- (slash@ad11-m107.tel.hr)
       what's the key for sesame
       FBEYE
       whats the url for HWA
       and the interview
       the interview isn't out yet
       we have to finish it
       ok..
       continue
       k
       --------------------------------
       Is there anyone in this scene truly the king?
       there is people i give mad respect to...
       like
       xdr
       prym
       soupnazi
       not really a king, more like pros
       In what category do U sort to !?
       I dont possition myself in any category ...
       I like to learn different things...
       I'd rather know a little about everything then a lot about one thing
       Can U tell us more about sSH members ?
       like 
       how skilled they are
       etc.
       sSh members skilled in different areas...
       like
       ..
       we got members aging from 12 to the 30's
       12 !??!
       w0w
       we have a female
       w0000wwww
       who is she ?!
       Mya
       She defaces !?
       she defaced 2 sites so far ...
       she just started.
       ;\
       we got about 27 members
       kewl
       that's alot
       http://www.sShackers.com/members.html
       site is fucked, but the guy cant do html for shit
       :|
       (checking the site up)
       ok .
       it isn't bad
       yes it is
       if you view it in IE
       its ok
       dap dude
       sup?
       I'mm be back in 1/2 hour
       I'll be back 
       ok
       whats the url?
       for the HWA site
       or whatever
       it is
       welcome.to/HWA.hax0r.news
       l8r
       ok 
       bye
       bye
      Session Close: Tue Nov 30 15:22:03 1999
      
      @HWA
      

39.0  Melissa Creator Pleads Guilty 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by nvirb 
      David L. Smith, who was arrested for creating and
      releasing the Melissa virus in April, plead guilty on
      Thursday to a second-degree charge of computer theft.
      The charge covers intercepting computer
      communications and damages to computer systems or
      data and is punishable by 5 to 10 years in jail and up to
      a $150,000 fine. 

      "Yes, I admit those events occurred as a result of the
      spread of the Melissa virus. But I did not expect or
      anticipate the amount of damage that took place. When
      I posted the virus, I expected that any financial injury
      would be minor and incidental. In fact, I included
      features designed to prevent substantial damage. I had
      no idea there would be such profound consequences to
      others." - David Smith (quote taken from ZD Net) 

      ZD Net
      http://www.zdnet.com/zdnn/stories/news/0,4586,2406592,00.html?chkpt=zdnntop
      
      Reuters
      http://www.nandotimes.com/technology/story/body/0,1634,500140419-500165810-500604970-0,00.html
      
      Associated Press - via ABC News       
      http://abcnews.go.com/sections/tech/DailyNews/virus_melissa991209.html
      
      Smith pleads guilty to Melissa virus

      Melissa infected hundreds of thousands of
      computers -- now its creator faces 10 years
      in prison and a $150,000 fine.
      
      
      
      By Robert Lemos, ZDNet News
      UPDATED December 9, 1999 12:40 PM PT 
      
      
      David L. Smith, who was arrested for creating and
      releasing the Melissa virus in April, plead guilty on
      Thursday to a second-degree charge of computer theft.
      
      The Melissa macro computer virus hit companies on March
      26 after being released to a Usenet newsgroup as part of
      a list of porn sites contained in a Word document infected
      with the virus. 
      
      The virus, which mailed itself out to the first 50 addresses
      listed in the address book of Microsoft's Outlook e-mail
      client, caused a massive spike in e-mail traffic, flooding
      corporate e-mail servers. Companies such as Microsoft
      Corp. (Nasdaq: MSFT), Intel Corp. (Nasdaq:INTC),
      Lockheed Martin Corp. (NYSE: LMT), and Lucent
      Technologies Inc. (NYSE:LU) shut down their gateways
      to the Internet in the face of the threat.
      
      After Judge John Riccardi outlined the events, a
      nervous Smith read the following statement:
      
      "Yes, I admit those events
      occurred as a result of the spread of the Melissa virus.
      But I did not expect or anticipate the amount of damage
      that took place. When I posted the virus, I expected that
      any financial injury would be minor and incidental. In fact,
      I included features designed to prevent substantial
      damage. I had no idea there would be such profound
      consequences to others."
      
      'I certainly agree'
      When the judge again asked if Smith agreed that it
      caused significant damage to computer systems
      nationwide, Smith replied, "I certainly agree. It did result
      in those consequences, without question."
      
      The crime -- which covers intercepting computer
      communications and damages to computer systems or data -- is
      punishable by 5 to 10 years in jail and up to a $150,000 fine.
      As part of the plea agreement, Smith has
      agreed to the maximum penalty for the crime, but the presiding
      judge could ignore the recommendation.
      
      Smith appeared in Monmouth County, N.J., Superior Court at 10
      a.m. ET. He has another appearance scheduled in the
      U.S. District Court in Newark later today to answer to
      federal charges in the case.
      
      According to law enforcement sources close to the case,
      Smith will enter a guilty plea in federal court as well.
      Edward Borden, Smith's attorney in the case, could not
      be reached for comment.
      
      Court papers filed in August stated that Smith confessed to
      writing the virus. Smith had admitted his guilt at the time
      of the arrest, said Paul Loriquet, a spokesman for the
      New Jersey Attorney General's office, in a ZDTV interview.
      
                          "There was a statement made
      at the time of the arrest from Mr. Smith to our
      investigator... that, in fact, at the time of the arrest, he
      had admitted to creating the virus and had said that he
      had destroyed the personal computers that he had used
      to post it on the Internet," Loriquet said in the report.

      -=-
      
      Reuters/Nandotimes;
      
      Computer programmer pleads guilty to creating 'Melissa' virus 

       Copyright  1999 Nando Media
       Copyright  1999 Associated Press
      
      
      By JEFFREY GOLD 

      NEWARK, N.J. (December 9, 1999 11:59 a.m. EST http://www.nandotimes.com) - 
      A computer programmer admitted Thursday to creating and distributing the 
      "Melissa" virus. David L. Smith acknowledged caused millions of dollars of 
      damage       by disrupting e-mail systems worldwide. 

      Smith pleaded guilty to a state charge of computer theft. He was expected 
      to plead guilty in federal court in Newark later Thursday. 

      The virus, believed to be named for a topless dancer Smith knew when he 
      lived in Florida, wreaked havoc at the end of March. 

      "I did not expect or anticipate the amount of damage that took place," 
      Smith read from a statement after answering a series of questions from his 
      lawyer. Smith said he believed any damage would be minor. 

      Smith, 31, is believed to be among the first people ever prosecuted for 
      creating a computer virus. He was arrested April 1 at his brother's home 
      in nearby Eatontown in Monmouth County and freed on $100,000 bail the next 
      day. 

      Smith said he created the virus on computers in his Aberdeen apartment and 
      used a stolen screen name, "Skyroket," and password to get into America 
      Online. In the online service's alt.sex newsgroup, he posted a file called 
      "list.zip," a       listing of adult web sites and passwords, which 
      contained the virus. 

      Asked by his lawyer, Edward F. Borden Jr., if that was designed to entice 
      people to download the file, Smith said, "Yes." 

      "Melissa" struck thousands of e-mail systems on March 26. Disguised as an 
      "important message" from a friend or colleague, the virus spread around 
      the world like an electronic chain letter. 

      The virus was designed to lower security settings on computers with 
      Microsoft Word 97 and Microsoft Word 2000, making them vulnerable to other 
      viruses so that any document created would be infected. It also was 
      designed to send       infected mail to the first 50 names in a computer 
      user's address book through the Microsoft Outlook e-mail program. 

      Under his plea bargain, Smith could face five to 10 years on the state charge
      and up to five years in prison on a federal charge. Sentencing for the state 
      charge was tentatively set for Feb. 18. 
      
      -=-
      
      Associated Press;
      
      
      Virus Guilty Plea Entered 


      Suspected Creator of Melissa in Court 

      David L. Smith, center, and his attorney Ed Borden, left, talk to a court official in
      the courtroom after Smith's hearing at the Monmotuh County Courthouse in
      Freehold, N.J., on Thursday, April 8, 1999. (Daniel Hulshizer/AP File Photo)




       By Jeffrey Gold
       The Associated Press
       N E W A R K,   N.J.,   Dec. 9  A computer
       programmer admitted today he created and
       distributed the Melissa virus that he
       acknowledged caused millions of dollars of
       damage by disrupting e-mail systems worldwide.

            David L. Smith pleaded guilty to a state charge of
       computer theft and later to a federal charge of sending a
       damaging computer program. In the federal plea, both sides
       agreed the damage was greater than $80 million. 
            The virus, believed to be named for a topless dancer
       Smith knew when he lived in Florida, wreaked havoc at the
       end of March. However, authorities said today they could
       not confirm the origin of the name of the virus. 

       Claims Did Not Anticipate Effects
       I did not expect or anticipate the amount of damage that
       took place, Smith read from a statement after answering a
       series of questions from his lawyer. Smith said he believed
       any damage would be minor. 
            Smith, 31, is believed to be among the first people ever
       prosecuted for creating a computer virus. He was arrested
       April 1 at his brothers home in nearby Eatontown in
       Monmouth County and freed on $100,000 bail the next day.

            Smith said he created the virus on computers in his
       Aberdeen apartment and used a stolen screen name,
       Skyroket, and password to get into America Online. In
       the online services alt.sex newsgroup, he posted a file
       called list.zip, a listing of adult web sites and passwords,
       which contained the virus. 

       Downloading was Expected
       Asked by his lawyer, Edward F. Borden Jr., if that was
       designed to entice people to download the file, Smith said,
       Yes. 
            Melissa struck thousands of e-mail systems on March
       26, disguised as an important message from a friend or
       colleague, and spread around the world like an electronic
       chain letter. 
            Melissa was designed to lower security settings on
       computers with Microsoft Word 97 and Microsoft Word
       2000, making them vulnerable to other viruses so that any
       document created would be infected. It also was designed
       to send infected mail to the first 50 names in a computer
       users address book through the Microsoft Outlook e-mail
       program. 
            Under his plea bargain, Smith could face five to 10
       years on the state charge and up to five years in prison on a
       federal charge. Sentencing for the state charge was
       tentatively set for Feb. 18. 
       
       @HWA
       
40.0  Privacy of US Military Officers Breached 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      It has been standard practice of the Department of
      Defense to report the names and social security
      numbers of officers getting promoted to the US Senate.
      This information is then entered into the Federal
      Register for all to see. Several of these officers have
      become victims of credit card fraud. The Secret Service
      is investigating. The Pentagon said it is no longer
      providing Social Security numbers to Congress. (Thats
      just brillant. Any foriegn power can now run credit
      checks on high ranking military personel. Wonderful.) 

      Nando Times
      http://www.nandotimes.com/technology/story/body/0,1634,500140349-500165712-500603813-0,00.html
      
      Public Sources for SSNs           
      http://www.glr.com/ssnpub.html
      
      Credit scam hits military officers 

       Copyright  1999 Nando Media
       Copyright  1999 Associated Press
      
      WASHINGTON (December 9, 1999 8:27 a.m. EST http://www.nandotimes.com) - 
      The Pentagon said Wednesday that hundreds of military officers, including 
      some of the nation's top officers, have become victims of credit card 
      fraud after their names and Social Security numbers were published in the 
      Congressional Record and on the Internet. 

      The Secret Service, which has jurisdiction over credit card fraud, has 
      taken the lead in the investigation. 

      "It's something the Defense Department has been concerned about for some 
      time," Pentagon spokesman Bryan Whitman said Wednesday after reports that 
      one Web site listed the names and Social Security numbers of 4,500 
      military       officers. The information was culled from the pages of the 
      Congressional Record. 

      Whitman said the Pentagon no longer provides Social Security numbers to 
      Congress. 

      Self-styled Pennsylvania privacy expert Glen L. Roberts, who acknowledges 
      putting the names and numbers on his Web site, said he was merely trying 
      to underscore how easy it is to obtain such information. 

      "People in the Pentagon are outraged that I would be so bold as to quote 
      the Congressional Record," Roberts said. 

      In 1968, the military services began using Social Security numbers as 
      general identification numbers for all military personnel. Until recently, 
      these numbers were routinely carried in the Congressional Record every 
      time military       promotions were reported to the Senate. 

      Roberts said he has not posted any new Social Security numbers on his Web 
      site since the Congressional Record stopped publishing them and that there
      is no way to tell whether identity crooks obtained the names from his site,
      or from the Congressional Record itself. 
      
      @HWA
      
41.0  Commerce Dept. Introduces New Security Initiative 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Code Kid 
      Yet another government/industry partnership focusing
      on Internet security has been introduced, this time by
      the Commerce Department. This one hopes to spread
      information security best practices throughout the
      private sector. There are 65 companies and associations
      from almost every industry segment involved in the
      Partnership for Critical Infrastructure Security. (Sounds
      familiar. Ummm does Infraguard or FidNET ring a bell?
      How many of these taxpayer funded organizations do
      we need?) 

      Federal Computer Week
      http://www.fcw.com:80/pubs/fcw/1999/1206/web-security-12-09-99.html
      
      Yahoo News       
      http://dailynews.yahoo.com/h/nm/19991209/tc/tech_security_2.html
      
      DECEMBER 9, 1999 . . . 14:31 EST 


      Feds, industry join forces on info security

      BY DIANE FRANK (diane_frank@fcw.com)

      NEW YORK -- The Commerce Department on Wednesday introduced a
      new government/industry partnership that will help spread information security
      best practices throughout the private sector and will improve the overall security
      of U.S. critical infrastructure.

      The Partnership for Critical Infrastructure Security is the latest initiative under
      Presidential Decision Directive 63, which requires agencies to protect their
      critical information systems and infrastructures against cyberattack. PDD 63
      has led to the creation of government security organizations, including the
      Critical Infrastructure Assurance Office and the National Infrastructure
      Protection Center. 

      But much of the nation's infrastructure is built and run by industry and not
      controlled by government, so the private sector must take an active roll in the
      protection, said Commerce Secretary William Daley.

      "We are, based on the President's directive, extremely concerned about the
      nation's infrastructure...but the federal government alone can't protect it; it's in
      the hands of the private sector," he said.

      There are 65 companies and associations from almost every industry segment
      involved in the partnership. Part of the mission of the partnership will be to
      encourage participation by more small businesses and state and local
      government groups and to enhance information sharing on security knowledge
      and expertise, Daley said.

      "This cross-sector work is very important," said Harris Miller, president of the
      Information Technology Association of America, a partnership member
      organization. "Information security has not yet permeated the consciousness of
      boardrooms and suites across the country."

      The partnership has set five issues to focus on: education; work force
      development; awareness and training; best practices; and research and
      development. Another issue that the partnership plans to study is globalization.
      Although the Clinton administration mainly is concerned about U.S. national
      security issues, many of the companies in the partnership are global, Miller said. 

      The structure of the partnership is still under development, but Commerce will
      be serving in an advisory and enabling role, providing personnel, advice and
      other resources when needed, not regulation or federal requirements, Daley
      said. And as the leaders for the group, industry sees this as a way to forestall
       potential legislation or regulation from Congress, Miller said.
       
      -=-
      
      Thursday December 9 1:29 AM ET 

      US Companies, Commerce Dept Meet on Tech Security
     
      By Bill Rigby
     
      NEW YORK (Reuters) - Commerce Secretary William Daley met representatives 
      from major corporations on Wednesday to seek ways to protect America's 
      banks, electrical grids, phone lines and other key services from 
      breakdowns caused by computer hackers or technological glitches.

      On hand to kick start the new government-private sector forum were 
      representatives from about 80 companies, including Microsoft Corp., 
      (NasdaqNM:MSFT - news) Citigroup, (NYSE:C - news) AT&T Corp. (NYSE:T - 
      news) and Consolidated Edison Inc.       (NYSE:ED - news), among others.

      They agreed to hold a summit early next year to find ways federal 
      government and businesses could work together to guard against major 
      disruptions from technology breakdowns or security lapses.

      The Partnership for Critical Infrastructure Security was created after a 
      1998 government white paper called for a bridge between federal agencies 
      and companies in technology-reliant sectors such as finance and banking, 
      transport, energy and public emergency       services.

      Daley said Y2K computer problems were not a prime concern of the forum. He 
      said the government and companies were already in a good position to 
      counter any inconveniences in services that may follow the millennium date 
      change, which some computers may       not recognize correctly because of 
      outdated software.

      Daley told reporters after the meeting that the federal government alone 
      could not protect privately controlled technology infrastructure systems 
      such as the Internet or utility power grids.

      He said there was a close tie between economic and national security which 
      made a public-private partnership crucial. He said the fast expansion of 
      business conducted electronically left the country vulnerable to various 
      threats including hostile computer hackers.

      Corporate representatives said they hoped to establish industry standards 
      for security of electronic data, and increase awareness of 
      ``cyber-ethics''.

      Kenneth Watson, representing computer networking giant Cisco Systems 
      (NasdaqNM:CSCO - news), said the nascent forum had identified education, 
      workforce development, research and development and the establishment of 
      best practices in technology security       as the key areas the forum 
      would look at.

      Microsoft representative Howard Schmidt said the forum marked an important 
      shift in which companies would become more proactive in working with 
      government to ensure security standards.

      Harris Miller, representing the Information Technology Association of America
      trade group, said one of the forum's chief aims was to get companies to give 
      information security practices the same priority as physical security.  
      
      @HWA
      

42.0  Attrition Celebrates One Year Birthday 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by hero 
      Attrition.org is celebrating one year of free service to
      the net. Attrition is well known for its
      crypto/text/denial/advisory archives as well its errata
      sections. It is probably most well known for the
      excellent work they do on the Attrition Defacement
      mirror. 

      Attrition.org Birthday Message     
      http://www.attrition.org/news/content/99-12-10.001.html
      
      ttrition's One Year Birthday Rant


      And the folks at Attrition are quite strange. So strange as to run a weird 
      web site that goes against the grain of all things deemed 'good web 
      design'. No graphics, use of dark colors, no advertising or self promotion 
      of services. Everything people associate with an evil hacker site. Despite 
      this, we offer more information and more services than almost any other 
      security site out there. Because of the red text on black background, our 
      ethics and morals are constantly assumed and maligned.

      We're quite used to that these days. Let the stuffy dogmatic atavistic 
      twerps dare to evolve. While they are sitting at home enjoying their 
      string beans and meat loaf, eating dinner with their significant other and 
      2.4 kids, we are enjoying our hedonistic lifestyles. Oh       yeah!

      While it isn't quite that extreme, the staff here are constantly reminded 
      of this picture. Unfortunate that a few detractors tarnish the picture 
      painted by millions of viewers of our site. I guess that is the nature of 
      the pessimistic beast. Onward...

      

      To be honest and up front with you, this article has no real value to the 
      hardcore info-whore. Instead, we offer nothing more than a fun rant as a 
      reward to ourselves for a job well done. We'll even include some choice 
      quotes about Attrition and her staff that should       provide a well 
      rounded view of what type of degenerates run this thing.

      Eleven months ago, Attrition was little more than a unix system with a 
      handful of accounts that provided a stable place for email. Originally a 
      quick web page with a handful of files carried over from Jericho's 
      personal web page and not much more. Every day that       passed, some new 
      element of the web page begun. We quickly picked up a few more users and 
      opted to focus on offering new sources of information.

      Early on, there were ten to fifteen users on the system. You were either a 
      shell user, or not. Eventually, questions were asked about who ran the 
      system, who owned it, the meaning of life and more. At that point the 
      designation 'staff' was brought about. 'Staff' is       probably not the 
      best word as it implies some greater sense of responsibility or 
      obligation. What it really means is the person has the ability to change 
      things (root), or is trusted to speak on behalf of the system. Not much 
      more.

      With the advent of the Attrition Mirror, the site has grown in exposure 
      considerably. At first, mirrors were taken using wget followed by half a 
      dozen commands to make them accessable to viewers. The past few weeks have 
      seen considerable development in a       custom tool called aget 
      (Attrition Get) that automates about 90% of the mirroring tasks. It is our 
      hopes that the next few months will see a finished version of aget that 
      automates everything, including doing the laundry.

      Perhaps the most consistant but low-key sections of Attrition are the text 
      archive and crypto library. Receiving attention on a near daily basis, 
      Modify and Wrlwnd spend considerable time and effort to bring viewers a 
      well organized and comprehensive collection.       Utilized by thousands 
      of people a day, these two sections bring utilities and information to the 
      masses.

      Today, Attrition is udpated by less than ten people, in their spare time. 
      A labor of love so to speak, Attrition is not a business or a requirement. 
      Where it goes tomorrow is uncharted territory.

      Voila! Here we are. Yes, that is the short history of things.

      

      Technically and statistically, what is Attrition, and what does it do? 
      Wonders. The main system is a P166 with 64 megs of RAM. The simple fact 
      that the machine has not been reduced to a smoldering pile of plastic and 
      circuits is simply amazing. 'forced' handles a       considerable amount 
      of traffic each day. Our busiest days see over 100,000 pieces of mail 
      transfered and over 750,000 HTTP requests served. This makes for over 5 
      million hits per month on the web server, serving over 4 million different 
      people. Not bad for a little pentium hosting a hobby site.

      

      Things I Learned From Attrition

      For the most part, net users are stupid, shallow, and petty. I know I 
      know, that is not a nice thing to say, but being the negative person I am 
      combined with the assault of stupidity we receive, it is difficult to 
      think otherwise.

      Net etiquette is dead. People can't seem to deal with their problems any 
      more. Even hiding behind their monitor and keyboard, they still refuse to 
      confront someone they think they have a problem with. Nine out of ten 
      complaints about Attrition were sent to our       upstream provider 
      without even copying us on the mail as a general courtesy. Our upstream 
      dutifully forwards the mail to us to get our side of things and goes on 
      from there. Eight of those nine complaints are unfounded or we deal with 
      them without the aid of our upstream. People could save so much time by at 
      least giving us a chance to address any issues.

      If I didn't know better, I would swear the net consists of almost fifty 
      percent of cheap bastard lawyers that know as much law as they read on the 
      back of a cereal box. We have been threatened with almost two dozen 
      lawsuits so far. Not a single one made it to a       phone call or 
      paperwork. Each and every time it takes a few minutes to quote some 
      relevant law, or explain things very clearly and the ignorant/hostile 
      party backs down without much to say. In case it isn't clear, a threat of 
      lawsuit will only make us treat you like shit. Grow up.

      To the handful of people who have written in thanking us for our work, we 
      thank you in return. It is those few shreds of appreciation that make us 
      realize our work is appreciated. To the rest of you primates, if you don't 
      like something about the site, you have two       things you can do. The 
      first is to give constructive criticism so that we may try to improve if 
      we agree with you. To clue you in, constructive criticism does not include 
      "fucking stupid", "wtf is that", or like comments. The second thing you 
      can do is kindly fuck off and quit viewing our site. Don't like it? Don't 
      look. End of story. We are not a business, we do not make money off you 
      visiting, we do not need you.

      
      Future

      One of the most often asked questions these days is something akin to 
      "Where is Attrition going next?" To answer this once and for all, without 
      equivocation, We do not know! Attrition has no grand plan or well defined 
      map. Day to day we make decisions or       brainstorm new ideas that lead 
      to an overall picture of what the site is. We believe it is this lack of 
      plans that helps construct what Attrition is.

      

      Attrition exists for the users and viewers. Anyone who has contacted 
      attrition staff in the past should realize this. We respond to almost 
      every piece of email, regardless of content. If nothing else, we send 
      acknowledgement that we received the email so that readers       know we 
      care about their comments. Pointers to typos or errors go answered in 
      hours. Features or suggestions are almost always implemented, sometimes in 
      a day or less. Thanks to our readers, serious refinement has been done to 
      several pages. Our aget utility has receied many enhancements at the 
      suggestions of our readers, and we thank you for it.

      On top of the staff and viewers of Attrition, there exists another special 
      group of degenerates that deserve special thanks and recognition. These 
      are the individuals that have helped bring our name to the masses. First 
      and foremost, we thank the Hacker News       Network (HNN) for being the 
      first to give daily links to our mirror, as well as special segments 
      devoted to other sections of Attrition. Yes, that blue haired freak of 
      nature Space Rogue is constantly helping us out in many ways. We love you!

      Others like the 'skinhead' degenerate Netmask at Mindsec, our 'media 
      darling' (barf) Ender at OSALL, and the foreign folks at Net-Security and 
      403 Security all deserve a round of thanks/beer. In recent months, 
      professional sites like SecurityFocus and       NTSecurity.net have also 
      begun linking to us. Their links add a sort of professional validation to 
      the work we do.

      

      To finish this piece, we look to readers, detractors and staff for final 
      comments. We asked people what they thought of Attrition, or what came to 
      mind when they thought of it. To be fair, we sort of encouraged more 
      obscure or esoteric answers. No, we can't be       normal.

      We'll start with the true foundation of Attrition. Asking the mothers of
      the staff members. What do you think of Attrition, or what does it mean 
      to you?
      
              "The first time I looked at it, I thought you were
               all disturbed."        - Punkis' Mother
      
      
              "Attrition.org has changed my life - not in the way you
               might think - you see, attrition.org is my grandchild in a
               bizarre sort of way.  Attrition.org was conceived by my son
               and just as for any mother the journey into the role of
               grandmother is quite unique.  This grandchild, attrition.org.,
               has opened many doors for me.  This child shows me things I
               have never seen.  Sometimes it scares me with where it goes in
               the world of cyberspace.  Sometimes it brings me to tears with
               laughter.  It never ceases to amaze me.  Like any one year old
               I believe it is still finding its way.  Attrition.org is the
               image of its father.  It is a brilliant star, a myriad of emotions,
               a wealth of knowledge, a whirlwind of activity.  I hope I am
               around for many years to come to enjoy attrition.org., this one
               of a kind offspring who has come so far in just 365 days.
               Happy Birthday!!!"     - Jericho's Mother
      
      
      Turning to the Attrition staff, we get the most.. disturbing answers.
      
              "'What does attrition mean to me....' I was recently asked to
               comment on this by cult_hero for attrition's 1 year aniversary
               piece and I have been racking my brains as to how I wanted to
               answer that, in my usual smart ass fashion or actually being a
               little serious for once. Mabey I will try a little of both.
               Attrition means a lot of things to me. For example ever since
               we have started mirroring web page defacements I have found myself
               saying "punkis, you picked the wrong year to quit sniffing glue..."
               Although it can be a giant pain in the ass to maintain I have
               always beleived it is a good resource. I guess thats a good way
               to sum up what attrition is all about, a great resource covering
               a very broad range of topics. Where else can you go to read
               security advisories, browse en excellent text archive, read
               music reviews, even read calimari reviews. We now even have
               pages demonstsrating how to properly and safely clean a variety
               of weapons.
      
               Attrition is a strange mix of freeks, geeks, hippies, poets,
               drunks, gun nuts, computer crime advocates (snicker) and generally
               unruly and rude people. Considering the site has always been a
               "hobby site" I think we have done a pretty good job of keeping
               the content fresh which can't be said about many sites. Like
               sites that have venture capital. I don't think I need to name names
               here...We have a lot of ideas on where we'd like to see attrition
               go so I think the site will grow to be more and more diverse as
               time goes on.
      
               We are the ones our parents warned us about. At night when you
               can't sleep and hear someone scratching on the wall, its us.
               Remember that time you went camping and saw those wierd lights
               in the sky? Yes, it was us. Read about that small government that
               was recently overthrown? We were probably involved. Roswell? We
               aren't that old....well except for cancer omega."
                                      - punkis
      
      
              Being with Attrition is like being in a rock band.  We have a tendency 
              to cause a stir whereever we go, even though we're trying to be
              inconspicuous.  We travel a great deal and always have our equipment in
              tow.  Our best work is when we all sit down together, just pickin' and
              grinnin' like the old times.  Seems like someone's always trying to spy on
              us so they can get some kind of inside scoop on us; like they're trying to
              figure us out and can't quite wrap their brain around what we really are. 
              People either absolutely love us or absolutely hate us.  The people who
              love us sometimes hate us for the different things we do, and those who
              already hate us will continue to hate us no matter what we do.  The only
              difference is we don't have roadies or near as many groupies.  And at last
              count, nobody's rushed the stage when we gave a show. 
      
              That being said, there is nothing more to say. Viva Attrition!
                                      - Cancer Omega
      
      
              "I wish I could explain in words what Attrition has meant to
               me but that's rather impossible. However I've never been involved
               in a project that allowed me to immerse myself in a culture in
               less than 10 months.
      
               Being involved with Attrition is quite an experience. I love
               how none of the staff take any shit and each person adds their
               own perspective to the site.
      
               Of course, the minute I send this I'll have the Pulitzer-winning
               speech of a lifetime.
      
               Suffice it to say that I'm proud and honored to have some great
               friends like you guys, it really is great."
                                      - McIntyre
      
      
      The quasi-grandfather of Attrition (so said because he is two days older
      than dirt) came up with a few great quotes to mock the rest of staff.
      
              "Before I found attrition, I was all messed up on drugs.  Now
               that I've found attrition, I'm all messed up on attrition."
                                      - McIntyre
      
      
              "Since I joined attrition, I'm my own hero.  And hers, too!"
                                      - cOmega
      
      
              "I didn't know what to make of attrition until I visited Jericho
               and he showed me that he'd spelled out 'Have a Nice Day' with
               the skulls of Happy Hackers he'd decapitated.  Now I'm sold."
                                      - Punkis
      
      
              "Attri-what?"           - Modify
      
      
              "Go AWAY!  I'm BUSY!"   - Jericho
      
      Some of those seem to be quite accurate once you get to know the staff 
      members! What are other members of Attrition saying?
      
              "Attrition.org is turning a year old....my my my...what can one
               say about such an occasion? Well, from the beginning....wait..
               hold up..Attrition.org turning a year old and the millennium
               approaches? Is there a connection? Oh *cripes*....there must be.
               Why else would the government hold mal_vu hostage? They're
               working TOGETHER!!  Okay...this information must get out into
               the general populas...wait...there's a knock at the door....
               *bang*"                - WrlWnd
      
      
              "Attrition is a [joke/comedy] [played on/performed before]
               an audience too afraid to laugh."
                                      - Munge
      
      
              "Where people with no friends hangout, doing weird shit, from
               warped minds and not giving a toss what others think. Where we
               get whipped and you get shit. The folks at Attrition once had
               social lives, were once popular, even had potential. Now they
               have minds of their own. Like we really care what you think?
               One year on: and getting stranger by the day. As time goes on the
               voice of attrition only gets loder, conforming to no society,
               having no real direction, just going with the flow of daily life.
               Finding a new freedom, pushing the boundries of each path it
               choses to partake in." - Blaise
      
      Yes, they seem more thoughtful and well read than we do! How about
      our affiliates? What kind words can they bestow upon us?
      
      
              "Attrition.org? One of us owes the other beer I think." 
                                      - Space Rogue [HNN]
      
      
              "Attrition.org?  Blergh.  It's esoteric, it's prostate,
               lamentable and regrettable.  In a word?  Love.  I love it."
                                      - Ender Wiggin [OSALL]
      
      
              "Even though attrition uses the letters "FUCK" on its main 
               page, i still link it from my "try to be" professional site. 
               So maybe I am a hypocrite. whatever. Attrition has given me 
               data to use as a filler on my main site, something to do when 
               my boss says I should be working. Some of the staff members make 
               me realise that EverQuest is an evil game, and will eat your
               life away. This is why when I talk to jericho, he is always 
               talking about killing spammers with his sword, and how they 
               should know not to mess with any level 21 player. Honestly, 
               Attrition went from a 'whats the point' type of thing to me, to 
               a site that i respect, after I started to understand the actual 
               point. It has also lead me to remember that some people, no matter 
               how much you shit on them, and how many times you stabbed them in 
               the back, they can throw together a "one more chance" type
               of deal (Yes.. It is true.. Jericho and I haven't always been so
               intimate^H^H^H^H^H^H^H^H friendly. Either way, ill end with.. The 
               site rocks, the work is good, these people are just like me, they 
               have no lives.. and they are doing something without pay or profit."
                                      - Erik Parker [Mindsec]
      
      
              "If this is Attrition at one year, I can't wait till it 
               reaches the 'terrible two' stage"  
                                      - C. Fennelly
      
      
              "Screw Attrition, them fools still owe me $50 for that
               last rock!"            - Bronc Buster
      
      
              "Your site is unique in its own right, and despite
               what other egotisticle, idiotic, narrow-minded fools out 
               there think, sites like yours are wonderful for the folks 
               out there like me... who dont neccessarily take what we 
               learn from your site and use it to our personal gain or 
               anything else, but just for the simple reason of the
               knowledge of it all."  - Nan
      
      
              "Because of the high dollar lobbyist donations to undisclosed
               members of the Senate, we are still non profit!"     
                                      - Mal Vu
      
      
      Spammers have quickly learned that unsolicted commercial email is frowned upon.
      How anti-spam are we?
      
              "People who send spam to Attrition Staff, beware!
               They say that there's a room where they keep the skulls
               of spammers, lined up in a row on a shelf.  They say
               that, late at night, they go there, and talk to them...
               They say the members of the Attrition Staff ask them,
               "Now tell us again, how *do* you make money fast?"
                                      - Jay Dyson, de-spammer for NASA JPL
      
      
      
      
      In conclusion, in case it wasn't readily apparent and beating you senseless... 
      if you don't like what you see, don't look. Expect less and you will be 
      disappointed less. That and a million other
      cliches.
      
      As Mcintyre always says, "keep your sheep warm at night."
      
      That is it. Until next year...
      
      
      ATTRITION Staff (staff@attrition.org)
      Copyright 1999
      
      
      About  Attrition: http://www.attrition.org/attrition/about.html
      Attrition  Staff: http://www.attrition.org/attrition/staff/
      Why  (quasi-faq): http://www.attrition.org/attrition/why.html
      What's Attrition: http://www.attrition.org/news/content/99-09-10.001.html
      Our   Disclaimer: http://www.attrition.org/attrition/warn.html
      
      @HWA
      

43.0  Russian Echelon? 
      ~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/


      contributed by AlienPlaque 
      The successor to the KGB, the Federal Security Service
      (FSB), has set up a network of data links connected to
      every major Russian Internet service provider that
      allows unlimited monitoring of private emails and
      electronic banking. The System for Operational
      Investigative Activities (SORM) was introduced quietly
      late last year by government regulations that needed no
      parliamentary approval. 

      The Times    
      http://www.the-times.co.uk/news/pages/tim/99/12/08/timfgnrus01004.html?1124027
      
      
      December 8 1999
                                                RUSSIA
      
      
       
      
      
        Now Big Brother keeps eye on e-mail
      
                      BY GILES WHITTELL 
        BIG BROTHER is no longer watching Russia's citizens at
        every turn, but many of them fear he is reading their
        e-mails. The successor to the KGB has set up a network of
        data links connected to every major Russian Internet
        service provider that allows unlimited monitoring of private
        e-mails and electronic banking. 
      
        Activists claim that the network is already being abused for
        profit, theft and blackmail. The System for
        OperationalInvestigative Activities (SORM in Russian) was
        introduced quietly late last year by government regulations
        that needed no parliamentary approval. Considered one of
        Russia's most ambitious internal espionage programmes
        since the fall of the Soviet Union, it is now in full force,
        according to an investigation in yesterday's Moscow Times.
        It allegedly has the co-operation of 350 Internet companies,
        who had to pay for its construction . 
      
        Russia's unloved Federal Security Service (FSB), which
        took over the KGB's domestic duties, is able to monitor
        electronic communication without the need for search
        warrants.The FSB and its defenders in parliament insist
        that this is merely a cost-effective means of surveillance on
        crime in cyberspace, but few doubt that the FSB is not
        above selling its information to the highest bidder.
        Westerners and middle-class Russians in Moscow who
        increasingly rely on e-mail for cheap long-distance
        communication were alarmed by yesterday's report. 
        
        @HWA

44.0  Russian Bug Did Frequency-Hopping 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The technical details of the listening device recently
      found at the US State Department is starting to
      beavailable. The devices was battery operated and
      voice activated. It was about the size of a quarter, and
      used a frequency-hopping mechanism to which made it
      harder to detect. The device was located inside the
      chair rail, a piece of molding mounted on the walls at
      waist level. (Wow, thats pretty neat.) 

      ABC News 
      http://www.abcnews.go.com/sections/world/DailyNews/russia991209.html
      
      Russian Suspected of Spying 


      Diplomat Allegedly Caught Monitoring a Bug in State Department 

      A listening device was found in the State Department building, near
      U.S. Secretary of State Madeleine Albright's office.
      Federal authorities have ordered the expulsion of a Russian diplomat
      suspected of monitoring the device. (State Department)


       ABCNEWS.com
       W A S H I N G T O N, Dec. 9  A Russian diplomat
       suspected of listening to a bug planted in a
       sensitive State Department conference room will
       be expelled from the United States, officials said
       today. 
                         The diplomat, attach Stanislav
                    Borisovich Gusev, was apprehended by
                    agents of the FBI and the State
                    Departments Diplomatic Security
                    Service at 11:39 a.m. Wednesday, while
                    smoking a cigarette on a park bench a
                    few blocks away from the State
                    Department, according to Neil Gallagher,
                    assistant director for national security at
                    the FBI.
            Nearby was his car, in which agents found equipment
       apparently used to monitor the listening device planted
       within a seventh-floor conference room of the building,
       officials said.
            The conference room belongs to the bureau of Oceans
       and International Environmental Scientific Affairs. It is
       located on the opposite side of the building from the
       executive offices. Today, the wooden door to the room was
       locked, and the hallway nearby was quiet. 
                                    The conference room
                               is within a few steps of
                               the office of Newly
                               Independent States, which
                               covers Russia, and the
                               office of Special Middle
                               East Coordinator Dennis
                               Ross, as well as the
                               Office of Nuclear Energy
                               Affairs. The seventh floor
                               houses all major
                               department heads at
                               State, including Secretary
                               of State Madeleine
                               Albright, as well as the
                               24-hour Operations
                               Center, a communications
       hub connected via secure satellite to all American
       embassies. U.S. officials said that an investigation is still
       ongoing as to who may have used that room, but they said
       that sensitive conversations certainly took place there. It
       isnt clear if officials from any of these offices used this
       conference room, but it is certainly available for their use.
       The Associated Press reports that security officials are
       interviewing hundreds of department employees to
       produce a damage assessment. 

       Tracking the Device
       It was not clear who may have planted the bug. There is no
       record that Gusev was ever in the State Department
       headquarters.
            The device was detected over the summer and located
       several weeks ago, but it was kept in place during the
       inquiry to avoiding tipping off the Russian diplomat, said
       Gallagher. Security teams swept the department for other
       devices and were careful to make sure sensitive
       conversations didnt take place near the bug, he added.
            The bug was removed Wednesday.
            A number of surveillance specialists said it wasnt a
       very powerful device. It was about the size of a quarter,
       they said, and it was voice-activated, which saves on
       battery time. They added the device had a
       frequency-hopping mechanism, which made it harder to
       detect. 
            A senior official told ABCNEWS the device was
       located inside the chair rail, a piece of molding mounted on
       the walls at waist level. The molding is used to keep chairs
       from scuffing the wall.
            There was no sign of inspections at the State
       Department today. Officials said in a briefing that there had
       been an aggressive sweep and there were no other bugs
       found. 

       Hit the Road
       Gusev, who had been in the United States since March,
       was temporarily detained by the FBI but, because he
       claimed diplomatic immunity, was not charged with a crime.
       He was turned over to Russian officials almost three hours
       after being seized, Gallagher said.
            Gusev was declared persona non grata by the State
       Department and handed over to the Russian Embassy for
       expulsion within 10 days, State Department spokesman Jim
       Foley said in a statement.
            Undersecretary of State Thomas Pickering called on
       Russian Ambassador Yuriy Ushakov Wednesday afternoon
       to firmly protest Gusevs actions, Foley said.
            Other Russian diplomats were also being investigated,
       officials said.
            Gusev came under suspicion when officials noted his
       unusual movement patterns, the official said. Then the FBI
       used sophisticated technological gear to figure out what he
       was doing. (See related story.) 

       FBI Was Eager to Act 
       FBI officials were keen on acting Wednesday because they
       felt their catch might slip away, leaving them unable to
       locate the bug.
            The bug was activated by the sensitive gear seized from
       the diplomats car and it could only be found when
       activated, sources said.
            FBI officials feared the diplomat would be pulled back
       from his alleged eavesdropping duties and the bug would
       soon go dormant, because the Russians felt there would be
       American retaliation for the detainment last week in
       Moscow of the U.S. Embassy staffer.
            Now, with the monitoring equipment in hand, officials
       said they can home in on other possible bugs. 

       ABCNEWS Martha Raddatz, Beverly Lumpkin and Eric
       Wagner, ABCNEWS.coms David Ruppe and the
       Reuters news service contributed to this report. 

       Tit for Tat? 
       Russias Foreign Intelligence Service reacted with
       indignation at the allegations.
            I think there is a certain sequence here, Boris
       Labusov, spokesman for SVR Foreign Intelligence
       Service, told Reuters. It is extremely unusual for the SVR
       to comment on spying cases and Labusov was careful
       not to confirm or deny Gusov was an agent.
            We think this detention and the further expulsion of
       the Russian diplomat from the United States can be
       regarded as a reaction of the American side to the latest
       events in Moscow connected with the detention and
       expulsion of an American diplomat, Labusov said.
            If it is a reaction  we can only be sorry about it, he
       said. As far as the Russian side is concerned, we gave
       up the principle of an eye for an eye long ago.
            On Nov. 30, Russian authorities said they caught a
       U.S. diplomat in the act of trying to obtain sensitive
       military information from a Russian citizen. 
            Russian security officials said the U.S. diplomat,
       Cheri Leberknight, a second secretary in the U.S.
       Embassys political section, was a CIA agent and was
       caught carrying invisible ink and a pocket-sized
       electronic spy device to prevent eavesdropping when she
       was detained. 
            Leberknight, who claimed diplomatic immunity, was
       turned over to the embassy and asked to leave within 10
       days. 
            Gusevs expulsion is the latest in what has become a
       series of seemingly tit-for-tat spy allegations. (See
       interactive graphic, above, for some incidents involving
       Russia and the West.)
            I do hope all these incidents will not hamper progress
       in bilateral relations, Labusov said.
            RIA news agency quoted an unnamed senior
       government official as saying there could be more
       expulsions of Russians.
            The clear and crude fabrication of allegations against
       a Russian diplomat is reminiscent of the Cold War era,
       RIA quoted the source as saying. 
       
       @HWA
       
       
45.0  Security Focus Newsletter #18
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Security Focus Newsletter #18
      Table of Contents:
      
      I.   INTRODUCTION
      1. Announcing the new Microsoft Focus area
      II.  BUGTRAQ SUMMARY
      1. SCO UnixWare 'xauto' Buffer Overflow Vulnerability
      2. Symantec Mail-Gear Directory Traversal Vulnerability
      3. Microsoft IE5 Offline Browsing Pack Task Scheduler
      Vulnerability
      4. qpop Remote Buffer Overflow Vulnerability
      5. Microsoft Windows 9x Plaintext Credential Cache Vulnerability
      6. Solaris kcms_configure
      7. Multiple Vendor CDE dtmail/mailtool Buffer Overflow
      Vulnerability
      8. NT Subst.exe Vulnerability
      9. FreeBSD gdc Buffer Overflow Vulnerability
      10. FreeBSD gdc Symlink Vulnerability
      11. Solaris arp/chkprm Vulnerabilities
      12. FreeBSD Seyon setgid dialer Vulnerability
      13. FreeBSD xmindpath Buffer Overflow Vulnerability
      14. FreeBSD angband Buffer Overflow Vulnerability
      15. RSAREF Buffer Overflow Vulnerability
      16. IBM Websphere Installation Permissions Vulnerability
      17. Endymion Mailman Default Configuration Vulnerability
      18. Microsoft IE5 WPAD Spoofing Vulnerability
      19. Netscape Enterprise & FastTrack Authentication Buffer Overflow
      Vulnerability
      20. SCO UnixWare '/var/mail' permissions Vulnerability
      21. SCO UnixWare 'pkg' commands Vulnerability
      22. SCO UnixWare 'coredump' Symlink Vulnerability
      III. PATCH UPDATES
      1. Vulnerability Patched: Symantec Mail-Gear Directory Traversal
      2. Vulnerability Patched: Microsoft IE5 Offline Browsing Pack Task
      Scheduler
      3. Vulnerability Patched: qpop Remote Buffer Overflow
      4. Vulnerability Patched: Microsoft Windows 9x Plaintext
      Credential Cache
      5. Vulnerability Patched: RSAREF Buffer Overflow
      6. Vulnerability Patched: Endymion Mailman Default Configuration
      7. Vulnerability Patched: Microsoft IE5 WPAD Spoofing
      8. Vulnerability Patched: Netscape Enterprise & FastTrack
      Authentication Buffer Overflow
      9. Vulnerability Patched: Multiple BIND Vulnerabilities
      (Slackware)
      10. Vulnerability Patched: Linux nfsd Remote Buffer Overflow
      (Slackware)
      11. Vulnerability Patched: Linux syslogd DoS (Slackware)
      12. Vulnerability Patched: Multithreaded SSL ISAPI Filter
      13. Vulnerability Patched: RSAREF Buffer Overflow (OpenBSD)
      IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
      1. NSA Spies Running dry? (November 29, 1999)
      2. Staples files suit against Web hacker. (November 30, 1999)
      3. Worm Virus Cripples Corporate Computers (December 1, 1999)
      4. Novell chief's credit card stolen online (December 2, 1999)
      5. Court upholds hacker's death sentence (December 3, 1995)
      6. Suspect in huge computer fraud case faces court (December 5, 1995)
      V.  INCIDENTS SUMMARY
      1. Port 98 scans & new 3128/8080 scans (Thread)
      2. Strange Web Traffic (Thread)
      3. Smurf / "ICMP Echo Reply" logs (Thread)
      4. BIND Scanning (Thread)
      5. problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)
      6. Port scanning (Thread)
      7. Network security monitoring tools (Thread)
      8. How to Report Internet-Related Crime (Thread)
      9. rpc scans and nfs attacks from 210.217.26.15 (Thread)
      10. New named attack or what? (Thread)
      11. Traffic from 210.163.117.209 (Thread)
      12. RunOnceEx
      VI. VULN-DEV RESEARCH LIST SUMMARY
      1. Cisco NAT DoS (VD#1) (Thread)
      2. PHP (Thread)
      3. WordPad exploit development: executing arbitary code on Win98
      (fin) (Thread)
      4. Idiocy "exploit" (Thread)
      5.  Norton AntiVirus 2000 POProxy.exe (Thread)
      VII.   SECURITY JOBS
         Seeking Staff:
      1.  Corporate Information Security Officer
      VIII.  SECURITY SURVEY RESULTS
      IX. SECURITY FOCUS TOP 6 TOOLS
      1. SecurityFocus.com Pager (Win95/98/NT)
      2. SuperScan 2.0.5 (Windows 2000, Windows 95/98 and Windows NT)
      3. IDS Alert Script for FW-1 (Solaris)
      4. NTInfoScan 4.2.2 (Windows NT)
      5. Fragrouter 1.6 (BSDI, FreeBSD, Linux, NetBSD, OpenBSD and
      Solaris)
      6. Snort 1.3.1 (FreeBSD, HP-UX, IRIX, Linux, MacOS, OpenBSD and
      Solaris)
      X. SPONSOR INFORMATION - CORE SDI
      XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
      
      
      I.   INTRODUCTION
      -----------------
      
      Welcome to the Security Focus 'week in review' newsletter issue 18
      sponsored by CORE SDI.
      
      http://www.core-sdi.com
      
      1. Introducing the new Focus on Microsoft area
      
      The Focus Area idea was born out of a realization, reinforced by comments
      from our users, that there is an overwhelming amount of security
      information "out there" and a limited number of ways to filter and
      organize it. Under the 'Focus' umbrella we will be hosting a number of
      technology or platform-specific areas, each designed to offer
      well-ordered, timely content to those interested in that particular
      subject. More than just a new way of presenting the data we already have,
      each Focus Area will also include new original content, written by both SF
      staff and outside experts on a regular basis.
      
      I am happy to announce the opening of our first Focus Area, one devoted to
      all aspects of Microsoft security. The majority of our users are involved
      with MS security issues in one way or another, and the demand for an
      MS-centric subsection made it an obvious choice for our first Focus.
      Others will follow. In the meantime, have a look for yourself, at:
      
      http://www.securityfocus.com/focus/
      
      
      II.  BUGTRAQ SUMMARY 1999-11-27 to 1999-12-05
      ---------------------------------------------
      
      
      1. SCO UnixWare 'xauto' Buffer Overflow Vulnerability
      BugTraq ID: 848
      Remote: No
      Date Published: 1999-12-03
      Relevant URL:
      http://www.securityfocus.com/bid/848
      Summary:
      
      Certain versions of SCO's UnixWare ship with a version of /usr/X/bin/xauto
      which is vulnerable to a buffer overflow attack which may result in an
      attacker gaining root privileges.
      
       This is exploitable to gain root privileges even though /usr/X/bin/xauto
      is not setuid root. This is due to a system design issue with SCO Unixware
      which is discussed in an attached message in the 'Credit' section titled
      "UnixWare 7 uidadmin exploit + discussion".
      
      2. Symantec Mail-Gear Directory Traversal Vulnerability
      BugTraq ID: 827
      Remote: Yes
      Date Published: 1999-11-29
      Relevant URL:
      http://www.securityfocus.com/bid/827
      Summary:
      
      Mail-Gear, a multi-purpose filtering email server, includes a webserver
      for remote administration and email retrieval. This webserver is
      vulnerable to the '../' directory traversal attack. By including the
      string '../' in the URL, remote attackers can gain read access to all
      files on the filesystem that the server has read access to.
      
      3. Microsoft IE5 Offline Browsing Pack Task Scheduler Vulnerability
      BugTraq ID: 828
      Remote: Yes
      Date Published: 1999-11-29
      Relevant URL:
      http://www.securityfocus.com/bid/828
      Summary:
      
      The Internet Explorer 5 Offline Browsing Pack includes the Task Scheduler
      utility. This program is similar to the NT AT service, and on NT systems,
      it replaces the AT service. The Task Scheduler will allow unauthorized
      users to create AT jobs by modifying an existing, administrator-owned file
      and placing it into the %systemroot%\tasks folder.
      
      This vulnerability could only be exploited remotely if the tasks folder
      was specifically shared, or through the default C$ share on NT. Task
      Scheduler can be made to use any other arbitrary folder by editing the
      following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SchedulingAgent\TasksFolder (Changes
      will not take effect until after the target has been rebooted.)
      
      The IE5 Offline Browsing Pack ships with IE5, but is not installed by default.
      
      4. qpop Remote Buffer Overflow Vulnerability
      BugTraq ID: 830
      Remote: Yes
      Date Published: 1999-11-30
      Relevant URL:
      http://www.securityfocus.com/bid/830
      Summary:
      
      There is a buffer overflow vulnerability present in current (3.x) versions
      of Qualcomm popper daemon. These vulnerabilities are remotely exploitable
      and since the daemon runs as root, the host running qpopper can be
      completely compromised anonymously. The problem is in pop_msg.c, around
      line 68 and is the result of vsprintf() or sprintf() calls without bounds
      checking.
      
      5. Microsoft Windows 9x Plaintext Credential Cache Vulnerability
      BugTraq ID: 829
      Remote: No
      Date Published: 1999-11-29
      Relevant URL:
      http://www.securityfocus.com/bid/829
      Summary:
      
      Windows 95 and 98 cache a user's name and password in plaintext in RAM.
      This feature was included for backwards compatibility with Windows for
      Workgroups, which implemented this mechanism for use with the 'net'
      program, which handled most network configuration requirements for the WfW
      OS. This feature can be exploited via specific function calls to retrieve
      another user's credentials. In order for this to work , the attacker must
      have console access to the target machine, and it must not have been
      rebooted since the last logout. Only the most recent user's credentials
      can be retrieved.
      
      6. Solaris kcms_configure
      BugTraq ID: 831
      Remote: No
      Date Published: 1999-11-30
      Relevant URL:
      http://www.securityfocus.com/bid/831
      Summary:
      
      The binary kcms_configure, part of the Kodak Color Management System
      package shipped with OpenWindows (and ultimately, Solaris) is vulnerable
      to a local buffer overflow. The buffer which the contents of the
      environment variable NETPATH are copied into has a predetermined length,
      which if exceeded can corrupt the stack and cause aribtrary code hidden
      inside of the oversized buffer to be executed. kcms_configure is installed
      setuid root and exploitation will result in a local root compromise.
      
      7. Multiple Vendor CDE dtmail/mailtool Buffer Overflow Vulnerability
      BugTraq ID: 832
      Remote: No
      Date Published: 1999-11-30
      Relevant URL:
      http://www.securityfocus.com/bid/832
      Summary:
      
      There are three buffer overflow vulnerabilities in the CDE mail utilities,
      all of which are installed sgid mail by default.
      
      The first is exploited through overrunning a buffer in the Content-Type:
      field, which would look something like this:
      
      Content-Type: image/aaaaaaaa long 'a' aaaaaa; name="test.gif"
      
      Mailtool will overflow when email is selected which has a content-type
      field like that. It may be possible for an attacker to obtain root
      priviliges if shellcode is written appropriately and root selects the
      malicious email message.
      
      The second vulnerability is in dtmail, which will crash (and possibly
      execute arbitrary code) if a long paramater is passed argumenting the -f
      command-line option.
      
      The third is in mailpr, which is vulnerable to a long -f paramater as
      well.
      
      The most basic consequence of these being exploited is a compromise of
      local email, since all mail data is set mode 660, read and write
      permissions granted for members of group mail.
      
      As of November 30, 1999, Solaris 7 is the only known vulnerable platform.
      
      8. NT Subst.exe Vulnerability
      BugTraq ID: 833
      Remote: No
      Date Published: 1999-11-30
      Relevant URL:
      http://www.securityfocus.com/bid/833
      Summary:
      
      The SUBST command is used to map a drive letter to a folder on an existing
      drive. This command can be run by any user. After it is run, the mapping
      stays in effect until it is deleted, by issuing the subst command again
      with the /d option, or until the machine is rebooted. Loggin off does not
      remove the mapping. Therefore, it is possible for one console user to map
      a drive letter to a a folder of their choosing, and then log off, leaving
      the mapping intact for the next user. If the next user tries to manually
      map a differnt location to that letter, they will get an error 85, "The
      local device name is already in use." However, if the drive letter used is
      the same as their network-mapped home drive, the operation will fail
      without any error message. From the user's perspective, nothing obvious
      will happen to let them know that their 'home drive' is not their usual
      home drive t all. This opens the possibility of getting a user to run
      trojaned or malicious programs, as well as the possibility of having them
      write potentially confidential documents to a publicly-accessible or even
      network shared location.
      
      9. FreeBSD gdc Buffer Overflow Vulnerability
      BugTraq ID: 834
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/834
      Summary:
      
      There is a buffer overflow vulnerability known to be present in the
      version of gdc shipped with the 3.3-RELEASE version of FreeBSD. By
      default, only users in group wheel have execute access to gdc. The
      overflow occurs when the argument passed along with the -t flag (time)
      exceeds its predefined buffer length. It is possible to then corrupt the
      stack and alter the flow of execution (and execute arbitrary code). With
      gdc setuid root by default, this can lead to a local root compromise if
      exploited by users who have or gain access of or belong to the wheel group
      (or trusted gated group).
      
      10. FreeBSD gdc Symlink Vulnerability
      BugTraq ID: 835
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/835
      Summary:
      
      It is possible to write debug ouput from gdc to a file
      (/var/tmp/gdb_dump). Unfortunately, gdc follows symbolic links which can
      be created in tmp and will overwrite any file on the system thanks to it
      being setiud root. This does not cause any immediate compromises and is
      more of a denial of service attack since it does not change the
      permissions of the overwritten files (to say, world writeable or group
      writeable). Local users are required to be in group wheel (or equivelent)
      to execute gdc.
      
      
      11. Solaris arp/chkprm Vulnerabilities
      BugTraq ID: 837
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/837
      Summary:
      
      It is possible to read bin owned files to which read access is not
      permitted to local users through exploiting subtle vulnerabilities in arp
      and chkperm.
      
      With arp, this is done through specifying a file with the -f parameter .
      When arp tries to interpret the contents of this file (opening and reading
      it just fine being sgid/suid bin), it will fail and print the "erroneous
      lines" of the file along with its error messages. Those "erroneous lines"
      are the contents of the file to which you do not normally have read access
      (and belong to the user/group bin).
      
      For chkperm, exploitation would be through setting an environment variable
      to which chkperm references where to write a file with a known name
      (making it possible to supply arbitrary, places - where an attacker would
      have write access). The hacker would then make a lib subdirectory beneath
      the specified VMSYS path, and a file in lib/ called .facerc, which would
      be a symlink to whatever file you wanted to read. chkperm w ould then be
      run with the -l flag and the contents of the file pointed to will be
      displayed (as seen by bin).
      
      Solaris 2.x are known to be vulnerable.
      
      12. FreeBSD Seyon setgid dialer Vulnerability
      BugTraq ID: 838
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/838
      Summary:
      
      FreeBSD 3.3-RELEASE ships with Seyon, a communications program which is
      known to have several vulnerabilities which can allow for a malicious user
      to elevate priviliges. The vulnerability, however, is that seyon is still
      installed setgid dialer in FreeBSD. When seyon is exploited, a local user
      can grant him/herself priviliges which allow access to the communications
      devices or anything else accessable by the group dialer.
      
      13. FreeBSD xmindpath Buffer Overflow Vulnerability
      BugTraq ID: 839
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/839
      Summary:
      
      The version of xmindpath shipped with FreeBSD 3.3 can be locally exploited
      via overrunning a buffer of predefined length. It is possible to gain the
      effective userid of uucp through this vulnerability. It may be possible,
      after attaining uucp priviliges, to modify binaries to which uucp has
      write access to and trojan them to further elevate priviliges), ie: modify
      minicom so that when root runs it, drops a suid shell somewhere.
      
      14. FreeBSD angband Buffer Overflow Vulnerability
      BugTraq ID: 840
      Remote: No
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/840
      Summary:
      
      The version angband shipped with FreeBSD 3.3-RELEASE is vulnerable to a
      local buffer overflow attack. Since it is setgid games, a compromise of
      files and directories owned by group games is possible.
      
      15. RSAREF Buffer Overflow Vulnerability
      BugTraq ID: 843
      Remote: Yes
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/843
      Summary:
      
      A buffer overflow vulnerability exists in the RSAREF cryptographic library
      which may possibly make any software using the library vulnerable.
      
      The vulnerability exists in four functions in the rsa.c source file. The
      functions are:
      
      int RSAPublicEncrypt()
      int RSAPrivateEncrypt()
      int RSAPublicDecrypt()
      int RSAPrivateDecrypt()
      
      All these function define a local variable called pkcsBlock of 128 byte
      length which can be overflowed making it possible to execute arbitrary
      code.
      
      This vulnerability, in conbination with BUGTRAQ ID 797, allows versions of
      SSHD linked against the RSAREF2 library to be vulnerable to a remote
      exploit.
      
      16. IBM Websphere Installation Permissions Vulnerability
      BugTraq ID: 844
      Remote: No
      Date Published: 1999-12-02
      Relevant URL:
      http://www.securityfocus.com/bid/844
      Summary:
      
      The IBM Websphere application server, when installed on Solaris (or
      possibly AIX), will create an deinstallation shellscript which is mode 777
      in /usr/bin. The script is called by pkgmgr, which is run by root. This
      means that an attacker can modify the script and add malicious code to it,
      leading to a root compromise once it is run. IBM Websphere also installs
      many of its data files with mode 777 permissions.
      
      17. Endymion Mailman Default Configuration Vulnerability
      BugTraq ID: 845
      Remote: No
      Date Published: 1999-12-02
      Relevant URL:
      http://www.securityfocus.com/bid/845
      Summary:
      
      Endymion mailman is a commercial www email suite which is written in perl.
      When it is installed, by default it sets permissions which make it
      vulnerable to local compromise (666 for files, 777 for directories).
      Because of this it is possible for local, unprivileged users to read and
      write to aribtrary users email (who use the mailman system) as well as to
      files owned by uid webmaster.
      
      18. Microsoft IE5 WPAD Spoofing Vulnerability
      BugTraq ID: 846
      Remote: Yes
      Date Published: 1999-12-02
      Relevant URL:
      http://www.securityfocus.com/bid/846
      Summary:
      
      IE5's automatic proxy configuration feature, WPAD, (Web Proxy
      Auto-Discovery) can be fooled into using or attempting to use a
      non-authorized server as a proxy server. An attacker on a different
      network could use this to read web traffic from the IE5 client.
      
      IE5 will search for a WPAD server by looking for machines named wpad.x.x.x
      in the current domain. If none is found, it will proceed up the domain
      name structure, until it gets to the third-level domain name.
      
      For example, IE5 running on host a.b.c.d.net would first look for
      wpad.b.c.d.net, then wpad.c.d.net, then wpad.d.net.
      
      In certain network configurations, the third-level domain is not
      neccessarily a trusted part of the network, and an attacker could set up a
      server to cause IE5 clients to use a hostile machine as proxy.
      
      19. Netscape Enterprise & FastTrack Authentication Buffer Overflow Vulnerability
      BugTraq ID: 847
      Remote: Yes
      Date Published: 1999-12-01
      Relevant URL:
      http://www.securityfocus.com/bid/847
      Summary:
      
      Certain versions of the Netscape FastTrack and Enterprise servers for both
      Unix and NT contain a remotely exploitable buffer overflow vulnerability.
      This vulnerability is present in both the Application and Administration
      servers shipped with the respective packages.The problem lies in the HTTP
      Basic Authentication procedure for both servers has a buffer overflow
      condition when a long username or password (over 508 characters) are
      provided. This may result in an attacker gaining root privileges under
      UNIX and SYSTEM privileges under NT.
      
      20. SCO UnixWare '/var/mail' permissions Vulnerability
      BugTraq ID: 849
      Remote: No
      Date Published: 1999-12-03
      Relevant URL:
      http://www.securityfocus.com/bid/849
      Summary:
      
      Certain versions of SCO's UnixWare (only 7.1 was tested) ship with the
      /var/mail/ directory with permission 777(-rwxrwxrwx) . This in effect
      allows malicious users to read incoming mail for users who do not yet have
      a mail file (/var/mail/username) present. This may be done by simply
      creating the file in question with a permission mode which is readable to
      the attacker.
      
      21. SCO UnixWare 'pkg' commands Vulnerability
      BugTraq ID: 850
      Remote: No
      Date Published: 1999-12-03
      Relevant URL:
      http://www.securityfocus.com/bid/850
      Summary:
      
      Certain versions of SCO's Unixware (only version 7.1 was tested) ship with
      a series of package install/removal utilities which due to design issues
      under the SCO UnixWare operating system may read any file on the system
      regardless of their permission set. This is due to the package commands
      (pkginfo, pkgcat, pkgparam, etc.) having extended access due to
      Discretionary Access Controls (DAC) via /etc/security/tcb/privs. This
      mechanism is explained more thoroughly in the original message to Bugtraq
      which is listed in full in the 'Credit' section of this vulnerability
      entry.
      
      22. SCO UnixWare 'coredump'  Symlink Vulnerability
      BugTraq ID: 851
      Remote: No
      Date Published: 1999-12-03
      Relevant URL:
      http://www.securityfocus.com/bid/851
      Summary:
      
      Under certain versions of SCO UnixWare if a user can force a program with
      SGID (Set Group ID) to dump core they may launch a symlink attack by
      guessing the PID (Process ID) of the SGID process which they are calling.
      This is required because the coredump file will be dumped to the directory
      in which it is being executed from as './core.pid'. The program dumping
      core does not check for the existence of a symlinked file and will happily
      overwrite any file which it has permission to do so to. Many SGID binaries
      under Unixware are in the group 'sgid-sys' a group which has write
      permission to a large number of system critical files.
      
      This attack will most likely result in a denial of service attack, however
      if the attacker can provide some provide data to the core file she may be
      able to leverage root access. For example is the intruder were able to get
      '+ +' into a line of it's own in the core file the intruder could then
      overwrite root's .rhosts file.
      
      
      
      III. PATCH UPDATES 1999-11-27 to 1999-12-05
      -------------------------------------------
      
      1. Vendor: Symantec
      Product: Symantec Mail-Gear 1.0
      Vulnerability Patched: Symantec Mail-Gear Directory Traversal Vulnerability
      BugTraq ID: 827
      Relevant URLS:
      http://www.securityfocus.com/bid/827
      Patch Location:
      http://www.symantec.com/urlabs/public/download/download.html
      
      2. Vendor: Microsoft
      Product: IE5
      Vulnerability Patched: Microsoft IE5 Offline Browsing Pack Task Scheduler
      BugTraq ID: 828
      Relevant URLS:
              http://www.securityfocus.com/bid/828
      Patch Location:
      
      IE 5.01 is not susceptible to this vulnerability. The task Scheduler that is
      included with 5.01 uses signature verification to check that all scheduled tasks
      were created by the administrator of the local machine.
      It can be downloaded at:
      
      http://www.microsoft.com/msdownload/iebuild/ie501_win32/en/ie501_win32.htm
      
      3. Vendor: Qualcomm
      Product: qpop
      Vulnerability Patched: qpop Remote Buffer Overflow
      BugTraq ID: 830
      Relevant URLS:
              http://www.securityfocus.com/bid/830
      Patch Location:
      
      The newest version, qpopper3.0b22 (which is patched), is available at:
      
      ftp://ftp.qualcomm.com/eudora/servers/unix/popper/
      
      4. Vendor: Microsoft
      Product: Microsoft Windows 9x
      Vulnerability Patched: Microsoft Windows 9x Plaintext Credential Cache
      BugTraq ID: 829
      Relevant URLS:
              http://www.securityfocus.com/bid/829
      Patch Location:
      
      Microsoft has released a patch to deal with this issue. It is available at:
      
       Windows 95:
      http://download.microsoft.com/download/win95/update/168115/w95/en-us/168115us5.exe
       Windows 98:
      http://download.microsoft.com/download/win98/update/168115/w98/en-us/168115us8.exe 
      
      5.  Vendor: RSA Data Security
      Product: RSAREF
      Vulnerability Patched: RSAREF Buffer Overflow
      BugTraq ID: 843
      Relevant URLS:
              http://www.securityfocus.com/bid/843
      Patch Location:
      
      RSA Security is no longer support the RSAREF library.
      CORE SDI has developed the following fix for RSAREF:
      
      http://www.securityfocus.com/bid/843
      
      6. Vendor: Endymion
      Product: Endymion Mailman
      Vulnerability Patched: Endymion Mailman Default Configuration Vulnerability
      BugTraq ID: 845
      Relevant URLS:
              http://www.securityfocus.com/bid/845
      Patch Location:
      
      Endymion does warn customers to change permissions on software. A
      fix for this is to change the permissions to 0600 for the files and 0700
      for the directories.
      
      7. Vendor: Microsoft
      Product: IE5
      Vulnerability Patched: Microsoft IE5 WPAD Spoofing
      BugTraq ID: 846
      Relevant URLS:
              http://www.securityfocus.com/bid/846
      Patch Location:
      
      Microsoft has released IE5.01, which is not vulnerable to this attack. IE5.01
      can be downloaded from:
      http://www.microsoft.com/msdownload/iebuild/ie501_win32/en/ie501_win32.htm
      
      8. Vendor: Netscape
      Product: Netscape Enterprise & FastTrack Servers
      Vulnerability Patched: Netscape Enterprise & FastTrack Authentication Buffer Overflow
      BugTraq ID: 847
      Relevant URLS:
              http://www.securityfocus.com/bid/847
      http://www.iss.net/xforce
      Patch Location:
      
      As taken from the ISS Advisory which is listed in full in the 'Credit' secion
       of this advisory.
      
       Affected users should upgrade their systems immediately. This
       vulnerability affects systems running Administration Server with
       password protected areas that rely on Basic Authentication. If you run
       any of the affected servers on any platform, upgrade to iPlanet Web
       Server 4.0sp2 at:
      
      http://www.iplanet.com/downloads/testdrive/detail_161_243.html.
      
       Netscape has stated that FastTrack will not be patched. Although
       Netscape released service pack 3 for Enterprise Server 3.6 that fixes
       the vulnerability in the web server, the Administration Server remains
       vulnerable.
      
      9. Vendor: Slackware
      Product: Linux (Slackware)
      Vulnerability Patched: Multiple BIND Vulnerabilities
      BugTraq ID: 788
      Relevant URLS:
              http://www.securityfocus.com/bid/788
      Patch Location:
      ftp.cdrom.com:/pub/linux/slackware-4.0/patches/bind.tgz
      
      10. Vendor: Slackware
      Product: Linux (Slackware)
      Vulnerability Patched: Linux nfsd Remote Buffer Overflow Vulnerability
      BugTraq ID: 782
      Relevant URLS:
              http://www.securityfocus.com/bid/782
      Patch Location:
              ftp.cdrom.com:/pub/linux/slackware-4.0/patches/nfs-server.tgz
      
      11. Vendor: Slackware
      Product: Linux (Slackware)
      Vulnerability Patched: Linux syslogd Denial of Service Vulnerability
      BugTraq ID: 809
      Relevant URLS:
              http://www.securityfocus.com/bid/802
      Patch Location:
              ftp.cdrom.com:/pub/linux/slackware-4.0/patches/sysklogd.tgz
      
      12. Vendor: Microsoft
      Product:
      -  Microsoft IIS 4.0
      - Microsoft Site Server 3.0
      - Microsoft Site Server Commerce Edition 3.0
      Vulnerability Patched: Multithreaded SSL ISAPI Filter
      BugTraq ID: NONE
      Relevant URLS:
      http://www.microsoft.com/security/bulletins/MS99-053faq.asp
      Patch Location:
      - x86:
      http://www.microsoft.com/downloads/release.asp?ReleaseID=16186
      - Alpha:
      http://www.microsoft.com/downloads/release.asp?ReleaseID=16187
      
         NOTE: This and other patches are available from the Microsoft
         Download Center (http://www.microsoft.com/downloads/search.asp?
         Search=Keyword&Value='security_patch'&OpSysID=1)
      
      13. Vendor: OpenBSD
      Product: OpenBSD
      Vulnerability Patched: RSAREF Buffer Overflow
      BugTraq ID: 843 
      Relevant URLS:
      http://www.securityfocus.com/bid/843/
      Patch Location:
      
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/i386/sslUSA26.tar.gz
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/sparc/sslUSA26.tar.gz
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/hp300/sslUSA26.tar.gz
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mvme68k/sslUSA26.tar.gz
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/mac68k/sslUSA26.tar.gz
              ftp://ftp.usa.openbsd.org/pub/OpenBSD/2.6/amiga/sslUSA26.tar.gz
      
      
      IV. SECURITYFOCUS.COM TOP 6 NEWS ARTICLES
      -----------------------------------------
      
       Due to popular demand we have added a 'Top Six Stories' section to the newsletter. SecurityFocus.com
      actually gathers over 100 news articles a week, these 6 before you are those which were the most
      read through our site, or those we thought were of special interest.
      
      1. NSA Spies Running dry? (November 29, 1999)
      Excerpt:
      
      Spies at the US National Security Agency may be having trouble eavesdropping
      on information transmitted through the Internet and fiber optic cables.
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.wired.com%2fnews%2fpolitics%2f0,1283,32770,00.html
      
      2. Staples files suit against Web hacker. (November 30, 1999)
      Excerpt:
      
      Officials at Staples Inc. filed a lawsuit in US District Court in Boston
      yesterday charging that ''John Doe,'' the unidentified hacker, illegally accessed
      the company's Web site and damaged the company by stealing e-commerce
      business.
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.wired.com%2fnews%2fpolitics%2f0,1283,32770,00.html
      
      3. Worm Virus Cripples Corporate Computers (December 1, 1999)
      Excerpt:
      
       A deadly new version of a destructive computer
      worm has crippled e-mail systems among
      Fortune 500 companies and others, chewed
      up files and created havoc among the
      corporations that sought to limit the damage
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.apbnews.com%2fnewscenter%2finternetcrime%2f1999%2f12%2f01%2fvirus1201_01.html
      
      4. Novell chief's credit card stolen online (December 2, 1999)
      Excerpt:
      
      Speaking at San Francisco's Digital Economy conference Thursday, Schmidt informed the crowd
      that his credit card number had been stolen over the Internet in the past.
      
      Although he isn't sure exactly how his card number was lifted, Schmidt says he believes it was
      through a mechanism that reads the cookies-files sitting on a user's desktop and storing personal
      information, such as passwords and preferences.
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.wired.com%2fnews%2fpolitics%2f0,1283,32770,00.html
      
      5. Court upholds hacker's death sentence (December 3, 1995)
      Excerpt:
      
      A Chinese court has upheld the death sentence for a man who hacked into the computer system of
      a state bank to steal money, the Financial News reported on Saturday.
      
      The Yangzhou Intermediate People's Court in eastern Jiangsu province rejected the appeal of Hao
      Jingwen, upholding a death sentence imposed last year, the newspaper said.
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.wired.com%2fnews%2fpolitics%2f0,1283,32770,00.html
      
      6. Suspect in huge computer fraud case faces court (December 5, 1995)
      Excerpt:
      
      He called himself "The Gatsby."
      
       And like F. Scott Fitzgerald's fictional character, he inhabited a world of
       power, money and cunning.
      
       That fantasy world abruptly ended Feb, 22, 1995, when FBI agents raided
       the bedroom of Jonathan Bosanac, aka The Gatsby, who lived in his parents'
       million-dollar home in Rancho Santa Fe.
      
       Federal law enforcers said Bosanac was a ringleader in one of the biggest
       computer hacking schemes in U.S. history.
      
      URL:
      http://www.securityfocus.com/templates/frame.html?adgroup=secnews&url=/external/http%3a%2f%2fwww.uniontrib.com%2fnews%2funiontrib%2fsun%2fnews%2fnews_1n5hacker.html
      
      
      V. INCIDENTS SUMMARY 1999-11-27 to 1999-12-05
      ---------------------------------------------
      
      1. Port 98 scans & new 3128/8080 scans (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=14401.22457.121945.823373@cap-ferrat.albourne.com
      
      2. Strange Web Traffic (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=31933968789DD111BEAB0080C81D384C200F6A@CT_NT
      
      3. Smurf / "ICMP Echo Reply" logs (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-22&msg=19991129075230.6919.qmail@securityfocus.com
      
      4. BIND Scanning (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=19991129165821.19627.qmail@securityfocus.com
      
      5. problems from ip69.net247221.cr.sk.ca[24.72.21.69] (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=SIMEON.9911291006.E470@bluebottle.itss
      
      6. Port scanning (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=Pine.LNX.4.05.9911301616040.1748-100000@marvin.junknet
      
      7. Network security monitoring tools (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=Pine.BSF.4.10.9911302011220.9473-100000@ns1.host.qc.ca
      
      8. How to Report Internet-Related Crime (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=19991201134808.B14851@securityfocus.com
      
      9. rpc scans and nfs attacks from 210.217.26.15 (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=Pine.LNX.4.05.9912020844320.24774-100000@grace.speakeasy.org
      
      10. New named attack or what? (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=Pine.LNX.4.21.9912020737001.12556-100000@ns.ldc.ro
      
      11. Traffic from 210.163.117.209 (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=19991202110508.3958.qmail@securityfocus.com
      
      12. RunOnceEx
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=75&date=1999-11-29&msg=357a2b90036f8275f8cc9d935e7020e238481ac3@tripwiresecurity.com
      
      VI. VULN-DEV RESEARCH LIST SUMMARY 1999-11-27 to 1999-12-05
      ----------------------------------------------------------
      
      1. Cisco NAT DoS (VD#1) (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-22&msg=199911290435.XAA20460@rooster.cisco.com
      
      2. PHP (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-29&msg=Pine.GSO.4.10.9911301431530.16932-100000@kenny.intranet.csupomona.edu
      
      3. WordPad exploit development: executing arbitary code on Win98 (fin) (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-29&msg=19991130191759.43230.qmail@hotmail.com
      
      4. Idiocy "exploit" (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-29&msg=199912011302.IAA22031@mailhost.squonk.net
      
      5. Norton AntiVirus 2000 POProxy.exe (Thread)
      Relevant URL:
      http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-11-29&msg=Pine.BSF.4.10.9912011816320.12955-100000@shell20.ba.best.com
      
      
      VII.  SECURITY JOBS SUMMARY 1999-11-27 to 1999-12-05
      ---------------------------------------------------
      
      Seeking Staff:
      
      1. Corporate Information Security Officer
      Reply to: Neal Fisher 
      Requirements:
      http://www.securityfocus.com/templates/archive.pike?list=77&date=1999-11-29&thread=19991129174646.21886.qmail@securityfocus.com
      
      
      VIII.  SECURITY SURVEY 1999-11-15 to 1999-11-27
      ----------------------------------------------
      
      The question for 1999-11-15 to 1999-11-27 was:
      
      Whose responsibility is it to notify vendors of security flaws in their products?
      
      1. The person/group who discovered and posted the flaw
      2. The resource where the information is published (ie Bugtraq, NTBugtraq, etc)
      3. Vendors should be responsible for keeping up to date on discoveries about their software.
      
      Results:
      
      1. 40% / 36 votes
      2. 1% / 1 votes
      3. 56% / 50 votes
      
      Total Votes: 88 votes
      
      IX.  SECURITY FOCUS TOP 6 TOOLS 1999-11-27 to 1999-12-05
      --------------------------------------------------------
      
      1. SecurityFocus.com Pager
      by SecurityFocus.com
      URL: http://www.securityfocus.com/pager/sf_pgr20.zip
      Platforms: Win95/98/NT
      Number of downloads: 1759
      
      This program allows the user to monitor additions to the Security Focus
      website without constantly maintaining an open browser. Sitting quietly in
      the background, it polls the website at a user-specified interval and
      alerts the user via a blinking icon in the system tray, a popup message or
      both (also user-configurable).
      
      2. SuperScan 2.0.5
      by Robin Keir 
      URL: http://members.home.com/rkeir/software.html
      Platforms: Windows 2000, Windows 95/98 and Windows NT
      Number of downloads: 1624
      
      This is a powerful connect-based TCP port scanner, pinger and hostname resolver.
      Multithreaded and asynchronous techniques make this program extremely fast and
      versatile. Perform ping scans and port scans using any IP range or specify a text file to
      extract addresses from. Scan any port range from a built in list or any given range. Resolve
      and reverse-lookup any IP address or range. Modify the port list and port descriptions using
      the built in editor. Connect to any discovered open port using user-specified "helper"
      applications (e.g. Telnet, Web browser, FTP) and assign a custom helper application to any
      port. Save the scan list to a text file. Transmission speed control. User friendly interface.
      Includes help file
      
      3. IDS Alert Script for FW-1 1.3
      by Lance Spitzner
      URL: http://www.enteract.com/~lspitz/intrusion.html
      Platforms: Solaris
      Number of downloads: 1578
      
      Flexible network based IDS script for CheckPoint Firewall-1 installations. Build Intrusion
      Detection into your firewall. Features include: Automated alerting, logging, and archiving
      Automated blocking of attacking source Automated identification and email remote site
      Installation and test script Fully configurable Ver 1.3 Optimized for performance, over 50%
      speed increase.
      
      4. NTInfoScan 4.2.2
      by David Litchfield
      URL: http://www.infowar.co.uk/mnemonix/ntinfoscan.htm
      Platforms: Windows NT
      Number of downloads: 1417
      
      NTInfoScan is a security scanner designed specifically for the Windows NT 4.0 operating
      system. It's simple to use - you run it from a command line - and when the scan is finished it
      produces an HTML based report of security issues found with hyper-text links to vendor
      patches and further information. NTInfoScan is currently at version 4.2.2. It tests a number
      of services such as ftp, telnet, web service, for security problems. Added to this NTInfoScan
      will check NetBIOS share security and User account security.
      
      5. Fragrouter 1.6
      by Dug Song, Anzen Computing
      URL: http://www.anzen.com/research/nidsbench/
      Platforms: BSDI, FreeBSD, Linux, NetBSD, OpenBSD and Solaris
      Number of downloads: 1043
      
      Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks
      described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
      Network Intrusion Detection" paper of January 1998.
      
      This program was written in the hopes that a more precise testing methodology might be
      applied to the area of network intrusion detection, which is still a black art at best.
      
      6. Snort UPDATE 1.3.1
      by Martin Roesch 
      URL: http://www.clark.net/~roesch/security.html#Download
      Platforms: FreeBSD, HP-UX, IRIX, Linux, MacOS, OpenBSD and Solaris
      Number of downloads: 826
      
      Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network
      intrusion detection system. It features rules based logging and can perform protocol
      analysis, content searching/matching and can be used to detect a variety of attacks and
      probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS
      fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts
      being sent to syslog, a seperate "alert" file, or as a WinPopup message via Samba's
      smbclient.
      
      
      X. SPONSOR INFORMATION -
      ------------------------------------------
      
      URL: http://www.core-sdi.com
      
      CORE SDI is an international computer security research and development
      company. It's clients include 3 of the Big 5 chartered accountant firms
      for whom CORE SDI develops customized security auditing tools as well as
      several notable computer security product vendors, such as Network
      Associates. CORE SDI also has extensive experiance dealing with financial
      and government contracts through out Latin and North America.
      
      XI. SUBSCRIBE/UNSUBSCRIBE INFORMATION
      -------------------------------------
      
      1.  How do I subscribe?
      
        Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body
      of:
      
        SUBSCRIBE SF-NEWS Lastname, Firstname
      
        You will receive a confirmation request message to which you will have
      to anwser.
      
      2.  How do I unsubscribe?
      
        Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed
      address with a message body of:
      
        UNSUBSCRIBE SF-NEWS
      
        If your email address has changed email aleph1@securityfocus.com and I
      will manualy remove you.
      
      3.  How do I disable mail delivery temporarily?
      
        If you will are simply going in vacation you can turn off mail delivery
      without unsubscribing by sending LISTSERV the command:
      
        SET SF-NEWS NOMAIL
      
        To turn back on e-mail delivery use the command:
      
        SET SF-NEWS MAIL
      
      4.  Is the list available in a digest format?
      
        Yes. The digest generated once a day.
      
      5.  How do I subscribe to the digest?
      
        To subscribe to the digest join the list normally (see section 0.2.1)
      and then send a message to LISTSERV@SECURITYFOCUS.COM with with a message
      body of:
      
        SET SF-NEWS DIGEST
      
      6. How do I unsubscribe from the digest?
      
        To turn the digest off send a message to LISTSERV with a message body
      of:
      
        SET SF-NEWS NODIGEST
      
        If you want to unsubscribe from the list completely follow the
      instructions of section 0.2.2 next.
      
      7. I seem to not be able to unsubscribe. What is going on?
      
        You are probably subscribed from a different address than that from
      which you are sending commands to LISTSERV from. Either send email from
      the appropiate address or email the moderator to be unsubscribed manually.
      
      
      
      
      Alfred Huger
      VP of Engineering
      SecurityFocus.com
      
      @HWA      

      
      
      

     
     
      
      -=----------=-         -=----------=-        -=----------=-       -=----------=- 
                                           
                                             0                                     
                                             0                                     
                                             0
                                             o
                                           O O O   
                                             0
                                                                     
                                                                                  
      =----------=-   -=----------=-    -=----------=-   -=----------=-  -=----------=-
      
      =----------=-   -=----------=-    -=----------=-   -=----------=-  -=----------=-
     
     
         



     
     
     
     
     
AD.S  ADVERTI$ING.           The HWA black market                    ADVERTISEMENT$.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                              _                _   _     _
                     /\      | |              | | (_)   (_)
                    /  \   __| |_   _____ _ __| |_ _ ___ _ _ __   __ _
                   / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` |
                  / ____ \ (_| |\ V /  __/ |  | |_| \__ \ | | | | (_| |
                 /_/    \_\__,_| \_/ \___|_|   \__|_|___/_|_| |_|\__, |
                                                                  __/ |
                                                                 |___/
                                                                 
                                                                 
       ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG FOR INCLUSION HERE                                                                  
       
                                               .
                                                        .
               ...............          .
               :             :     .  . . .  .          .
             __:________     :          :   ___________ . .   .
             \       < /_____:___       :  (      < __( :_______
              )                : )______:___\_     (___(     : /
        =====/________|_________/ < |      : (________________(======
               :           (__________________)         :wd!
               .             :          :               :
           - / -  w w w . h a c k u n l i m i t e d . c o m  - / -
               :        .  . . .  .     :               :
          .  . . .  .                   :...............:
                             .
               .


      
      
       *****************************************************************************
       *                                                                           *
       *           ATTRITION.ORG     http://www.attrition.org                      *
       *           ATTRITION.ORG     Advisory Archive, Hacked Page Mirror          *
       *           ATTRITION.ORG     DoS Database, Crypto Archive                  *
       *           ATTRITION.ORG     Sarcasm, Rudeness, and More.                  * 
       *                                                                           *
       *****************************************************************************      
              
 
 
       When people ask you "Who is Kevin Mitnick?" do you have an answer? 
 
       www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
       n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
       m www.2600.com ########################################ww.2600.com www.freeke
       vin.com www.kev#  Support 2600.com and the Free Kevin #.com www.kevinmitnick.
       com www.2600.co#  defense fund site, visit it now! .  # www.2600.com www.free
       kevin.com www.k#             FREE EVIN!              #in.com www.kevinmitnic
       k.com www.2600.########################################om www.2600.com www.fre
       ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
       k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre

       http://www.2600.com/  http://www.kevinmitnick.com
       
       
       +-----------------------------------------------------------------------------+
       | SmoG Alert ..           http://smog.cjb.net/        NEWS on SCIENCE         |
       | ===================     http://smog.cjb.net/        NEWS on SECURITY        |
       | NEWS/NEWS/NEWS/NEWS     http://smog.cjb.net/        NEWS on THE NET         |
       |                         http://smog.cjb.net/        NEWS on TECHNOLOGY      |
       +-----------------------------------------------------------------------------+
       
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
       *   www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net     *
       *  http://www.csoft.net" One of our sponsers, visit them now  www.csoft.net   * 
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
       * JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       
       

       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       * WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
       * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


         //////////////////////////////////////////////////////////////////////////////
        //  To place an ad in this section simply type it up and email it to        //
       //        hwa@press,usmc.net, put AD! in the subject header please. - Ed    //
      //     or cruciphux@dok.org                                                 //
      //////////////////////////////////////////////////////////////////////////////


     @HWA
     
       
              
             
HA.HA Humour and puzzles ...etc
      ~~~~~~~~~~~~~~~~~~~~~~~~~
                                                           Don't worry. worry a *lot*
     
      Send in submissions for this section please! ............c'mon, you KNOW you
      wanna...yeah you do...make it fresh and new...be famous... 
      
      
      
       
       
 SITE.1 
 
      Domain of the week: http://www.icardedthisdomain.com/
      
      No comment.
 
      http://www.nudehackers.com/
      
      Dephile and others
      
      Exploits, tools, zines etc, check it out... - Ed
 
      http://hackadvantage.cjb.net  
      
      Run by; SmoG
      
      If you're looking for tips on how to beat the system when it comes to free banners
      or paid-to-surf scams this is the place to check out, lots of info, updated 
      regularily.
 
      http://geekmafia.dynip.com/~xm/
      
      Run by: Ex Machina
      
      I've included the "I was a teenage nmapper" article from this site in this issue
      check it out, has some interesting stuff and a security how-to.
          
            
      You can Send in submissions for this section too if you've found 
      (or RUN) a cool site...
       
        
       
      @HWA
       
         
         
  H.W Hacked websites 
     ~~~~~~~~~~~~~~~~
    
                    ___|                  _ \               |
                   |      __| _` |\ \  / |   |  __| _ \  _` |
                   |     |   (   | `  <  |   | |    __/ (   |
                  \____|_|  \__,_| _/\_\\___/ _|  \___|\__,_|


      Note: The hacked site reports stay, especially wsith some cool hits by
            groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed

          * Hackers Against Racist Propaganda (See issue #7)

     
      Haven't heard from Catharsys in a while for those following their saga visit
      http://frey.rapidnet.com/~ptah/ for 'the story so far'...
      
      Hacker groups breakdown is available at Attrition.org
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      check out http://www.attrition.org/mirror/attrition/groups.html to see who
      you are up against. You can often gather intel from IRC as many of these
      groups maintain a presence by having a channel with their group name as the
      channel name, others aren't so obvious but do exist.
      
      >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
      
      
      
      * Info supplied by the attrition.org mailing list.
      
      Listed oldest to most recent...
      
      Defaced domain: www.mecafrance-sa.fr
 
 
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.mecafrance-sa.fr
       
      Defaced by: bansh33
       
      Operating System: BSDI (Apache 1.2.6)
       
       
      Defaced domain: www.workplacesolutions.org
      Site Title: Wider Opportunities for Women
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.workplacesolutions.org
       
      Defaced by: P Y R O S T O R M 6 6 6
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.10.12 and 99.10.11 by unknown and forpaxe
       
       
      Defaced domain: www.lapsi.org
      Site Title: LAPSI
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/04/www.lapsi.org
       
      Defaced by: Hacking for Swedish Chicks
       
      Operating System: Linux (Apache 1.3.3)
       
       
      Defaced domain: www.activedev.net
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.activedev.net
       
      Defaced by: pyrostorm666
       
      Operating System: Windows NT (IIS/4.0)
       
       
      Defaced domain: www.wnr.com
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.wnr.com
       
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.98fm.ie
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.98fm.ie
       
      Defaced by: FM104
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.98fm.ie
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.98fm.ie
       
      Defaced by: FM104
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.zoemorgan.com
      Site Title: Colin McPherson
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.zoemorgan.com
       
      Defaced by: w0lf
       
      Operating System: Irix (Rapidsite/Apa-1.3.4)
       
       
      Defaced domain: www.sshackers.com
      Site Title: Sesame Street Hax0rz
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.sshackers.com
       
      Defaced by: cryptic
       
      Operating System: FreeBSD
      Potentially offensive content on defaced page.
      HWA note: Dap gave out the ftp info for this site and invite defacers to hit it. 
      
      Defaced domain: garfield.ir.ucf.edu
      Site Title: GroupWise Support At University of Central Florida
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/garfield.ir.ucf.edu
       
      Defaced by: Algorithm Cracker
       
      Operating System: Solaris
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.asjainternational.com
      Site Title: ASJA International
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.asjainternational.com
       
      Defaced by: hV2k
       
      Operating System: BSD/OS
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.furbay.com
      Site Title: Furbay Electric, Inc
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.furbay.com
       
      Defaced by: r00tabega
       
      Operating System: BSDI 3.0 (Apache/1.2.6)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.dwhs.org
      Site Title: Desert Winds High School
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.dwhs.org
       
      Defaced by: p4riah
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.09.08 by Logik Boyz
      HIDDEN comments in the HTML.
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.familyheartbeat.org
      Site Title: Family Heartbeat Ministries
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.familyheartbeat.org
       
      Defaced by: Uneek Tech
       
      Operating System: BSDI 3.0 (Apache 1.2.6)
      Previously defaced on 99.11.30 by electr0n
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.mj.gov.br
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/07/www.mj.gov.br
       
       
      Operating System: Windows NT (IIS/4.0)
      HIDDEN comments in the HTML.
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.bottle-fun.com
      Site Title: Comport EDV Service
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.bottle-fun.com
       
      Defaced by: Uneek Tech
       
      Operating System: BSDI 3.0 (Apache 1.2.6)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: garfield.ir.ucf.edu
      Site Title: University of Central Florida
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/garfield.ir.ucf.edu
       
      Defaced by: bansh33
       
      Operating System: Solaris
      Previously defaced on 99.12.07 by AC
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.filmworld.com
      Site Title: Robert Konop (FILMWORLD-DOM)
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.filmworld.com
       
      Defaced by: #Hack-org Hacking Team
       
      Operating System: Solaris
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.netsecuresolutions.com
      Site Title: NetSecure Solutions
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.netsecuresolutions.com
       
      Defaced by: unknown
       
      Operating System: Linux
      HIDDEN comments in the HTML.
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.fightclub.de
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.fightclub.de
       
      Defaced by: kryptek
       
      Operating System: Linux (Apache 1.3.6)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.pheta.com
      Site Title: pheta.com
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.pheta.com
       
      Defaced by: RH Crew
       
      Operating System: Linux (Apache 1.3.3)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.radicalwheeling.com.br
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.radicalwheeling.com.br
       
      Defaced by: Death Knights
       
      Operating System: Linux (Apache 1.3.4)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.bearland.com
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.bearland.com
       
      Defaced by: n4rfy/Death Knights
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.11.03 by p4riah
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.sis.net
      Site Title: Strategic Information Solutions
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.sis.net
       
      Defaced by: n4rfy/Death Knights
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.09.10 by 139_r00ted
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.dprf.gov.br
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.dprf.gov.br
       
      Defaced by: inferno.br
       
      Operating System: NT
       
       
      Defaced domain: www.elpublicista.com
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/08/www.elpublicista.com
       
      Defaced by: TH3 G4L4CT1C C0WB0YS
       
      Operating System: BSD/OS
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.megaadult.com
      Site Title: Empire Communications Inc.
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.megaadult.com
       
       
      Operating System: Windows NT (Netscape-Enterprise/3.6)
      Previously defaced on 99.08.27 by Uneek Tech
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.hawgparts.com
      Site Title: P And S, Inc
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.hawgparts.com
       
      Defaced by: Pyrostorm666
       
      Operating System: FreeBSD 2.2.1 - 3.0 (Apache 1.2.6)
      Previously defaced on 99.11.19 by Devil-C
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.aba.gov.au
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.aba.gov.au
       
      Defaced by: Ned R
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.11.27 by Ned R
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.portaldaserra.com.br
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.portaldaserra.com.br
       
      Defaced by: n4rfy/Death Knights
       
      Operating System: Linux (Apache 1.3.4)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.vijya.com
      Site Title: Vijya & Associates
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.vijya.com
       
      Defaced by: pr1sm
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.98fm.ie
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.98fm.ie
       
      Defaced by: r4in
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.12.07 by FM104
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.sshackers.com
      Site Title: SSH TECH
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.sshackers.com
       
      Defaced by: ex1t
       
      Operating System: FreeBSD 2.2.1 - 3.0
      Potentially offensive content on defaced page.
      Attrition comment: 3 hacks in 2 days, no sign of repair. Likely hoax hacks or domain.
      HWA note: carnage continues from dap dropping the ftp info...
      
      Defaced domain: seresc.k12.nh.us
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/seresc.k12.nh.us
       
      Defaced by: bansh33
       
      Operating System: Linux (Apache 1.2.4)
      Previously defaced on 99.11.14 by h4p
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.cccpstc.org
      Site Title: Public Safety Training Center
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.cccpstc.org
       
      Defaced by: dhc
       
      Operating System: Linux (Apache 1.2.4)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.mautzetal.com
      Site Title: Mautz Baum & O'Hanlon LLP
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.mautzetal.com
       
      Defaced by: DHC
       
      Operating System: Linux (Apache 1.2.4)
      Potentially offensive content on defaced page
      
      Defaced domain: www.petewardtravel.com
      Site Title: Pete Ward Travel, Inc
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.petewardtravel.com
       
      Defaced by: DHC
       
      Operating System: Linux (Apache 1.2.4)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.potatoflakes.com
      Site Title: Oregon Potato Company
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/www.potatoflakes.com
       
      Defaced by: DHC
       
      Operating System: Linux (Apache 1.2.4)
      Potentially offensive content on defaced page.
       
       
      
      Defaced domain: mail.wetnet.de
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/09/mail.wetnet.de
       
      Defaced by: Beezwax
       
      Operating System: WinNT
       
       
      Defaced domain: www.mustafakemal.org
      Site Title: Stichting Dinaar Aan Islam
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.mustafakemal.org
       
      Defaced by: nikobar
       
      Operating System: Linux (Apache 1.3.3)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.melissa.com
      Site Title: Melissa Computer Systems
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.melissa.com
       
      Defaced by: BouTsen And Flogher
       
      Operating System: Solaris (Apache 1.3.3)
      Previously defaced on 99.11.21   99.11.17   99.11.16   99.11.04 by c0de red   clobher    p4riah     p4riah
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.seokang.ac.kr
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.seokang.ac.kr
       
      Defaced by: burn0ut
       
      Operating System: DG/UX (NCSA/1.4.2)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.americanbevel.com
      Site Title: American Bevel
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.americanbevel.com
       
      Defaced by: w0lf
       
      Operating System: Irix (Rapidsite/Apa-1.3.4 FrontPage)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.sshackers.com
      Site Title: SSH Tech
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.sshackers.com
       
      Defaced by: antichrist
       
      Operating System: FreeBSD (Apache)
      Previously defaced on  by 
      Potentially offensive content on defaced page.
      Attrition comment: This *has* to be a hoax.
      HWA note: see previous notes
      
      
      Defaced domain: www.policiacivil.pi.gov.br
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.policiacivil.pi.gov.br
       
      Defaced by: inferno.br
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.bhv.hn
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.bhv.hn
       
      Defaced by: bean0
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.12.03 by acidklown
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.usinfo.be
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.usinfo.be
       
      Defaced by: PHC
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.melissa.com
      Site Title: Melissa Computer Systems
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.melissa.com
       
       
      Operating System: Solaris (Apache 1.3.3)
      Previously defaced on 5 previous times by 
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.pira.co.uk
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/10/www.pira.co.uk
       
      Defaced by: RoA
       
      Operating System: Solaris 2.5 (Apache 1.2.4)
      HIDDEN comments in the HTML.
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.hwa.net
      Site Title: Hoefer WYSOCKI Architects
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.hwa.net
       
      Defaced by: Asysmptote
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 4 previous times by 
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.schoolgirlporn.com
      Site Title: Adult Web Products
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.schoolgirlporn.com
       
      Defaced by: Hacking 4 Ponies
       
      Operating System: Solaris 2.6 - 2.7 (Apache 1.3.3)
      Previously defaced on 99.10.28 by h4p
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.girard.lib.oh.us
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.girard.lib.oh.us
       
      Defaced by: f1ber
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.cci-inspection.com
      Site Title: CCI Inspection Services, Inc
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.cci-inspection.com
       
      Defaced by: f1ber
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.10.19 by s0ften
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.pittsburg.k12.ca.us
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.pittsburg.k12.ca.us
       
      Defaced by: protokol
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.ntacx.net
      Site Title: Ntacx Web-werkes
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.ntacx.net
       
      Defaced by: f1ber
       
      Operating System: Windows NT (IIS/4.0)
      Previously defaced on 99.10.22 by DHC
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.useu.be
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.useu.be
       
      Defaced by: PHC
       
      Operating System: Windows NT (IIS/4.0)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.thundercats.co.uk
      Site Title: Thundercats UK
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.thundercats.co.uk
       
      Defaced by: DHC
       
      Operating System: Solaris
      Defaced domain: www.kingston.com
      Site Title: Kingston Technology Corp
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.kingston.com
       
      Defaced by: Einstein
       
      Operating System: Windows NT
      Previously defaced on 99.11.25 by fuqrag
      FREE KEVIN reference in the HTML
       
       
      Defaced domain: www.hamilton-university.edu
      Site Title: Hamilton University
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.hamilton-university.edu
       
      Defaced by: Einstein
       
      Operating System: Windows NT
      Potentially offensive content on defaced page.
       
       
      Defaced domain: mercurius.isics.u-tokyo.ac.jp
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/mercurius.isics.u-tokyo.ac.jp
       
      Defaced by: eTC
       
      Operating System: Solaris 2.5x (Netscape-Enterprise/2.0d)
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.tenk.com
      Site Title: Tenk Machine & Tool Co.
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.tenk.com
       
      Defaced by: mistuh clean
       
      Operating System: Solaris
      Potentially offensive content on defaced pageDefaced domain: www.expoente.com.br
      Site Title: Expoente Brazil
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.expoente.com.br
       
      Defaced by: Death Knights
       
      Operating System: Windows NT
      Previously defaced on 99.10.19 by OHB
      Potentially offensive content on defaced page.
       
       
      Defaced domain: www.lumitex.com
      Site Title: Lumitex
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.lumitex.com
       
      Defaced by: pr1sm
       
      Operating System: Solaris
       
       
      Defaced domain: www.resconet.com
      Site Title: Robert Sweeney Co.
       
       
      Mirror: http://www.attrition.org/mirror/attrition/1999/12/11/www.resconet.com
       
      Defaced by: pr1sm
       
      Operating System: Solaris
      Potentially offensive content on defaced page.


 
        and more sites at the attrition cracked web sites mirror:

                     http://www.attrition.org/mirror/attrition/index.html 
 
       -------------------------------------------------------------------------
       
  A.0                              APPENDICES
       _________________________________________________________________________
       
       
       



  A.1 PHACVW, sekurity, security, cyberwar links
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       The links are no longer maintained in this file, there is now a
      links section on the http://welcome.to/HWA.hax0r.news/ url so check
      there for current links etc.

      The hack FAQ (The #hack/alt.2600 faq)
      http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
      
      Hacker's Jargon File (The quote file)
      http://www.lysator.liu.se/hackdict/split2/main_index.html
      
      New Hacker's Jargon File.
      http://www.tuxedo.org/~esr/jargon/ 
      
      
      
      HWA.hax0r.news Mirror Sites around the world:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://datatwirl.intranova.net  ** NEW **
      http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
      http://net-security.org/hwahaxornews ** NEW **
      http://www.sysbreakers.com/hwa ** NEW **
      http://www.attrition.org/hosted/hwa/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://www.hackunlimited.com/zine/hwa/ *UPDATED*
      http://www.ducktank.net/hwa/issues.html. ** NEW **
      http://www.alldas.de/hwaidx1.htm ** NEW **
      http://www.csoft.net/~hwa/ 
      http://www.digitalgeeks.com/hwa.*DOWN*
      http://members.tripod.com/~hwa_2k
      http://welcome.to/HWA.hax0r.news/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://archives.projectgamma.com/zines/hwa/.  
      http://www.403-security.org/Htmls/hwa.hax0r.news.htm
      http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
      http://hwa.hax0r.news.8m.com/           
      http://www.fortunecity.com/skyscraper/feature/103/  
      

      International links:(TBC)
      ~~~~~~~~~~~~~~~~~~~~~~~~~

      Foreign correspondants and others please send in news site links that
      have security news from foreign countries for inclusion in this list
      thanks... - Ed

      
          
      Belgium.......: http://securax.org/cum/ *New address*

              
      
      Brasil........: http://www.psynet.net/ka0z              
            
                      http://www.elementais.cjb.net           
            
      Canada .......: http://www.hackcanada.com
      Croatia.......: http://security.monitor.hr
      
      Columbia......: http://www.cascabel.8m.com              
      
                      http://www.intrusos.cjb.net                                   
                      
      Finland ........http://hackunlimited.com/                
                      
      Germany ........http://www.alldas.de/
                      http://www.security-news.com/
      
      Indonesia.....: http://www.k-elektronik.org/index2.html 
      
                      http://members.xoom.com/neblonica/      
      
                      http://hackerlink.or.id/                
      
      Netherlands...: http://security.pine.nl/                
      
      Russia........: http://www.tsu.ru/~eugene/              
      
      Singapore.....: http://www.icepoint.com                 
      
      South Africa ...http://www.hackers.co.za       
                      http://www.hack.co.za            
                      http://www.posthuman.za.net 
 
                      
      Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
                                               and best security related e-zine.
      
                      
                       
                      
                      
                      
    .za (South Africa) sites contributed by wyzwun tnx guy...                  
      
      


    Got a link for this section? email it to hwa@press.usmc.net and i'll
    review it and post it here if it merits it.
   
    
      
    @HWA
    

  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
    --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--

     1998, 1999 (c) Cruciphux/HWA.hax0r.news  (R) { w00t }
    
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-                       
     --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
   [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
       [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]    






Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.