Copy Link
Add to Bookmark
Report
hwa-hn25
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 25 Volume 1 1999 July 18th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
"software doesn't kill data -- people do."
- Drew Ulricksen from zdnn
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth
and airportman for the Cubesoft bandwidth. Also shouts out to all our
mirror sites! tnx guys.
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://packetstorm.harvard.edu/hwahaxornews/ * DOWN *
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #25
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #25
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. AVP releases Bo2K detection July 12th............................
04.0 .. More info on Bo2k................................................
05.0 .. Defcon Wrapups...................................................
06.0 .. l0pht announces Antisniff .......................................
07.0 .. Bruce Schneier: PPTPv2 'sucks less' .............................
08.0 .. 1000 copies of Freedom Beta2 Released ...........................
09.0 .. DefCon Web Page Defaced on Opening Day of Con ...................
10.0 .. Capture the Flag Logs Available .................................
11.0 .. Mitnick Sentencing Delayed, Again ...............................
12.0 .. Short explanation of NT related acronyms by StEa|_th.............
13.0 .. BO2K Defcon Presentation on RealVideo ...........................
14.0 .. Defcon News Roundup .............................................
15.0 .. Computer Experts Will Form the Frontline of Sweden's Defense ....
16.0 .. Canadians Plan a Information Protection Centre ..................
17.0 .. Y2K Commission May Be Renamed Security Commission ...............
18.0 .. Tempest Exporter Arrested .......................................
19.0 .. NcN'99 Con in Mallorca Spain Announced ..........................
20.0 .. Rhino 9 Calls it Quits ..........................................
21.0 .. Hotwired and away, 6 yr old fires up toy car and heads for the highway..
22.0 .. Want a 90 gigabyte `HD' for $895? think its impossible? read on..
23.0 .. Sony finished the Glasstron.VR headset............................
24.0 .. NIST Offers Security Accreditation ...............................
25.0 .. Spanish Civil Guard Arrest Electronic Intruder....................
26.0 .. 303.org Needs A Home .............................................
27.0 .. CyberCop Sting Now Shipping (Check this out)......................
28.0 .. cDc Issues Public Apology About Infected BO2K ....................
29.0 .. California Golf Course Computers Attacked ........................
30.0 .. Selling your privacy..............................................
31.0 .. Geek Pride 99 ....................................................
32.0 .. Woz Speaks on Pirates of Silicon Valley ..........................
33.0 .. Project Gamma Down for a while due to server relocation...........
34.0 .. CERT ADVISORY CA-99-08............................................
35.0 .. CODE NAME JANUS - new version of windows..........................
36.0 .. ANOTHER ONE ON BO2K ..............................................
37.0 .. BUG IN AMAVIS VIRUS SCANNER.......................................
38.0 .. E-COMMERCE IS SECURE..............................................
39.0 .. GAO REPORT ON US NAVY ............................................
40.0 .. GEEKS IN SPACE....................................................
41.0 .. DOD to use Netscape's PKI ........................................
42.0 .. Federal Computer Week: FBI turns on new computer crime fighting system
43.0 .. NMRC: Netware 5 Hijack Vulnerability .............................
44.0 .. CNet: IBM offers privacy consulting services .....................
45.0 .. mod_ssl 2.3.6 Bug Fixes ..........................................
46.0 .. Clinton authorizes National Infrastructure Assurance Council......
47.0 .. Federal Computer Week: GSA makes last awards for security services pact
48.0 .. Federal Computer Week: Army awards $248 million ID contract.......
49.0 .. Denial of Service Vulnerability in IBM AIX........................
50.0 .. Trinux revisited by www.securityportal.com........................
51.0 .. ComputerWorld: Crypto Expert - Most encryption software is insecure
52.0 .. Y2K Villains come in all shapes and sizes..........................
53.0 .. 3Com eyes new wireless standard for PALM...........................
54.0 .. Intel creates Net-specific unit....................................
55.0 .. Bugtraq: JavaScript used to bypass cookie settings in Netscape ....
56.0 .. Granny Hacker From Heck <sic> visits defcon (part #1)""............
57.0 .. Carolyn's ("Granny Hacker") profile on Antionline..................
58.0 .. HP Security advisory (July 7th) HPSBUX9907-100
59.0 .. Microsoft Security Bulletin (MS99-024): Patch for Unprotected IOCTLs
60.0 .. ZDNET: DOes the media cause hacking? (No Marilyn Manson does - Ed)
=--------------------------------------------------------------------------=
RUMOURS .Rumours from around and about, mainly HNN stuff (not hacked websites)
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
Ha.Ha .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. <a href="http://www.antionline.com/">http://www.antionline.com/</a>
Back Orifice/cDc..................<a href="http://www.cultdeadcow.com/">http://www.cultdeadcow.com/</a>
News site (HNN) .....,............<a href="http://www.hackernews.com/">http://www.hackernews.com/</a>
Help Net Security.................<a href="http://net-security.org/">http://net-security.org/</a>
News,Advisories,++ .(lophtcrack)..<a href="http://www.l0pht.com/">http://www.l0pht.com/</a>
NewsTrolls .(daily news ).........<a href="http://www.newstrolls.com/">http://www.newstrolls.com/</a>
News + Exploit archive ...........<a href="http://www.rootshell.com/beta/news.html">http://www.rootshell.com/beta/news.html</a>
CuD Computer Underground Digest...<a href="http://www.soci.niu.edu/~cudigest">http://www.soci.niu.edu/~cudigest</a>
News site+........................<a href="http://www.zdnet.com/">http://www.zdnet.com/</a>
News site+Security................<a href="http://www.gammaforce.org/">http://www.gammaforce.org/</a>
News site+Security................<a href="http://www.projectgamma.com/">http://www.projectgamma.com/</a>
News site+Security................<a href="http://securityhole.8m.com/">http://securityhole.8m.com/</a>
News site+Security related site...<a href="http://www.403-security.org/">http://www.403-security.org/</a>
News/Humour site+ ................<a href="http://www.innerpulse.com/>http://www.innerpulse.com</a>
News/Techie news site.............<a href="http://www.slashdot.org/>http://www.slashdot.org</a>
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
<a href="http://www.cnn.com/SEARCH/">Link</a>
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
<a href="http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0">Link</a>
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
<a href="http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack">Link</a>
http://www.ottawacitizen.com/business/
<a href="http://www.ottawacitizen.com/business/">Link</a>
http://search.yahoo.com.sg/search/news_sg?p=hack
<a href="http://search.yahoo.com.sg/search/news_sg?p=hack">Link</a>
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
<a href="http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack">Link</a>
http://www.zdnet.com/zdtv/cybercrime/
<a href="http://www.zdnet.com/zdtv/cybercrime/">Link</a>
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
<a href="http://www.zdnet.com/zdtv/cybercrime/chaostheory/">Link</a>
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
<a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm">Link</a>
http://freespeech.org/eua/ Electronic Underground Affiliation
<a href="http://freespeech.org/eua/">Link</a>
http://ech0.cjb.net ech0 Security
<a href="http://ech0.cjb.net">Link</a>
http://axon.jccc.net/hir/ Hackers Information Report
<a href="http://axon.jccc.net/hir/">Link</a>
http://net-security.org Net Security
<a href="http://net-security.org">Link</a>
http://www.403-security.org Daily news and security related site
<a href="http://www.403-security.org">Link</a>
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
visit http://www.counterpane.com/unsubform.html. Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW. He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Poof Reader: Etaion Shrdlu, Jr.
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
eentity ...( '' '' ): Currently active/IRC+ man in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
HWA members ......................: World Media
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck, where the fuck, when the fuck etc ..
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix
& Kevin Mitnick (watch yer back)
Ken Williams/tattooman of PacketStorm, hang in there Ken...:(
kewl sites:
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.packetstorm.harvard.edu/ ******* DOWN ********* SEE AA.A
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ The cDc presentation of Bo2k is available via realplayer here
pnm://209.207.141.13:17070/defcon7.ram (may or may not work) B-P
with all the bells and whistles and we b0w to the c0w.. enjoy...
if anyone has any other feeds for realplayer etc of any of the defcon
couverage please email in the urls! thanks. this applies to other cons
too got footage? give us an url and we'll post it...
++ SDMI SPEC RESTRICTS CD COPYING (TECH. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20716.html
The new spec designed to control digital music piracy wasn't
supposed to apply to existing CDs. But one such scheme made
its way into the final version anyway. By Chris Oakes.
++ SAN JOSE TOP TECH TOWN (BUS. 9:00 am)
http://www.wired.com/news/news/email/explode-infobeat/business/story/20732.html
There are other pretenders to the throne, but Silicon Valley
still reigns supreme as home to high technology, according
to a new survey. The surprise is who ranks No. 2.
++ LASERS POWER WIRELESS NET (TECH. 9:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20731.html
Lucent Technologies debuts a wireless voice and data network
that uses lasers and amplifiers to bounce signals to
rooftop antennas.
++ ONSALE, EGGHEAD.COM TO MERGE (BUS. 7:30 am)
http://www.wired.com/news/news/email/explode-infobeat/business/story/20729.html
Bigger is better as major competitors eye the computer
retailing industry. Also: AT&T loses again on cable
access.... Amazon.com buys into discount sports retailer...
And more.
++ Y2K MILITARY MINUTIAE ON TRACK (TECH. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20723.html
US troops need not worry about Army-issued T-shirts or combat
boots come 1 January 2000 -- the Department of Defense says
its logistics computers are all systems go. Declan McCullagh
reports from Fairfax, Virginia.
++ DR. ROBOT, REPORT TO THE OR (TECH. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20711.html
A new heart surgery procedure using remote-controlled
robotics could help heart surgery patients to heal faster
and feel less pain. By Kristen Philipkoski.
Thanks to myself for providing the info from my wired news feed and others from whatever
sources, also to Spikeman for sending in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reply-To: "WHiTe VaMPiRe" <whitevampire@mindless.com>
From: "WHiTe VaMPiRe" <whitevampire@mindless.com>
To: "BHZ" <bhz@net-security.org>, <submit@hackernews.com>, <news@darktide.com>,
"HWA Staff" <hwa@press.usmc.net>
Subject: News Submission
Date: Wed, 14 Jul 1999 18:02:10 -0400
Organization: Gamma Force -- Project Gamma
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2014.211
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
"Darkridge Security Solutions, the organization providing the hosting
for Project Gamma, will be relocating their networks. This move could take
up to a period of one to two weeks. Project Gamma will most likely go down
July 14. We will be back up as soon as possible. We will continue to update
the site until it is no longer accessible."
I would appreciate it if you people would be kind enough to post
something regarding this on your Web sites. For more information view,
http://www.projectgamma.com/news/071499-1803.html
Regards,
__ ______ ____
/ \ / \ \ / / WHiTe VaMPiRe\Rem
\ \/\/ /\ Y / whitevampire@mindless.com
\ / \ / http://www.gammaforce.org/
\__/\ / \___/ http://www.projectgamma.com/
\/ "Silly hacker, root is for administrators."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN40Iz9/q8ZpxA8pfEQKVLwCgxE/unm8/YURl7HgYxtLKq0FugPcAn0Nv
XJYMWPVRB9sQ3kdJ999Qo17C
=9/i+
-----END PGP SIGNATURE-----
================================================================
@HWA
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*
* Well while people are still recovering from DefCon and
* the cDc Bo2k release we're chugging along looking for news
* but we can't always find everything so if you find an
* article from your local favourite web site remember to mail
* us the url so we can include the story in the newsletter...
*
* hwa@press.usmc.net
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
@HWA
03.0 AVP releases Bo2K detection July 12th
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From www.avp.com;
Win32.BO, (Back Orifice Trojan)
This trojan can be detected and removed with AntiViral Toolkit Pro
This trojan is an network administration utility itself that allows to control remove computers on the
network. "Back Orifice is a remote administration system which allows a user to control a computer
across a tcpip connection using a simple console or gui application. On a local lan or across the
internet, BO gives its user more control of the remote Windows machine than the person at the
keyboard of the remote machine has"
The only feature makes this utility to be classified as malicious trojan software - the silent installing
and execution. When this program runs, it installs itself into the system and then monitors it without
any requests or messages. If you already have it installed on the computer, you cannot to find this
application in task list. The trojan also does not manifest its activity in any way.
The trojan is distributed in a package of several programs and documentation. All programs in
package were written in C++ and compiled by Microsoft Visual C++ compiler. The date stamp on
EXE files that we got says that all files in package were compiled at the end of July - first week of
August 1998. All the programs in package have Portable Executable formats and can be run under
Win32 only.
The main executable in package is the BOSERVE.EXE file that might be found with different names
on infected computer. This is the trojan itself. It is the "server" part of the trojan that might be called
by clients from remote computer.
The second file is the BOCONFIG.EXE utility that can configure the server as well as attach it to
other executable files in the same style as viruses do that. While attaching (infecting) the host file is
moved down and the trojan code is placed at the top of file. When "infected" files are run, the trojan
extracts the original file image and spawns it without any side effects.
There are two "client" parts of the trojan (console and window), they operate with "server" from
remote computer. Two other executable files in package are used by trojan while
compressing/decompressing files on "server".
When the trojan is executed on the computer, it first of all detects its status: is it original trojan code
or attached to some host file, i.e. modified by the BOCONFIG.EXE utility. In this case the trojan
locates customized options in the host file and reads them.
The trojan then initializes the Windows sockets, creates the WINDLL.DLL file in the Windows
system directory (this file is stored as a resource in the trojan), then gets several KERNEL32.DLL
APIs addresses for future needs, search for trojan process already run and terminates is (upgrades
the trojan process), copies itself to the Windows system directory and registers this copy in the
system registry as the auto-run service:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Creates a TCP/IP datagram socket, assigns a port number 31337 (by default) to this socket and
opens this port for listening. The trojan then runs standard Windows DispatchMessage loop, i.e.
stays in Windows memory as a process with hidden attribute (it has no active window and is not
visible in task manager).
The main trojan routine then listens for commands from remote client. The commands go in
encrypted form and starts with the
"*!*QWTY?" (without " character) ID-string.
Depending on the command the trojan is able to perform a set of actions:
Gets and sends computer name, user name and system info: processor type, memory size,
Windows OS version, installed drives and free space on them,
Shares selected drives
List disk contents or searches for specific file
Sends/receives files (reads and writes them), as well as deleting, copying, renaming and running
them (including updating itself)
Created/deletes directories
Compressed/decompresses files
Logoffs current user
Halts the computer
Enumerates and sends active processes
Enumerates and connects to network resources
Terminates selected process
Gets and sends cashed passwords (passwords that were used), then looks for ScreenSaver
password (decrypts and sends them)
Displays message boxes
Access the system registry
Opens and redirects other TCP/IP sockets
Supports HTTP (protocols and emulations) Web-server, so one may access the trojan by Web
browser
Plays sound files
Hooks, stores and sends keyboard input while the user is logging, (see below):
While installing into the system the trojan creates the WINDLL.DLL file (it keeps this file image in its
resources). In case of need the trojan loads this DLL into the memory and initializes it, the DLL then
hooks keyboard and console (device console) input and stores hooked data to the
BOFILEMAPPINGKEY and BOFILEMAPPINGCON files that are then available for main trojan
routine.
The trojan is also possible to expand its abilities by using plug-ins. They can be send to the "server"
and installed as trojan's plug-in. The features and main functions (including possible malicious ones)
are on its author responsibility.
@HWA
04.0 Back Orifice 2000 Makes Big Waves at Defcon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Scores
Amidst pounding techno music, smashing guitars,
communist imagery, and spinning logos, the Cult of the
Dead Cow released BO2K at last weekend's Defcon 7
conference.
The Cult of the Dead Cow
http://www.cultdeadcow.com
Back Orifice 2000
http://www.bo2k.com
Microsoft - Security Bulletin. (This is rather funny actually)
http://www.microsoft.com/security/bulletins/bo2k.asp
CNN
http://www.cnn.com/TECH/computing/9907/07/nthack.idg/index.html
Phoz.dk - A BO2K Mirror
http://phoz.dk/bo2k/
http://home10.inet.tele.dk/uddeler/phoz_dk/speech.mp3
Full speech of the cDc presentation from DefCon (9M)
Microsoft advisory;
What Customers Should Know About BackOrifice 2000
BackOrifice 2000; (BO2K) is a malicious program that is expected to be released on or about July 10, 1999.
Customers can protect themselves by following normal safe computing practices.
Although the software has not yet been released, Microsoft is closely monitoring the situation and is committed
to providing information that will let customers understand and protect themselves against it when it becomes
available. Following are frequently asked questions about the program.
What is BO2K?
BO2K is a program that, when installed on a Windows computer, allows the computer to be remotely controlled by
another user. Remote control software is not malicious in and of itself; in fact, legitimate remote control
software packages are available for use by system administrators. What is different about BO2K is that it is
intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make
it difficult to detect.
What's the danger from it?
When BO2K is installed on a computer, the attacker can do anything that the user at the keyboard could do. This
includes running programs, creating or deleting files, sending and receiving data, and so on.
How would it get onto my computer?
Like any computer program, BO2K must be installed on the target machine. BO2K cannot be injected onto your machine.
There are only two ways it can be installed: By giving the attacker physical access to your logged-on computer. If
the attacker learns your password or you leave your logged-on workstation unattended, he or she can install BO2K on
your machine.
By tricking you into installing the software. This is known as a Trojan horse technique. The attacker might send
you an email attachment that claims to be a game but which really installs BackOrifice.
How do I prevent having BO2K installed on my machine?
You don't need to take any extraordinary precautions. Just follow normal safe computing practices:
o Never share your password, and always lock your computer when you walk away from it.
o Never run software from untrusted sources.
o Always keep your anti-virus and other security software up to date.
If it's on my machine, how do I get it off?
The makers of anti-virus and intrusion detection software are standing by awaiting its release, and are poised to
quickly develop software that will detect and remove BO2K. Microsoft is working closely with them to assist in this
process. When BO2K's predecessor was released, defenses were available within days, and the same is likely to happen
with this release.
Does BO2K exploit any security vulnerabilities in Windows or Windows NT?
No. Programs like BO2K could be written for any operating system; this one just happens to have been written to run
on Windows and Windows NT. On any operating system, if you choose to run a program, it can do whatever you can
do. And if you can be tricked into running a destructive piece of software, it can abuse that capability by erasing
data, changing information, or allowing someone else to give it commands.
Trojan horse software doesn't target technology, it targets the user. If BackOrifice did in fact exploit security
vulnerabilities in Windows or Windows NT, Microsoft would promptly fix the vulnerability, and BackOrifice would
be stopped. Instead, the makers of BackOrifice realized it is easier to target people and trick them into running
harmful software than it is to target the technology.
Is BO2K like the Melissa virus?
Only in the sense that both were Trojan horse programs that performed malicious actions, and neither exploited any
security vulnerabilities in Microsoft products.
What is Microsoft doing about BO2K?
o Microsoft is closely monitoring the situation, and is committed to helping customers have a safe, enjoyable computing
experience.
o Microsoft security experts are standing by, and when the software is released, they will determine exactly how it works
and what measures can be taken to protect against it
o Microsoft has worked with other members of the security community—especially anti-virus vendors, intrusion detection
software vendors, and makers of mobile code security products—and is working closely to ensure that software to detect
and remove BO2K is available as soon as possible.
o Microsoft will provide information to customers about the program as more details are known.
-=-
CNN;
New and improved Back
Orifice targets Windows NT
July 7, 1999
Web posted at: 10:36 a.m. EDT (1436 GMT)
by Tom Spring
(IDG) -- In the consumer world, folks like Ralph Nader fight for consumer rights by
helping pass tough consumer protection laws. Then there's the PC world. For us, there's
a self-proclaimed equivalent:Groups of (mostly teenaged) Hackers basking in the glow of
computer monitors, who release nasty computer bugs under the guise of strong-arming software
makers to get tough on privacy and security.
"We want to raise awareness
to the vulnerabilities that exist within the Windows operating system. We
believe the best way to do this is by pointing out its weaknesses," says a
member of the hacker group the Cult of the Dead Cow who goes by the
pseudonym Sir Dystic.
The Cult of the Dead Cow created and released the program Back Orifice
last year to the general public at the Las Vegas hacker and security
conference DEF CON. The program allows its users to remotely control
victims' desktops, potentially undetected.
At this year's conference, on July 9, Sir Dystic says the cult will outdo itself
and release Back Orifice 2000. The program, he says, is smaller, nimbler,
and twice as nefarious.
Computer security experts question the Cult of the Dead Cow's intent. Releasing a
hacking tool like Back Orifice 2000 in the name of safeguarding computer privacy is a
bit like the American Medical Association infecting cattle with the deadly e. coli bacteria
to inspire food companies to sell healthier meats.
New and Improved
Unlike earlier versions that affected consumers and small businesses, Back
Orifice 2000 hits large organizations because it runs on Windows NT systems, which are
more used by businesses. Also, the updated program is modular, so users can add
additional functions. For example, they could hide files or activate a computer's microphone
for real-time audio monitoring, according to Cult of the Dead Cow.
Back Orifice 2000 will also be more difficult to detect via network monitoring programs,
according to Sir Dystic. This is because the program can communicate back
to the sender by using a variety of different protocols, making it hard to
identify. The group also says it will make the source code available for Back
Orifice 2000, which will likely spawn multiple strains of the program in the
hacker community, experts say.
Another purported function is real-time keystroke-logging, which can record
and transmit a record of every keystroke of an infected computer. Also, the
recipient can view the desktop of a targeted computer in real time.
It should be noted that PC World Online has no independent confirmation
that new Back Orifice 2000 program actually lives up to the claims of Cult
of the Dead Cow.
(hahahaha - nice story, harumph - Ed)
NAI Provides Detection Utility
contributed by nvirB
Network Associates is claiming that they have already
written a detection utility. This utility claims to be able
to detect if BO2K is running on your system and is part
of the NAI Total Virus Defense Suite.
A statement released by cDc says that "While Network
Associates (and other AV vendors) may well protect
against the specific version of BO2K released at Defcon,
cDc has said all along that we expect untold mutations
of the software to be created in a matter of days, and
seriously doubt they will be able to provide effective
detection (for all of them)."
Network Associates
http://www.networkassociates.com/asp_set/anti_virus/introduction/back_orifice.asp
SANTA CLARA, Calif., July 10, 1999 Network
Associates (Nasdaq: NETA) Anti-Virus Emergency
Response Team (AVERT), a division of NAI Labs,
today advised computer users and network
administrators to protect their PCs against a new
Trojan horse called Back Orifice 2000. Released
into the wild today, Back Orifice 2000 allows
hackers to take control of a persons PC over the
Internet, but only if the victim has been tricked into
installing the Back Orifice software on the local
machine. Users who click on an infected email
attachment enable the Back Orifice installation, thus
placing all control over their PCs into the remote
hackers hands. Network Associates is the first
anti-virus vendor to make available comprehensive
protection against the Trojan: the complete Total
Virus Defense line of virus security products has
been updated to detect the new Back Orifice
software in email attachments,
and its CyberCop
intrusion detection products will be automatically
updated to check for the Back Orifice client
throughout a network of machines.
Symptoms:
Back Orifice 2000, the latest in a string of Remote
Access Trojans (RATs), is a Windows 9x and NT
program that acts as a hack tool. When executed,
Back Orifice turns a users system into an open
client, giving virtually unlimited remote access to the
system over the Internet. Anyone remotely running
the other half of the Back Orifice software can then
control the users computer to do anything they
could do while sitting in front of it, including reading
and/or deleting all files on the computer. Back
Orifice 2000 is virtually undetectable by the user,
and has been reported as spreading via several
benign email attachments such as screen savers.
Pathology:
Back Orifices qualities are ever-changing, the result
of it being open source code released at a hacker
convention.
Risk Assessment:
Though Back Orifice 2000 is not technically a virus
because it does not self-replicate or propagate, it
has been assessed as a Medium threat by
Network Associates AVERT risk assessment
team. This assessment is due to Back Orifices
destructive qualities, wide exposure, and availability,
balanced by relatively few outbreaks at customer
sites and widespread advance notice of the threat.
Cure:
Detection and cleaning for the Back Orifice 2000
Trojan horse is now included in Network Associates
Total Virus Defense suite and will soon be included
in CyberCop Scanner via Network Associates
AutoUpdate feature. To avoid the risk of contracting
Back Orifice, it is recommended that network
administrators and users upgrade to the latest
version of their Network Associates anti-virus
software. The most recent protection is available on
Network Associates website.
With headquarters in Santa Clara, Calif., Network
Associates, Inc. is dedicated to providing leading
enterprise network security and management
software. AVERT (Anti-Virus Emergency Response
Team), the anti-virus research division of NAI Labs,
currently employs more than 85 virus researchers
and maintains labs on five continents worldwide. In
addition to studying new and existing security
threats, AVERT serves as a global resource for virus
information and provides rapid, follow-the-sun support
for virus emergencies worldwide. Virus Alerts are
issued as a service to customers from Network
Associates, the leader in anti-virus detection and
cleaning technology. For more information, Network
Associates can be reached at (408) 988-3832.
@HWA
05.0 Defcon Wrapups
~~~~~~~~~~~~~~
http://www.thestandard.net/articles/mediagrok_display/0,1185,5491,00.html?home.mg
What Do Hackers Really Want?
It's hard to get a clear picture of what the hackers who met at DefCon in Las Vegas
over the weekend really wanted. Matt Richtel's New York Times report on the
drumming of a National Security Council senior director indicated that they wanted
the government to be more careful in securing its own Web sites. But they also
wanted to hack into those sites. Oh, and they don't want the government to rely on
Microsoft (MSFT) software to protect those sites.
Bruce Meyerson's AP report in the Washington Post said that members of the
Cult of the Dead Cow released the cracking software Back Orifice 2000 because they
wanted to expose security flaws in Microsoft Windows NT software so that Microsoft
could fix it - presumably so that Microsoft's customers could feel more secure.
So ... some hackers want Microsoft's customers to be more secure, while other
hackers don't want the government to use any Microsoft software.
Bob Sullivan's report on MSNBC suggested that they wanted to get together to share
knowledge about how to commit crimes that none of them will ever actually perpetrate.
Polly Sprenger's report for Wired suggested that they wanted to get together to watch
teenage dancers, or maybe to settle online grudges by fighting them out in inflatable
sumo-wrestler costumes. The Wall Street Journal headlined its Web and print editions
with a come-on about feds and recruiters invading the conference. But instead of
summer-movie-like action, John Simons' account yawned over routine conference
activities: seminars, panels and talking heads. Make that talking feds. Simons
reported that DefCon organizers regularly broke into panel discussions for a rollicking
game of "Spot the Fed," which invited attendees to pick out the ubiquitous
undercover agent in the audience. Winners - both the eagle-eyed attendee and the
bagged agent - got T-shirts.
Sounded like a pretty regular convention, once you got past the black T-shirts and
tattoos of circuitry. But the real story may happen this week as NT administrators
watch for evidence of damage from the harmful new program, nicknamed BO2K. If it
hits hard, the hackers will have proven their point. Which is, well ... something about
Microsoft.
-=-
Defcon Stories Cover the Web
contributed by Bronc Buster
Defcon articles will be popping up around the net for
next several days or weeks. With over 70 media outlets
represented at Defcon you can expect to see a lot of
places that will run stories covering the con. We will link
to the best of them.
Time - Hackers Take Microsoft to School
http://cgi.pathfinder.com/time/digital/daily/0,2822,27824,00.html
Wired - Covers Day one of Defcon
http://www.wired.com/news/news/politics/story/20667.html
Wired- Broad overview of the Con
http://www.wired.com/news/news/email/explode-infobeat/technology/story/20671.html
The Standard- Nice RoundUp of a lot of articles
http://www.thestandard.net/articles/mediagrok_display/0,1185,5491,00.html?home.mg (above)
ZD Net- Special Report on Defcon
http://www.zdnet.com/zdnn/special/defcon7.html
ZD Net - Defcon I
http://www.zdnet.com/zdnn/stories/news/0,4586,2288137,00.html
User Friendly - Wicked funny BO2K related cartoon
http://www.userfriendly.org/cartoons/archives/99jul/19990711.html
Time;
Hackers Take Microsoft to School
The makers of BackOrifice 2000, one of the
most powerful hacker tools ever released,
claim it's for our own good
FROM WEDNESDAY, JULY 7, 1999
It's the kind of thing bellboys have nightmares about
an entire hotel full of hackers, messing with the
computers, screwing up the phones and generally
raising hell. That's the scene at DEF CON, an annual
hacker convention held at the Alexis Park Hotel in Las
Vegas. At last year's DEF CON a hacker group called
the Cult of the Dead Cow released a program called
BackOrifice that can completely take control of a
computer over the Internet. This Friday DEF CON 1999
kicks off, and the Cult of the Dead Cow is back with a
new version of BackOrifice that's more dangerous than
ever. Should we be grateful?
A little disingenuously, the Cult of the
Dead Cow released the original
BackOrifice as "a remote
administration tool," a simple way of
operating a computer running Windows 95 or 98 from a
distance over an ordinary Internet connection. While
it's possible to imagine scenarios in which having that
kind of power would be useful and there are
legitimate applications that perform similar functions
such a tool is obviously very much open to abuse.
Say, for example, allowing a hacker (or, as malicious
hackers are sometimes called, a cracker) to take over
a machine, read your personal information, send e-mail
under your name and then erase your hard drive.
Fortunately, BackOrifice has certain weaknesses. It
can only take over machines on which BackOrifice has
actually been installed, and once installed, it's not that
hard to detect and remove.
According to its creators, the new version of
BackOrifice slated for release on Saturday is more
powerful than ever. It's tougher to detect, gives the user
a greater degree of control over the infected computer,
and works on Windows NT, the heavy-duty version of
Windows used by most large businesses. While the
original version of BackOrifice was a threat to small
businesses and private users, BackOrifice 2000, as it's
called, will affect a much broader and more vital sector
of the world's computers.
So why does the Cult of the Dead Cow claim they're
doing it all for our own good and why do some
computer programmers agree? To quote from the
Cult's press release, "BackOrifice 2000 could bring
pressure on [Microsoft] to finally implement a security
model in their Windows operating system. Failure to
do so would leave customers vulnerable to malicious
attacks from crackers using tools that exploit
Windows' breezy defenses." In other words, don't
blame us, blame Microsoft for making a shoddy
product now maybe they'll improve it. As one poster
on a hacking bulletin board wrote, "I feel better
knowing that at least these holes will be known
publicly and raise some sense of awareness rather
than in a closed private environment where exploitation
could continue unfettered."
Not everybody agrees, but you can bet that Microsoft
currently at work on a new version of Windows
largely based on NT will be downloading a copy of
BackOrifice 2000 and studying it closely. As the Cult
of the Dead Cow which claims to be one of the few
hacker groups out there to include a female member
puts it, "Information is a virus. And we intend to
infect all of you."
@HWA
06.0 l0pht announces Antisniff
~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Weld Pond
L0pht Heavy Industries announced at Defcon a
revolutionary new proactive tool that will assist IT
Managers in protecting their networks. Antisniff will be
able to scan for NIC cards that have been placed into
promiscuous mode. While this will enable Admins to
determine what machine may have been compromised it
will also allow intruders to find a company's IDS system.
L0pht will release full details on how this product works
to the public in the form of a white paper. They hope to
have the white paper and the software ready to
distribute within a few weeks.
NY Times
http://www.nytimes.com/techweb/TW_Hacker_Think_Tank_To_Unleash_Anti_Sniff_Tools.html
L0pht Heavy Industries
http://www.l0pht.com
NYTimes;
July 9, 1999
Hacker Think Tank To Unleash Anti-Sniff
Tools
Filed at 9:31 a.m. EDT
By Rutrell Yasin for InternetWeek, CMPnet
A Boston-based hacker think tank on Friday will
unveil software that can detect whether or not
Sniffer-type analyzers are being used to probe
enterprise networks.
L0pht Heavy Industries will introduce AntiSniff
1.0 at DefCon, an annual hackers' convention.
A typical way for hackers -- both black-hat and
ethical -- to gain access to an organization's
network is to use analyzers that can sniff or probe for passwords for
networked systems.
While many scanning tools can probe networks to expose potential
vulnerabilities, they don't give IT managers a clear sense of whether or
not systems have been compromised or broken into, said L0pht's chief
scientist, who goes by the name Mudge.
AntiSniff is designed to help IT managers be more proactive in thwarting
security threats, Mudge told a gathering of security managers and experts
today at The Black Hat Briefings.
"Don't play reactive," Mudge said. "There are new ways to look for [new
attack] patterns."
L0pht said it plans to release all technical details for AntiSniff to the
public .
But the monitoring software carries a doubled-edge sword.
While it can be used by "good guys" to thwart network intruders, it can
also be used by the "bad guys" to sniff out a company's network intrusion
systems, Mudge said.
(c) 1999 CMP Media Inc.
@HWA
07.0 Bruce Schneier: PPTPv2 'sucks less'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Dr. Mudge
A security paper released by Bruce Schneier of
Counterpane Systems, and Mudge, from L0pht Heavy
Industries covers the new version of Microsoft PPTP.
The paper says that while the VPN product, that ships
free with NT, is better than a previous version it still has
serious problems. (The good info is down in the middle
of the ZD article.)
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2290399,00.html
Cryptanalysis of Microsoft'9s PPTP Authentication
Extensions (MS-CHAPv2)
http://www.counterpane.com/pptp.html
ZDNet; (reprinted from last issue)
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Security expert blasts shoddy software
By Robert Lemos, ZDNN
July 8, 1999 2:00 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2290399,00.html
LAS VEGAS -- Security experts and so-called "white-hat" hackers meeting at the Black Hat
Security Conference lambasted current corporate security and the companies that make security
products that are anything but.
"Do hackers have root [control] of all your systems? Well, yes, they do," said Mudge (an
old-school hacker who does not give out his real name), the head of L0pht Heavy Industries -- a
collection of hackers bent on improving the Internet's security -- during a Thursday keynote. The
security "firm" accepts contracts from companies to break into systems as well as to write security
products.
Mudge's comments hit on a common theme at security conferences --
that, in the rush to beat competitors to market, product security plays
second fiddle to adding new (and possibly insecure) features.
The solution: Don't let software vendors hide behind licenses that
stipulate that software is sold "as is."
Liability the key
"We need to hold all these software vendors liable," said Mudge. "But as soon as you say the
word 'liability,' software lobbyists hit Washington to prevent any legislation." Instead, the security
world needs to design incentives for software makers to test and certify their security, he said.
Mudge testified in front of the Senate last year to garner support for better security and to criticize
the Digital Millennium Copyright Act, which was a piece of legislation that would have had the
unintended consequence of making it illegal to test security products.
Rebecca Bace, president of security penetration testing firm Infidel Inc., agreed with his criticism
of the software industry. "We really need methods to push for software quality," she said. She
pointed out examples of major security flaws in many products from Microsoft Corp.
(Nasdaq:MSFT), including SiteServer 3.0, Windows NT and demo code that ships with IIS 4.0.
Microsoft a popular topic
In fact, pounding on Microsoft's insecurities became a common theme at the conference as well.
On Wednesday, Mudge and noted cryptographer Bruce Schneier, president of Counterpane
systems, published a paper critical of Microsoft's software for creating virtual private networks.
VPNs use encryption to create secure channels across insecure networks like the Internet.
However, Microsoft's protocol -- known as PPTP and included free with Windows NT --
creates virtual private networks that can be hacked, said both Mudge and Schneier.
"If security actually matters, (Microsoft's product) is unacceptable," said Schneier, who is
frequently contacted by companies to test the security of encryption software.
A year ago, Mudge and Schneier released a paper on the original Microsoft PPTP software. At
that time, Schneier called Microsoft "security charlatans" and pointed out that the encrypted
network created by the software could be easily broken.
Schneier: PPTP 'sucks less'
Today, the situation is a bit better, he admitted, adding that Microsoft fixed the most major issues.
"It sucks less," he said. "Before you had something that was completely broken, but now it's a bit
better."
Microsoft could not be reached for comment by press time. However, a Microsoft Network
administrator at the conference, who asked to remain anonymous, pointed out that other operating
systems have just as many problems.
"Every distribution of Linux, and Sun's Solaris, have all had just as many security holes," he said,
adding that like Windows 2000's much-criticized code bloat (it's up to 40 million lines), Linux and
Solaris have been growing bigger.
During his keynote, Mudge relented to some degree as well. "I use Microsoft as an example,
because everyone knows them," he said. "Others have these problems as well."
Until we get them fixed, we can look forward to more break-ins, Web defacements, and perhaps
worst of all, viruses, said Infidel's Bace. "Melissa and ExploreZip only begin to scratch the tip of
the iceberg," she said.
-=-
Press Release
June 1, 1998
CONTACTS:
Bruce Schneier
Counterpane Systems
612.823.1098 (voice)
612.823.1590 (fax)
schneier@counterpane.com (email)
Lori Sinton
Jump Start Communications, LLC
408.289.8350 (voice)
408.289.8349 (fax)
lori@jumpstartcom.com (email)
SECURITY FLAWS FOUND IN MICROSOFT'S IMPLEMENTATION OF
POINT-TO-POINT-TUNNELING PROTOCOL (PPTP)
Companies using Microsoft products to implement their Virtual Private Networks (VPNs) may find that their networks are not so private
MINNEAPOLIS, MN, June 1, 1998. Counterpane Systems today announced that it has discovered flaws in Microsoft's implementation of a communications
protocol used in many commercial VPNs. These flaws lead to password compromise, disclosure of private information, and server inoperability in VPNs running
under Windows NT and 95.
"PPTP is an Internet protocol designed to provide the security needed to create and maintain a VPN over a public Transmission Control Protocol/Interface Protocol
(TCP/IP) network. This raises serious concerns as most commercial products use Microsoft's Windows NT version of the protocol. While no flaws were found in
PPTP itself, several serious flaws were found in the Microsoft implementation of it.
"Microsoft's implementation is seriously flawed on several levels," according to Bruce Schneier, President of Counterpane Systems. "It uses weak authentication and
poor encryption. For example, they use the user's password as an encryption key instead of using any of the well-known and more secure alternatives," explained
Schneier.
"VPN implementations using PPTP products require management control software at both ends of the tunnel, as well as a cryptographic analysis of the system," said
Wray West, Chief Technology Officer of Indus River Networks, a supplier of remote access VPNs. "Most implementors do not have the specific in-house
cryptographic expertise to discern the subtleties that are often the root of security breaches in today's commercial servers. They rely on their vendors and information
security providers to build robust, secured products," observed West.
According to the team that did the cryptanalysis, there are at least five major flaws in this implementation. They are:
password hashing -- weak algorithms allow eavesdroppers to learn the user's password
Challenge/Reply Authentication Protocol -- a design flaw allows an attacker to masquerade as the server
encryption -- implementation mistakes allow encrypted data to be recovered
encryption key -- common passwords yield breakable keys, even for 128-bit encryption
control channel -- unauthenticated messages let attackers crash PPTP servers
A host of additional attacks were identified including bit flipping, packet resynchronization, passive monitoring of Microsoft's PPTP, and PPP (point-to-point
protocol) packet negotiation spoofingall further compromise the intended security of any VPN. The cryptanalysis work on Microsoft's implementation of PPTP
was conducted by Bruce Schneier of Counterpane Systems and expert hacker Peter Mudge.
According to Mark Chen, CTO of VeriGuard, Inc, a Menlo Park based computer security company, "The flaws in this implementation are quite amateurish." Chen
continued, "A competent cryptographic review would have prevented the product from shipping in this form."
"This should serve as a caution to VPN implementors and users," said David Wagner, graduate student of University of California at Berkeley. "There are a lot of
corporate security officers out there who will be very glad the 'good guys' found this first," continued Wagner. Last year, Wagner, along with Bruce Schneier and
John Kelsey of Counterpane Systems, discovered a major flaw in the privacy protection used in cell phones.
Counterpane Systems is a Minneapolis, MN-based consulting firm providing expert consulting in cryptography and computer security issues. The firm has consulted
for clients on five continents. Counterpane's president, Bruce Schneier, invented the Blowfish encryption algorithm, which remains unbroken after almost four years
of public testing. Blowfish has been incorporated into dozens of products, including Symantec's Your Eyes Only and McAfee's PCCrypto. Schneier is also the
author of five books on cryptography and computer security, including Applied Cryptography, the definitive work in this field. He has written dozens of magazine
articles, presented papers at major international conferences, and lectured widely on cryptography, computer security, and privacy.
-=-
@HWA
08.0 1000 copies of Freedom Beta2 Released
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Dov Smith
Zero-Knowledge Systems released 1000 copies of Freedom Beta2 this past weekend at Defcon 7, the
computer industry's most eccentric annual conference.Freedom is an Internet privacy technology that will
allow users to communicate over the internet in complete anonymity. Zero-Knowledge hopes to
introduce an open beta of Freedom later this summer.
Zero Knowledge Systems
http://www.zks.net/clickthrough/click.asp?partner_id=542
@HWA
09.0 DefCon Web Page Defaced on Opening Day of Con
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(As reported last week while HNN were at the Con HNN picks up the story - Ed)
contributed by Code Kid
As Kevin Poulsen was giving the opening speech at Defcon 7, people from the group known as ADM Crew
where defacing the main Defcon web page.
C|Net
http://www.news.com/News/Item/0,4,0-38970,00.html?st.ne.lh..ni
HNN Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
Hackers attack their own kind
By Tim Clark
Staff Writer, CNET News.com
July 9, 1999, 4:25 p.m. PT
update On the opening day of its annual hacker convention in Las Vegas, somebody hacked DefCon's Web site.
Instead of describing DefCon's seventh annual "computer underground party for hackers," the bogus page declared the show had
been taken over by the ADM Crew and renamed to ADM Con.
"Can't make it to DefCon?" reads one entry. "No problem, Delta Airlines is willing to sell you expensive business class tickets for
twice their value."
Jeff Moss, creator and producer of the DefCon event, took the hack good-naturedly.
"It's funny, it happens, I'm an unhappy client [of the service that hosts the page]", Moss told a press conference late this
afternoon. "All we can tell is that ADM is a European hacker group. They weren't very malicious, they were cracking jokes and
zapping me because the conference was held at place they couldn't come to."
The hacked page also spoofs the most anticipated news from the real event, tomorrow's scheduled release of a new version of
Back Orifice.
"Cult of the Dead Cow will announces [sic] new remote administration tools for kids!" the bogus site claims. Back Orifice is a
potentially destructive Trojan horse for opening security holes in computer networks running Microsoft's Windows NT operating
systems.
"The president and vice president will be there for autographs and more," according to the hacked page, which links to the official
White House Web site.
So far no one has publicly claimed responsibility for the hack, but a note in the page's HTML source reads: "This is an
anonymous member of the ADM Crew. Well, I couldn't make it to DefCon this year, you know how expensive everything is these
days...so sorry, but it looks like revamping this site was really too tempting for me."
The author adds what he or she calls the ADM motto: "You're lucky we're whitehats," which is a reference to being "friendly," not
nefarious, hackers. There's also a hint of a German connection, citing the private annual ADM party in Berlin August 6 to 8.
A time stamp on the page indicates the hack was posted around 12:45 p.m. PT. As of 5:30 p.m. PT, the hacked version
remained in place.
Moss said the hackers broke into the DefCon page about two weeks ago and compromised the Web server at the commercial
hosting service where DefCon has had its page for five years. But the page wasn't changed until today.
"I'm not quite sure how it happened," Moss added, saying he was busy protecting the Web site for a parallel Black Hat show that
just ended and didn't guard his own site.
The hacked ADM Con page indicates it will soon be mirrored at Attrition.org's hacked Web pages archive, to be retained for
posterity.
@HWA
10.0 Capture the Flag Logs Available from DefCon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Ron Gula
The folks at Security Wizards took their Dragon IDS to
Defcon and let people pound on it for three days. They
have posted over 200MB of logs from the contest up on
their web site. There is some neat stuff in there. They
plan to have TCPDUMP versions up soon.
Security Wizards
http://www.securitywizards.com
(Check out these logs people w1tn3ss the tekn1q... - Ed)
@HWA
11.0 Mitnick Sentencing Delayed, Again
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Code Kid
Kevin Mitnick had been scheduled to be sentenced on
July 12th. That hearing has now been postponed until
July 26th. The issue is restitution. The prosecution
wants $1.5 million while the defense wants $5,000. The
defense claims that there is no way that Kevin will be
able to earn 1.5mil, especially since he will be banned
from touching a computer.
ZD Net
http://www.zdnet.com/zdnn/filters/bursts/0,3422,2292504,00.html
Free Kevin
http://www.freekevin.com
03:21p
Mitnick sentencing postponed
LOS ANGELES -- The sentencing of convicted hacker Kevin Mitnick was postponed until Monday July 26,
after talks broke down on the issue of restitution. The government is asking for Mitnick to be
responsible for restitution on the order of $1.5 million, while the defense is asking for payments
on the order of $5,000, based on his projected earnings potential during his supervised release. He
will not be able to use a computer during that three year-period. -- Kevin Poulsen, ZDNN
@HWA
12.0 Short explanation of NT related acronyms by StEa|_th
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.403-security.com/
Small Orology by StEa|_th
Active Server
A collection of server-side tecdhnologies that are delivered with Windows
NT. These technologies provide a consistent server-side component and
scripting model and an integrated set of system services for component
application management, database access, transactions, and messaging.
ADO
Active Data Object. A set of object-based data access interfaces optimized
for Internet-based, data centric applications. ADO is based on a published
specification and is included with Microsoft Internet Information Server and
Microsoft Visual InterDev.
ASP
Active Server Pages. A Server side scripting enviorment that runs ActiveX
scripts and ActiveX components on a server. Developers can combine
scripts and components to create Web-based applications.
CGI
Common Gateway Interface script. A program that allows a server to
communicate with users on the Internet. For example, when a user enters
information in a form on a Web page, a CGI script interpets the information
and communications it to a database program on the server.
COM
Component Object Model. The object-oriented programming model that
defines how objects interact within a single application or between
applications. In COM, client software accesses an object through a pointer
to an interface--a related set of funcations called methods--on objects.
DAO
Data Access Object.
DNS
Domain Name System. A protocol and system used throughout the Internet
to map Internet Protocal (IP) addresses to user-friendly names. Sometimes
referred to as the BIND service in BSD UNIX, DNS offers a static,
hierarchical name service for TCP/IP hosts. The network administrator
configures the DNS with a list of host names and IP addresses allowing
users of workstations configured to query the DNS to specify remote
systems by host name rather than IP address.
DSN
Data Source Name
FTP
File Transfer Protocal
IDC
Internet Database Connector
IIS
Internet Information Server
ISAPI
Internet Server Application Procedural Interface
ODBC
Open Database Connection
RDO
Remote Data Object
Copyright 1999(c) www.security.org
13.0 BO2K Defcon Presentation on RealVideo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Kill-9
If you missed the pounding techno, and the flashing
lights of the BO2K presentation at Defcon 7 it has been
made available on RealVideo.
Uberspace
http://www.uberspace.com
Defcon Pics
And if you missed Defcon completely you can get a
small feel of what it was like from this picture archive.
Defcon Picture Archive
http://www.303.org/pics/Defcon7/
@HWA
14.0 Defcon News Roundup
~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
There are Defcon and BO2K news articles all over the
web. Most of them are full of FUD. We don't have time
to list them all but these two are definitely worth
reading.
MSNBC - Ignore Defcon at Your Own Risk
http://www.msnbc.com/news/289125.asp
ZD Net - Back Orifice Is Your Friend
http://www.zdnet.com/zdnn/stories/comment/0,5859,2292276,00.html
MSNBC;
Should you care about DEF CON?
Its more than fun, games, and irreverence;
hacker convention offers up annual warning
MSNBC
July 12 You might be inclined to dismiss last
weekends DEF CON conference as a collection of
angst-ridden, troublemaking youths. And many of
the hackers will help you to that conclusion the
extremist positions, the relentless electronic
pranking, the irreverent insults, the blue hair. But
make no mistake: These are not adolescent punk
rockers who will soon grow out of a phase and go
to work for IBM. Scratch below the surface, and
youll find a crowd of geniuses, many playing the
part of guardian angel of the information age.
Ignore them, and their anything-but-sugar-coated
message, at your own peril.
WE ALL KNOW that using the Internet you can
connect to information on computers all around the world.
But that also means almost any computer around the world
can connect to you. Feel invaded? This is just the beginning.
Soon, your pager, your cell phone, your VCR, your car, your
watch theyll all be connected. And that means they can
all be invaded.
Computer security isnt sexy, and it doesnt sell, but
someday youll think about it as much as you think about
locking the front door.
Its already that important to hackers, who live and
breathe computer security. Their ranks run a confusing
continuum from stodgy, conservative Army M.P. types who
would never hurt a fly unless ordered, to reckless geniuses
who aim to steal thousands of credit card numbers. For the
record, hackers like to call those who engage in criminal
activity crackers and reserve the term hacker for
well-intentioned people out only to find out how things work.
Careful how you use those terms; hackers now have the
hypervigilance of any extremist special interest group.
In between the two extremes are several shades of
gray, such as:
Groups that hunt for computer vulnerabilities, then publish
them to embarrass software companies such as Microsoft
into fixing their products.
Groups that write tools to enable well-intentioned and
ill-minded hackers alike, such as the Cult of the Dead Cow
and its Back Orifice product.
Groups that perform criminal but relatively harmless
hacks, such as defacing a Web page.
All these groups find their home once a year at DEF
CON.
They dressed in black, swallowed caffeine straight (at
least I think it was caffeine), stayed up all night, talked about
rebellion a lot, held hacking competitions and tried to keep
each other from breaking too many things.
Most of the attention was centered on the release of
Back Orifice 2000, the best publicity stunt in the history of
hacking. As far as the general public is concerned,
platitudes aside, BO is a bad thing. That only reinforces the
image of hackers as bad people, teen-agers bent on
destruction, geniuses gone bad, screwing with the worlds
information infrastructure. They could steal your credit card,
filch money from your bank account, even start a cyberwar.
Advertisement
This image is unfortunate and serves to obscure the
very real issues hackers seek to expose. It isnt necessarily
wrong; just incomplete. Let me try to fill it in.
HACKERS IN REAL LIFE
When hes not at DEF CON, HackerDudes hair isnt
blue. And far from being reckless and emotionally unstable,
HackerDude is Bill Smith, overly fastidious network
administrator at Newbie Inc. Newbies 500 employees,
whose job is to sell Plexiglass, hate computers. They get
frustrated when computers crash, lose data, or when theyre
hard to use. And so Newbie workers tend to be careless.
They put their login password on a sticky note on their
computer monitor. They put their corporate computer
dial-in number on a notebook and leave it in a hotel room.
Mr. Smith, or HackerDude, cant stand this. Its his
job to keep Newbies computers safe; that makes Newbie
Inc. employees the enemy.
Meanwhile, employees think Mr. Smith is just an
annoying Nervous Nellie, or even an obstacle.
And so the network administrator goes on preaching
and getting frustrated. He can only pick up after his clients
mistakes for so long. He knows someone out there with bad
intentions will eventually break in, with disastrous
consequences, and hell lose his job in fact, a white hat
hack, which exposes the vulnerabilities but doesnt result in
any damage or theft, might be the best thing that could
happen.
Hes unpopular, annoying and preaching a religion no
one wants to hear.
Cut to Vegas in the summer: 3,000 like-minded
computer security nuts some hackers, some crackers,
some in between. But all of them have a respect for
technology, they share in the extreme rhetoric of free
speech, and none of them leaves his password on sticky
notes (OK, almost none of them). And they all hate stupid
people, or put more elegantly, the fact that graphic
interfaces have tricked people into thinking computers are
easier and safer to use than they really are.
At DEF CON, for perhaps the only time all year, Mr.
Smith, a.k.a. HackerDude, doesnt feel alone.
THEIR MESSAGE
See, theres one thing everyone in the security business
hackers, crackers, virus writers, anti-virus companies:
Security doesnt sell. Regular computer users are annoyed
by logins and passwords, by firewalls, by extra dialog
boxes. In the battle of security vs. features, in the consumer
marketplace, security always loses.
This is sacrilege to a hacker, who knows whats
possible, just like its sacrilege for a doctor to watch
someone leave a public bathroom without washing their
hands.
But hackers take no Hippocratic oath (the physicians
pledge to do no harm, respect privacy, etc.), and they have
discovered that while one e-mail complaint to Microsoft
might get little attention, defacing a government Web page
can garner a front-page story. So armed with
self-righteousness, an extra helping of sarcasm, caffeine,
free time and sometimes good intentions, they set out to
break things to force other companies to fix them.
WHAT THEY DO AT DEFCON
At DEF CON, sure, youll hear seminars on the
simplest ways to bring down a Web server (and almost
constant giggling with each PowerPoint slide). But youll
also hear from law enforcement agencies (and even the
White House), which have learned to take hacker groups
seriously.
Like all conferences, youll hear a lot of
locker-room-style banter about the years dirtiest deeds.
But talk to the right people, and youll get an earful
from groups such as L0pht Heavy Industries, trying to raise
awareness that the most devastating hacks are inside jobs,
even though silly Web page defacements get all the
attention.
Even the Cult of the Dead Cow, which does its best to
maintain its reckless, bad boy image in public, has a softer
side. Sir Dystic, author of the original Back Orifice, is
working on a tool called CDC Protector that will allow Net
users to execute Trojan horse programs without threat of
infecting their machines. The Trojan will be quarantined in
its own memory space.
Of course, it got little of the attention that Back Orifice
2000 received at DEF CON. Why? The raucous release
ceremony, the cult following, the chance to flog Microsoft in
public are just too irresistible for the group. (This is just so
much fun, said one member to me).
DONT BE CONFUSED
I was told again and again that real criminals dont go
to DEF CON; they dont show their faces in a place where
they know federal agents are lurking, and they dont need to
learn how to hack.
But that doesnt mean DEF CON doesnt attract those
who live very near the edge, and that there isnt a lot of
information handed out with a wink and a disingenuous
disclaimer like, Dont use this for illegal purposes.
But its just as easy to find reformed computer
intruders, those who have grown out of the thrill of breaking
into Web sites. This creates an uneasy tension over some
gatherings, as the more conservative hackers slip in points
of perspective (albeit, gently) whenever possible. Like
Attitude Adjuster, a former virus writer who said hes
alarmed at the power that virus writers have today.
DEF CON is a gathering in transition, Im told. It might
be getting too big for its britches. This year it drew perhaps
3,000 attendees; its so large that a big Las Vegas PR firm
was hired to usher press around hardly the thing for an
underground group. Theres even been a bit of an
embarrassment for the Cult of the Dead Cow 48 hours
after the release ceremony, the tool wasnt available on the
groups Web site. Copies of it were being distributed
around the Net, but at least some are infected with the CIH
virus.
NOT ALL BAD OR ALL GOOD
Just like in real life, all hackers arent bad, or good, or
neutral. But they are smart, often annoying, theyre starting
to get our attention, and they do have an important message:
neglect computer security, and something bad will eventually
happen to you.
They might even be the ones to do it.
@HWA
15.0 Computer Experts Will Form the Frontline of Sweden's Defense
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed Maxim Glory
Swedish minister of defense, Björn von Sydow, wants to
introduce military units consisting of "computer freaks",
able to defend Sweden in the event of a computer
based attack, as well as launching a preemptive strike
at the enemy if necessary. They will be a different kind
of soldier, not your average grunt, but they can still
play an important military role, said Björn von Sydow.
According to SVT-text these "soldiers" will be recruited
through the obligatory military service.
Spray - Sorry, Swedish Only
http://www.spray.se/nyheter/index.jsp?cat=6&nr=7
@HWA
16.0 Canadians Plan a Information Protection Centre
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by dis-crete
The Canadian government is planning a national
Information Protection Centre to co-ordinate its cyber
security defenses. The provinces involved in the
initiative are Ontario, Quebec, Manitoba, Alberta and
British Columbia. The national Information Protection
Centre will be used as a means to spread information,
protect government systems, and to help the private
sector against viruses and attempts to break into
computer systems.
The Globe and Mail
http://www.globeandmail.com/gam/National/19990712/UCOMPM.html
National centre planned to fight computer hackers
Manitoba leads bid to protect nation's networks
RICHARD MACKIE
The Globe and Mail
Monday, July 12, 1999
Toronto -- Canadian governments plan to step up efforts to protect their computer systems against increasing
attempts to break into them, with plans to establish a national Information Protection Centre to co-ordinate the
defences.
The need for the centre is growing rapidly as access to so-called hacker technology spreads and as
governments' reliance on computers expands, said Robert Garigue, chief technology and information officer
for Manitoba, which is leading the organization of the new centre.
The other provinces involved in the initiative are Ontario, Quebec, Alberta and British Columbia.
There is also rising pressure on governments to assure customers and citizens that the data on government
computer systems is secure, said Scott Campbell, head of Ontario's information technology systems.
Governments want to increase the use of computers to deliver services, he said. But potential customers "are
saying we have to tackle the privacy issue and the security issue if we're going to fundamentally move forward
aggressively on electronic service delivery."
He said "no one's going to play ball" if governments can't guarantee the security of data and transactions
delivered electronically.
The national Information Protection Centre will also help strengthen the defences of computer systems in the
private sector against viruses and attempts to break in to acquire data or damage the systems, Mr. Garigue
said.
The centre would provide a single location where those responsible for the security of individual computer
systems could report illicit attempts to enter their systems, learn whether an attempt was part of a larger
pattern, and obtain assistance in defending their systems.
Its creation is the extension of an agreement among the chief information-technology officers of several
provinces that each province should establish its own information-protection centre. The agreement was
extended into a nationwide pact, which included the federal government, in May.
A report by Mr. Garigue and his Manitoba officials last month marked a shift in the concept of information
protection, making it a focus of each government's information-technology organization rather than an
afterthought to be dealt with through technology such as virus scanners and firewalls.
Mr. Campbell said because government computers are linked to the Internet, there would be limited benefits if
the provinces and the federal government each had its own information-protection centre.
"We live in a network-centred world. One security problem in one part of the country is a security problem in
another part of the country. If something is in Alberta in the morning, it's in Ontario in the afternoon."
@HWA
17.0 Y2K Commission May Be Renamed Security Commission
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Modify
The chairman of the Senate's Special Committee on the
Year 2000 Technology Problem, Sen. Bob Bennett
(R-Utah), and Senate Majority Leader Trent Lott
(R-Miss.) have held informal discussions about the
possibility of changing the committee's mission when its
current authority expires Feb. 29, 2000. The new
mission if adopted would direct the commission to focus
on government computer security.
Federal Computer Week
http://www.fcw.com/pubs/fcw/1999/0705/fcw-newsy2k-7-5-99.html
JULY 5, 1999
Y2K panel to shift to security
BY DIANE FRANK (diane_frank@fcw.com)
With agencies nearing completion of fixing
computers to avoid the Year 2000 problem, Senate
leaders are considering shifting the focus of the
special Year 2000 oversight committee to what
many government officials see as the next big threat
to government computers: security breaches and
cyberterrorism.
Since its creation in April 1998, the Senate's Special
Committee on the Year 2000 Technology Problem
has studied the impact of the Year 2000 computer
problem on government and the private sector and
has recommended legislation and other action.
The committee has focused on the potential impact
of computer or network failures on banking,
transportation, utilities and other components of the
nation's critical infrastructure.
The committee chairman, Sen. Bob Bennett (R-Utah), and Senate Majority
Leader Trent Lott (R-Miss.) recognize that security vulnerabilities in networks
and computer systems pose a similar threat, as they are subject to attacks
from personnel within agencies or from outside cyber-terrorists, according to
a committee spokesman.
The senators have held informal discussions about the possibility of changing
the committee's mission when its current authority expires Feb. 29, 2000, the
committee spokesman said.
"There are several similar issues and problems that will be faced," he said.
"The kernel of the idea was generated internally by people here at the
committee who were examining critical infrastructure."
Several high-level federal groups and organizations, including the Critical
Infrastructure Assurance Office and the National Infrastructure Protection
Center at the FBI, also focus on computer security and the integrity of the
nation's infrastructure against attacks.
But the government would benefit from congressional attention, said Olga
Grkavac, executive vice president of the Information Technology Association
of America's Enterprise Solutions Division.
"There really is a link between information infrastructure [and] critical
infrastructure in [Year 2000 and security issues] and the hearing track record
that the committee has built up," she said. "The experience the members now
have would be a big plus."
A Senate committee would bring an extra level of discussion to what other
groups on security and critical infrastructure around the government have
raised because the committee could focus on policy and legal questions that
have come up, said Dean Turner, information security analyst with
SecurityFocus.com. "The technology is there to do these things, now the
policy and the law have to catch up with it," he said.
It is important for the committee to look at more than just instances of World
Wide Web site hacking, Turner said. Even though that is the phenomenon
creating the biggest stir right now, it is the least harmful type of attack out
there. "I think that if that's what the committee is going to focus on, then they'll
be wasting their time," he said.
Much of the committee's initial focus should be to educate government and the
public about the need for security, said Bill Larson, chief executive officer of
security company Network Associates Inc.
"I think people do not understand in government the potential for
cyberterrorism and the amount of havoc that can be created," Larson said.
The CIO Council probably would work closely with the new security
committee if the Senate chooses to shift the Year 2000 committee's focus,
said Ed Caffrey, liaison for the CIO Council's Security Committee and a
member of the State Department's Systems Integrity Division. The CIO
Council recently expanded the focus of its Security Committee to include
critical infrastructure and privacy. The council and its committees serve as the
coordinators between federal and state government and the private sector,
Caffrey said. Because the Senate committee probably would serve the same
function, it would make sense for the two groups to work together, he said.
@HWA
18.0 Tempest Exporter Arrested
~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Silicosis
The FBI has arrested Shalom Shaphyr, for trying to
covertly ship van-eck/tempest interception equipment
to Vietnam. Tempest technology is used to intercept
emissions from computer screens or other sources from
several feet away. This type of equipment is barred
from export without proper licensing by International
Traffic in Arms Regulations.
iPartnership
http://www.ipartnership.com/topstory.asp
iPARTNERSHIP Top Story
House International Relations Committee Moves on SAFE Act
7/13/99
iDEFENSE
By Bill Pietrucha
The SAFE Act made it through the House International Relations Committee Tuesday afternoon, but it wasn't a completely
safe trip. H.R. 850, the Security And Freedom through Encryption (SAFE) Act, breezed by on a 33 to 5 full committee vote
but not before being buffeted by a number of amendments diluting the bill's original intention.
As introduced by Rep. Bob Goodlatte (R-Va.), the SAFE Act would allow Americans to use any type of encryption
anywhere in the world and allow any type of encryption to be sold in the United States. The bill also would provide a level
playing field in the global marketplace by permitting the export of generally available software, hardware, and other
encryption-related computer products.
According to Goodlatte, the legislation also would prohibit the government from mandating a back door into people's
computer systems, and states that the use of encryption alone cannot be the basis for establishing probable cause for a criminal
offense or a search warrant.
"Encryption products are the deadbolt locks of the 21st century," Goodlatte said, "This important data scrambling technology
safeguards our privacy in the digital age, making electronic commerce viable and preventing online crime. The American
people deserve to have the strongest encryption technology available to protect themselves in the Information Age."
But International Relations Committee Chairman Benjamin Gilman (R-NY) managed to water down the bill, attaching and
agreeing to a number of amendments.
Declaring the amendments would put the "safe" back into the SAFE Act, Gilman approved an amendment that would require
consultations between the Commerce Secretary, the FBI director and the Drug Enforcement Agency top honcho before
approving encryption exports to "any major drug-transit or major illicit drug producing country."
Gilman also approved other amendments prohibiting encryption product export if evidence existed that implicated the software
in child abuse or child pornograpjhy activities, and extending the export license review period from 15 days to 30 days.
Copyright © 1999 Infrastructure Defense, Inc. All rights reserved.
@HWA
19.0 NcN'99 Con in Mallorca Spain Announced
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Conde Vampiro
J.J.F. Hackers Team has announced the dates and
location for 'No cON Name (NcN´99)' The con will be
held in In Mallorca, Spain on 23-25 of July. Not much
notice but a good excuse to go to Europe.
HNN Cons Page
http://www.hackernews.com/cons/cons.html
@HWA
20.0 Rhino 9 Calls it Quits - goodbye letter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by desig
Rhino9, a security research team has decided to
disband. Several members have taken full time jobs with
a security company. The remaining members have
decided that this is as good a time as any to close up
shop. While the team is disbanding its members will
remain active.
Rhino9
http://207.98.195.250/ (www.rhino9.org isn't resolving)
From their site;
Rhino9 is saying goodbye for now.
3 members of Rhino9 have moved to a far off place to accept a position at a security company with
a good future. The rest of Rhino9 just didnt seem to want to continue on without the other 3 members.
We have enjoyed everything we have done as a team and hope that we have been able to provide the
community with some valuable resources.
We want to thank everyone thats supported us over the years. A special thanks to Ken Williams of
PacketStorm for excellent coverage of everything we did. Sorry to hear of your misfortune bro... JP is
an ass. Thanks to L0pht for advice and tidbits of help over the years. Rhino9 has seen some rough
times and some members come and go... but everyone seems to be doing well.
To the community at large, thanks for everything and I'm sure this wont be the last you see of R9's
members.
Although the team is officially disbanding, its members are still very active.
Thanks Again,
-The Rhino9 Security Research Team
@HWA
21.0 Hotwired and away, 6 yr old fires up toy car and heads for the highway..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by eentity
Seen at http://smog.cjb.net/
From CNN: http://www.cnn.com/US/9907/13/ohio.boy.driver.ap/
6-year-old pilots toy car along Ohio highway
July 13, 1999
Web posted at: 6:57 AM EDT (1057
GMT)
FAIRFIELD, Ohio (AP) -- A
6-year-old boy who slipped
away from his day care center
managed to hot-wire a toy
vehicle and drive it for a mile
along a bustling state highway,
authorities said.
An alarmed motorist called police to say she was stunned to see little John T.
Carpenter piloting the toy alongside regular-sized vehicles just outside
Cincinnati.
Authorities said they were investigating how John got away from Kiddie
Kampus Pre-School and Day Care Center on Friday. Police said his
disappearance went undetected until officers contacted the center more than
an hour later.
The boy apparently wandered away from the center, then came upon a mini
Monster truck-type toy parked outside ReRuns for Wee Ones, a children's
resale shop.
"I had the wires unhooked so no one could ride off in it, but he reconnected
the wires without anyone seeing him, took off the price tag and rode away,"
co-owner Trisha Taylor said Monday.
"I was just floored. I couldn't believe it. This kid is only 6, and he had to
have lifted up that hood and knew which wires to put together," Taylor said.
John was unhurt and police returned him to his mother.
The Butler County Children Services Board said it will investigate and
determine what action might be needed at Kiddie Kampus, said Jon Allen, a
spokesman for the Ohio Department of Human Services.
An employee of Kiddie Kampus declined comment to The Cincinnati
Enquirer. The boy's mother did not return messages left by the newspaper.
@HWA
22.0 The TRANSFER CAPACITOR (TCAP) BASED 90 Gigabyte Storage Drive.
~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by eentity
From http://smog.cjb.net/
"Described as a "Poker Chip Sized" solid state disk drive, the
new semiconductor could be seen in service by the end of 1999
or early in the year 2000. The device can store over 90 billion
characters of information, the capacity of 15 Digital Video
Disks, or 112 ordinary CD-ROM's", the speed of access is said
to be "limited by the computer it is connected to, reading a full 1
million bytes of information could take as little as 10
nanoseconds".
Estimated price for the "Hard Drive" version of the 090b8:
$895.
Read more @ accpc. http://www.accpc.com/tcapstore.htm
@HWA
23.0 Sony finished the Glasstron.VR headset
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by eentity
from http://smog.cjb.net
"PC Glasstron® is a unique head mounted display that creates a
high resolution, virtual 30" image when connected to a notebook
computer or video source. With built-in ear buds for stereo
sound it has full multimedia capability making it ideal for both
business and entertainment applications. Its internal dual LCD
panels create an impressive, large screen, personal and private
experience in a foldable, 1/4 lb. package (excluding
sub-chassis). "
Read and get them @ Sony http://www.ita.sel.sony.com/products/av/glasstron/.
@HWA
24.0 NIST Offers Security Accreditation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
The National Institute of Standards and Technology has
announced the creation of The National Voluntary
Laboratory Accreditation Program, an accreditation
program for laboratories that test commercial
information technology security products for compliance
with federal and international standards. The NVLAP will
evaluate laboratories for their accordance with the
National Information Assurance Partnership's Common
Criteria Evaluation and Validation Scheme.
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0712/web-nist-7-12-99.html
JULY 12, 1999 . . . 18:10 EDT
NIST announces accreditation program for IT labs
BY DIANE FRANK (dfrank@fcw.com)
The National Institute of Standards and Technology today announced the
creation of an accreditation program for laboratories that test commercial
information technology security products for compliance with federal and
international standards.
The National Voluntary Laboratory Accreditation Program will evaluate
laboratories for their accordance with the National Information Assurance
Partnership's Common Criteria Evaluation and Validation Scheme.
NIST and the National Security Agency created the NIAP and the common
criteria scheme to make it easier for federal agencies to choose commercial IT
security products that meet certain standards. The NIAP Validation Body will
review the test reports from the labs and issue certificates for the products.
NIST will periodically assess the labs for reaccreditation.
NIAP also is working toward a Common Criteria Mutual Recognition
Agreement with similar organizations in five other countries to set a
wider-reaching common standard for security products.
@HWA
25.0 Spanish Civil Guard Arrest Electronic Intruder
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Ldm-Beaudet
The Spanish Civil Guard (Police) have announced than a
22 year old Spanish man has been arrested for breaking
into the Home Office's network in order to steal data.
The man, who's identity remains anonymous, broke
through the computer's security and tried, without
success to gain access to confidential information to
one of his free e-mail addresses. The man has been
arrested in the Murcie's area (South-east of Spain) as a
result of operation 'Yankee' that lasted more than a
year. The Civil Guard collaborated with the Los Angeles
Justice Department in order to identify the owner of the
e-mail address.
Yahoo News - French
http://www.yahoo.fr/actualite/19990714/multimedia/931944780-yaho069.140799.113344.html
@HWA
26.0 303.org Needs A Home
~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by netmask
The rash of ISPs crumbling as soon as they get a letter
threatening to sue is becoming a major issue. It does
not matter if the threat is real or the allegations well
founded most ISPs refuse to take a stand and buckle at
the first hint of legal wranglings. 303.org and
netcrimminals.org has succumbed to such an attack.
They are desperately looking for someone to host either
site. They need an ISP who supports free speech, and
wants to do good for the community to host them.
303.org provides useful, but sometimes controversial
services and information for free, as well as a few text
mirrors. Netcriminals.org is working to inform the public
about alleged criminals such as JP from Antionline, CPM
from Happy Hacker, and Spy King from Codex Data
Systems. The site has great things coming for it, if it
can find an ISP with a small pair of balls to host it.
Send mail to Netmask if you are interested in helping
host either site or need more info.
mailto:netmask@303.org
@HWA
27.0 CyberCop Sting Now Shipping
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
Designed to silently trace and track bad guys, CyberCop
Sting records and reports all intrusive activity. CyberCop
Sting operates by creating a series of fictitious
corporate systems. The Sting product creates a decoy,
virtual TCP/IP network on a single server or workstation
and can simulate a network containing several different
types of network devices. Each virtual network device
has a real IP address and can receive and send
genuine-looking packets. Each virtual network node can
also run simulated daemons, such as finger and FTP.
Sting can also perform IP fragmentation reassembly and
TCP stream reassembly on the packets destined to
these hosts. (Hmmmm, how long before the
underground figures out how to detect and avoid such
a system?)
Yahoo PR News Wire
http://biz.yahoo.com/prnews/990714/ca_ntwrk_a_1.html
Wednesday July 14, 8:02 am Eastern Time
Company Press Release
SOURCE: Network Associates, Inc.
Network Associates Ships CyberCop Sting - Industry's First 'Decoy' Server
Silently Traces and Tracks Hacker Activity
CyberCop Line is First in Security Industry to Scan, Monitor And Apprehend Intruders
SANTA CLARA, Calif., July 14 /PRNewswire/ -- Network Associates, Inc. (Nasdaq: NETA - news) today
announced the immediate availability of its CyberCop Sting software, a new ``decoy'' server that
silently traces and tracks hackers, recording and reporting all intrusive activity to security
administrators. CyberCop Sting, an industry first, is an integral component of the CyberCop intrusion
protection software family which also includes CyberCop Monitor, a real-time intrusion detection
application that monitors critical systems and networks for signs of attack (see related release) and
CyberCop Scanner, the industry's most highly-rated network vulnerability scanner. CyberCop Sting
addresses the most unfulfilled need in intrusion protection products today by allowing IS managers to
silently monitor suspicious activity on their corporate network and identify potential problems before
any real data is jeopardized.
CyberCop Sting operates by creating a series of fictitious corporate systems on a specially outfitted
server that combines moderate security protection with sophisticated monitoring technology. The Sting
product creates a decoy, virtual TCP/IP network on a single server or workstation and can simulate a
network containing several different types of network devices, including Windows NT servers, Unix servers
and routers. Each virtual network device has a real IP address and can receive and send genuine-looking
packets from and to the larger network environment. Each virtual network node can also run simulated daemons,
such as finger and FTP, to further emulate the activity of a genuine system and avoid suspicion by would-be
intruders. While watching all traffic destined to hosts in its virtual network, Sting performs IP fragmentation
reassembly and TCP stream reassembly on the packets destined to these hosts, convincing snoopers of the
legitimacy of the secret network they've discovered.
``More than 60 percent of all security breaches are caused by authorized employees or contractors already
inside the firewall,'' said Wes Wasson, director of product marketing for Network Associates. ``CyberCop
Sting gives security administrators, for the first time ever, a safe way to observe and audit potentially
dangerous activity on their networks before it becomes a problem.''
CyberCop Sting provides a number of benefits for security administrators, including:
* Detection of suspicious activity inside network; Log files serve to
alert administrators to potential attackers prying into reserved areas.
* Ability to record suspicious activity without sacrificing any real
systems or protected information.
* Virtual decoy network can contain multiple "hosts" without the expense
and maintenance that real systems require.
* CyberCop Sting software's virtual hosts return realistic packet
information.
* CyberCop Sting logs snooper activity immediately, so collection of
information about potential attackers can occur before they leave.
* CyberCop Sting requires very little file space but creates a
sophisticated virtual network.
Network Associates' CyberCop Intrusion Protection suite is a collection of integrated security tools developed
to provide network risk assessment scanning (Scanner), real-time intrusion monitoring (Monitor) and decoy trace-
and-track capabilities (Sting) to enhance the security and survivability of enterprise networks and systems. The
suite is also enhanced by the development of technology and research derived from Network Associates' extensive
product line, and includes industry-first features such as AutoUpdate, modular construction, and Active Security
integration to provide extensive product integrity. A Network Associates white paper on next-generation intrusion
detection is available at http://www.nai.com/activesecurity/files/ids.doc.
Pricing and availability
CyberCop Sting is free with the purchase of CyberCop Monitor, Network Associates' new real-time intrusion
detection software. Sting is also available as part of the full CyberCop suite, which also includes CyberCop
Scanner, CyberCop Monitor and the CASL Custom Scripting Toolkit. The CyberCop Intrusion Protection
suite is priced at $17 per seat for a 1,000 user license.
With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of enterprise network
security and management software. Network Associates' Net Tools Secure and Net Tools Manager offer best-of-breed,
suite-based network security and management solutions. Net Tools Secure and Net Tools Manager suites combine to
create Net Tools, which centralizes these point solutions within an easy-to-use, integrated systems management
environment. For more information, Network Associates can be reached at 408-988-3832 or on the Internet at
http://www.nai.com .
NOTE: Network Associates, CyberCop, and Net Tools are registered trademarks of Network Associates and/or its
affiliates in the United States and/or other countries. All other registered and unregistered trademarks in
this document are the sole property of their respective owners.
SOURCE: Network Associates, Inc.
(Interesting toy to play with i'd imagine, hone your skills on your own VPN first? hehe. btw the url on the
white paper gives me a 404 error too so go figure... - Ed)
@HWA
28.0 cDc Issues Public Apology About Infected BO2K
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by omega
32 original copies of BO2K where handed out at Defcon
on CD. All with personalised signatures from cDc
members. Unfortunatley some, if not all, where infected
with the CIH virus. cDc has said that this was
completley unintentional and have posted a public
apology on thier website.
The Cult of the Dead Cow
http://www.cultdeadcow.com
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2294628,00.html
Copies of BO2K available on the official BO2K web site
are not infected and are available for download. cDc
has said that as of 9pmEST Thursday night that there
has been over 50,000 downloads of the software from
the official site. This demand has caused the web site
to be unreachable at times.
BO2K
http://www.bo2k.com
ZDNET;
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Back Orifice CDs infected with CIH virus
By Luke Reiter, CyberCrime, and Joel Deane, ZDNN
July 15, 1999 3:51 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2294628,00.html
UPDATED 6:33 PM PT
Cult of the Dead Cow confirmed Thursday that official CD-ROM versions of its controversial
Back Orifice 2000 program are infected with the CIH virus.
"There must have been a virus on the duplicating machine and we didn't know about it," cDc
member DilDog said in a phone interview.
"This incident is unfortunate and we are doing what we can do to
rectify it. We can't apologize enough.
"We screwed up," he said.
cDc, which distributed 32 official CD-ROM versions of BO2K at the
DEF CON hacking convention last weekend, had previously denied
that its CD-ROMs were infected with Win95.CIH, a virus that
reformats hard drives and, on some machines, can erase the BIOS information that the computer
needs to operate.
Web version clean
Although an embarrassing publicity snafu for the high-profile hacking group, the CIH incident
doesn't affect cDc's method for mass distribution of BO2K -- the Web.
Like its predecessor, Back Orifice, BO2K was released on the Web on Wednesday, where it is
available for free download.
PC Week Labs senior analyst Jim Rapoza, who downloaded and tested the Web-version of
BO2K, confirmed that the Web version is virus-free. DilDog said that the Web version of the
program is "absolutely clean."
DilDog said cDc mistakenly believed that only pirated copies of BO2K -- burned and distributed
at DEF CON within 45 minutes of the hacking tool's splashy debut -- were infected with CIH.
However, cDc changed its tuned after several anti-virus firms and ZDNN reported finding CIH on
official CD-ROMs -- confirming that the executable files in the CD-ROM were infected.
"We would like to thank various individuals profusely for pointing this out to us," DilDog said.
cDc member Count Zero, who gave ZDNN its CIH-infected BO2K CD-ROM with "Virus Free"
written on the case, said the incident was not malicious.
"We are not perfect ... It was human error. Our error. We weren't trying to do anything
malicious," he said.
'We do accept responsibility'
DilDog said he couldn't explain exactly how the CD-ROMs were infected with CIH; however, it
appears the infection occurred before DEF CON, during the duplication of the official BO2K
CD-ROMs.
"On my way to DEF CON I burned one CD with a series of stuff I needed (including the
executable files for BO2K). All of this stuff was scanned ... nothing contained anything bad," he
said. "As a last minute thing, we decided to make some duplicates to hand out at DEF CON."
DilDog said he handed the master CD-ROM to a "third party ... a very trusted friend of mine"
who burned 25 copies of BO2K, using his PC. Those copies were identified with white cDc
labels.
"It appears that the machine that we used in the duplicates had a virus on it," DilDog said. "We do
accept responsibility for not having scanned the final copies of the CDs, but the master from which
they were all duplicated was scanned and had nothing on it. So it must have been one of those
flash in the pan kind of things where we had a virus apparently on the duplication machine and we
didnt know about it."
By DilDog's count, 22 of those infected copies were handed out during BO2K's debut on
Saturday. Within 45 minutes of the BO2K debut, cDc began hearing reports of infected BO2K
copies from DEF CON attendees, who already had pirated copies of the official CD-ROMs.
Both Count Zero and DilDog said they mistakenly believed that the official CD-ROMs were virus
free, and that only the pirated copies were infected. Count Zero said he then took one of the
remaining official CD-ROMs and, without scanning, burned another 10 official copies of BO2K.
"My error was I assumed that the original was virus free," Count Zero said.
Count Zero labeled those 10 new versions of BO2K with cDc stickers and wrote "Virus Free --
Count Zero" on the CD-ROMs' jewel cases. He then handed out those 10 CD-ROMs. ZDNN
received one of those "Virus Free" copies of BO2K, which Norton's Anti-Virus found contained
CIH.
Believing its BO2K copies were virus free, DilDog said cDc discounted initial reports of CIH
infection. "It was only one or two days ago, I guess, that we got word from people that it was our
CDs," he said.
Since then, DilDog said, cDc has run virus scans on all its PCs, but every machine has tested
clean. "We are really at a loss as to how it got on there," he said. "There must have been a virus on
the duplicating machine and we didn't know about it."
ZDNN's Robert Lemos contributed to this story.
@HWA
29.0 California Golf Course Computers Attacked
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
The computer systems at the Ocean Trails golf course
on the Palos Verdes Peninsula have been broken into.
The devestating attack wiped out files ranging from
payroll data to email. The intruders left a message for
developers on a company computer terminal that read,
"Got ya . . . !"
LA Times
http://www.latimes.com/excite/990713/t000062441.html
Golf Course Struck by Landslide Gets Hit by Hackers
Crime: Vandals putter around with computer at Ocean Trails, where last
month part of the 18th hole fell into the Pacific.
By JEAN MERL, Times Staff Writer
Computer vandals have hacked their way into the computer
system at the Ocean Trails golf course on the Palos Verdes
Peninsula, creating another setback for the seaside luxury course
that lost part of its 18th hole last month in a landslide.
The weekend vandalism, which wiped out files ranging from
payroll data to correspondence, "is devastating," said Kenneth
Zuckerman, one of several members of the family of longtime
landowners who have spent almost 15 years on the project.
"I think all the negative publicity associated with this project has
somehow influenced someone whose head isn't screwed on right to
do something malicious," Zuckerman said.
He said the hacker, or hackers, left a message for developers on
a company computer terminal that read, "Got ya . . . !"
Zuckerman said he and the company's head accountant were
working Sunday on a computer in offices at the golf course
construction site in Rancho Palos Verdes when "she noticed things
just seemed to have disappeared. We contacted our service
company and they said it looked like somebody had hacked the
system through our Internet connection. . . . Then the message
appeared on the screen."
Zuckerman said he reported the incident to the Los Angeles
County Sheriff's Department and the FBI. Deputies at the Lomita
sheriff's station said they took a report on Sunday and forwarded
copies to detectives and to investigators in a special unit set up to
investigate computer crime.
A spokeswoman for the FBI's local office said she could not
comment on whether the agency has received a report or opened
an investigation. She said, however, that any such report would be
reviewed for a possible violation of federal law.
The new course, with its $200 weekend greens fees and
breathtaking ocean views, was nearing completion when a landslide
on June 2 sent about half the 18th hole into the Pacific; a county
sanitary sewer line running beneath the course also broke off in the
slide.
Tests are still underway to determine the cause of the slide, but it
has generated fresh controversy over development in the area,
which has both ancient and active landslides.
The Rancho Palos Verdes City Council has scheduled a session
for next Tuesday to discuss Ocean Trails.
Meanwhile, cracks developed in a roadway about 200 yards
east of the course almost three weeks ago, raising further concerns
about land stability in the area.
Public Works Director Dean Allison said the land beneath Palos
Verdes Drive South--a major, scenic road on the
peninsula--occurred with settling of a landfill beneath the road,
which was built in the 1940s. The settling could have been caused
by a leaking sewer line or by temporary irrigation to establish a
newly restored native vegetation at Ocean Trails, Allison said.
Workers built a bypass around the faulty sewer line last week,
the irrigation has stopped and the road has been patched, Allison
said, adding that the city will continue to monitor the road but
believes it has the problems solved.
Zuckerman, who says that the brief and light irrigation could not
have been responsible for the roadway cracks, said the computer
hackers made a lot of extra work for his employees but did nothing
that will keep the course from opening.
"There were no secrets, nothing of value to anyone but
ourselves, but it is a terrible thing to do to a business," Zuckerman
said. "It means an awful lot of extra work for our already
hard-working employees."
"We've bent over backwards to try to be very responsible here,
and to have someone come along and do this is very discouraging,"
Zuckerman said.
Sheriff's Det. Michael Gurzi of the department's expanding High
Tech Crimes Detail said there has been a dramatic increase of
incidents of computer vandalism.
Sometimes it is done to steal trade secrets or help with a hostile
company takeover, but other times it is done just to inflict pain on
the victim.
"If [the hackers] are not as sophisticated as they think they are,
they can be traced," Gurzi said. "But if they really know what they
are doing, sometimes they can disguise themselves."
@HWA
30.0 Selling Your Privacy
~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
Do people want privacy or not? The most recent survey
seems to indicate that most people are more than willing
to give out personal information for a few trinkets,
cents off at the grocery store or other doodads. Are
consumers being swindled? Are they getting fair market
value for thier personal info?
NY Times Syndicate
http://199.97.97.16/contWriter/cnd7/1999/07/15/cndin/0987-0531-pat_nytimes.html
AltaVista is the next company to do just that. By giving
away free Internet access in exchange for personal
information it reinforces the idea that it is ok to sell off
your personal info.
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2294519,00.html
NY Times Syndicate
Privacy? Net Users Willing to Swap Data for Freebies
ALICE WANG
c.1999 Bloomberg News
HACKENSACK, N.J. - Most Internet users say collecting personal information in exchange for
free products and services doesn't violate their privacy as long as the policies are explained, a
new survey has found. The survey, conducted by Privacy & American Business and Opinion search Corp.,
found that 86 percent of the Internet users it polled support such free offers. Fifty-three percent
say they would participate in an information-for-benefits program, provided the company explained how
the information would be used. Companies such as Free-PC Inc. swap products and services for
personal information and targeted advertising. Free-PC, an idealab Company based in Pasadena, California,
gives Compaq Computer Corp.PCs, Internet access and e-mail to customers who fill out detailed
questionnaires that are used to determine which advertisements appear on their computer screens.
Many companies, such as Free-PC, use the information to sell advertising. Some sell the information itself,
which privacy advocates find alarming.
`Some privacy advocates consider it a `dangerous threat to Net privacy' for Web sites to offer consumers
free products in exchange for personal information,'' Dr. Alan Westin, head of Privacy & American Business,
said in a statement. Westin's survey results suggest that such concerns may be overblown.
No Surprise?
The survey's findings ``aren't surprising,'' said Steve Chadima, vice president of marketing at Free-PC.
The closely held company has received more than 1.25 million applications for its free machines. ``People know
what they're getting in to,'' Chadima said. The company began shipping its first 10,000 free PCs at the end of June.
Still, 82 percent of the Internet users polled say privacy policies matter when deciding whether to trade information
for freebies, the survey found. Only 14 percent said privacy policies wouldn't figure into their decision, as long
as they got the benefit.
Some companies, including International Business Machines Corp.,have made privacy matters an issue when advertising online.
The world's largest computer company said in March it will withdraw ads from Internet sites without policies that safeguard
privacy in response to consumer concerns about disclosing personal information.`Our privacy policy is very, very strict,''
said Free PC's Chadima. ``We never give out personal information for any reason.'' Privacy & American Business, a non-profit think tank based in
Hackensack, New Jersey, surveyed 457 Internet users drawn from a representative sample of 1,014 adults.
-----
; (The Bloomberg web site is at http://www.bloomberg.com)
@HWA
31.0 Geek Pride 99
~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Jordan
This isn't really a con but we thought it deserved
mentioning. Geek Pride 99 will be held on October 1, 2
and 3, 1999 Boston, Massachusetts. They have a pretty
impresive line up of speakers. What is Geek Pride? I
don't know but it sounds cool.
Geek Pride
http://www.geekpride.org/gp99/
@HWA
32.0 Woz Speaks on Pirates of Silicon Valley
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Ryan
I know this is weeks old but Steve Wozniak is still
updateing his web site with new comments on the made
for TV drama "Pirates of Silicon Valley". In case you
forgot the show tried to detail the events surronding
the early days at Apple and Microsoft. Steve Wozniak
has a unique perspective and I never tire of reading his
comments. If you haven't visited the site since the
show aired it is worth a second look.
woz.org
http://www.woz.org/woz/presponses/commets.html
@HWA
33.0 Project Gamma Down for a while due to server relocation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
An affilliate member and mirror site and general alround good guys, Project Gamma are
going to be down for a few days while their ISP sorts its shit out, this was received in
our inbox from WHiTe VaMPiRe of Project Gamma;
Greetings,
"Darkridge Security Solutions, the organization providing the hosting
for Project Gamma, will be relocating their networks. This move could take
up to a period of one to two weeks. Project Gamma will most likely go down
July 14. We will be back up as soon as possible. We will continue to update
the site until it is no longer accessible."
I would appreciate it if you people would be kind enough to post
something regarding this on your Web sites.
@HWA
34.0 CERT ADVISORY CA-99-08
~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 3:37 pm CET
CERT released advisory on a buffer overflow vulnerability has been discovered in the
Calendar Manager Service daemon, rpc.cmsd. The problem is - Remote and local
users can execute arbitrary code with the privileges of the rpc.cmsd daemon,
typically root. Under some configurations rpc.cmsd runs with an effective userid of
daemon, while retaining root privileges. Read the advisory below
CERT Advisory CA-99-08-cmsd
Originally released: July 16, 1999
Source: CERT/CC
Systems Affected
* Systems running the Calendar Manager Service daemon, often named
rpc.cmsd
I. Description
A buffer overflow vulnerability has been discovered in the Calendar
Manager Service daemon, rpc.cmsd. The rpc.cmsd daemon is frequently
distributed with the Common Desktop Environment (CDE) and Open
Windows.
II. Impact
Remote and local users can execute arbitrary code with the privileges
of the rpc.cmsd daemon, typically root. Under some configurations
rpc.cmsd runs with an effective userid of daemon, while retaining root
privileges.
This vulnerability is being exploited in a significant number of
incidents reported to the CERT/CC. An exploit script was posted to
BUGTRAQ.
III. Solution
Install a patch from your vendor
Appendix A contains information provided by vendors for this advisory.
We will update the appendix as we receive more information. If you do
not see your vendor's name, the CERT/CC did not hear from that vendor.
Please contact your vendor directly.
We will update this advisory as more information becomes available.
Please check the CERT/CC Web site for the most current revision.
Disable the rpc.cmsd daemon
If you are unable to apply patches to correct this vulnerability, you
may wish to disable the rpc.cmsd daemon. If you disable rpc.cmsd, it
may affect your ability to manage calendars.
Appendix A: Vendor Information
Hewlett-Packard Company
HP is vulnerable, patches in process.
IBM Corporation
AIX is not vulnerable to the rpc.cmsd remote buffer overflow.
IBM and AIX are registered trademarks of International Business
Machines Corporation.
Santa Cruz Operation, Inc.
SCO is investigating this problem. The following SCO product contains
CDE and is potentially vulnerable:
+ SCO UnixWare 7
The following SCO products do not contain CDE, and are
therefore believed not to be vulnerable:
+ SCO UnixWare 2.1
+ SCO OpenServer 5
+ SCO Open Server 3.0
+ SCO CMW+
SCO will provide further information and patches if necessary
as soon as possible at http://www.sco.com/security.
Silicon Graphics, Inc.
IRIX does not have dtcm or rpc.cmsd and therefore is NOT vulnerable.
UNICOS does not have dtcm or rpc.cmsd and therefore is NOT
vulnerable.
Sun Microsystems, Inc.
The following patches are available:
OpenWindows:
SunOS version Patch ID
_____________ _________
SunOS 5.5.1 104976-04
SunOS 5.5.1_x86 105124-03
SunOS 5.5 103251-09
SunOS 5.5_x86 103273-07
SunOS 5.3 101513-14
SunOS 4.1.4 100523-25
SunOS 4.1.3_U1 100523-25
CDE:
CDE version Patch ID
___________ ________
1.3 107022-03
1.3_x86 107023-03
1.2 105566-07
1.2_x86 105567-08
Patches for SunOS 5.4 and CDE 1.0.2 and 1.0.1 will be available
within a week of the release of this advisory.
Sun security patches are available at:
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-li
cense&nav=pubpatches
_________________________________________________________________
The CERT Coordination Center would like to thank Chok Poh of Sun
Microsystems, David Brumley of Stanford University, and Elias Levy of
Security Focus for their assistance in preparing this advisory.
______________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-99-08-cmsd.html.
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from http://www.cert.org/CERT_PGP.key.
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available from
our web site http://www.cert.org/.
To be added to our mailing list for advisories and bulletins, send
email to cert-advisory-request@cert.org and include SUBSCRIBE
your-email-address in the subject of your message.
Copyright 1999 Carnegie Mellon University.
Conditions for use, disclaimers, and sponsorship information can be
found in http://www.cert.org/legal_stuff.html.
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
Revision History
July 16, 1999: Initial release
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN49o/3VP+x0t4w7BAQEHXgP/RfdP8Nriz1X3wenCtQJmjkn2knggAP4K
2/PsW6SGxU43NUw+GkXS0FFZew/wyw/zCh+O/kgfa0f7hN1+2znZn1gfDZGOGNLf
OEkf5tuWikdJ1Iis3Lnl4mrVPOqpUX893bYtdVVyag/CZ6Yj24PjrZAfH1kIh5to
TVwdlvIKXrA=
=VxcL
-----END PGP SIGNATURE-----
@HWA
35.0 CODE NAME JANUS
~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 3:28 pm CET
Microsoft will, till March 2000, release new operating system with Windows
NT legacy - Windows 2000 Data Center Server (code name Janus). It will, as
Microsoft officials say, be a good competitor to UNIX. Janus will have all advantages
of UNIX, and it will have ability of transferring current job to one of other 8 processors,
if the main one fails.
@HWA
36.0 ANOTHER ONE ON BO2K
~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 3:15 pm CET
As ISS interpreted Back Orifice 2000 as a "child play", other security vendors, like
Data Fellows and Symantec Anti-Virus, immediately attacked that point of view. Their
opinion is that open source of BO2K is a very big problem. Aled Miles, general
manager at Symantec Anti-Virus said: "Anyone who calls BO2k child's play
misunderstands the situation. If one person gets into someone else's computer and
steals his or her data, that is a problem. It will probably not proliferate like Melissa,
but that is not the point." Read the article below.
Hackers: BO2K 'child's play' remark draws fire
Fri, 16 Jul 1999 16:07:52 GMT
Will Knight
Computer security experts in the UK have attacked US firm, Internet Security Solutions (ISS) for describing Back Orifice 2000 (BO2K) as
"child's play".
"That does seem a bit glib," says Paul Brette of Data Fellows Anti-Virus in the UK. "We are worried about the fact that it is open-source.
We could see that being a big problem because polymorphic changes to the virus signature would be relatively easy to make and would
make it more difficult to detect."
The BO2K virus was released by media-savvy hacking group Cult of the Dead Cow to coincide with the Def Con 7.0 computer security
extravaganza held in Las Vegas last weekend. It is designed to enable remote access to Windows 95, 98 and NT operating systems.
The Cult's "Minister for Propaganda" Deth Vegetable published a press release describing BO2K as, "the most powerful application of its
kind which puts the administrator solidly in control of any Microsoft network."
But Brette sees other reasons to be concerned by the release of BO2K, He is particularly worried by the fact that the Cult of the Dead Cow
has been careful to remain anonymous, while giving away this "administrative tool" for free. "It makes you wonder what sort of motives they
really have, what they could be hiding," he says.
Aled Miles, general manager at Symantec Anti-Virus believes BO2K is anything but child's play. "Anyone who calls BO2k child's play
misunderstands the situation. If one person gets into someone else's computer and steals his or her data, that is a problem. It will probably not
proliferate like Melissa, but that is not the point."
Strangely, Microsoft Window's Marketing Manager, Francess Fawcett, believes there is little cause for alarm, despite Symantec's reasoning.
She believes the fact that ISS could decode it's source code in under 24 hours shows the simplicity of the program, and says they will not be
treating it differently to any other virus."
A bizarre example of how well publicised Back Orifice has been is that ISS reportedly asked the Cult of the Dead Cow for a Beta version of
the program. The response was that this would be supplied in return for, "one million dollars and a monster truck."
@HWA
37.0 BUG IN AMAVIS VIRUS SCANNER
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 3:04 pm CET
Chris McDonough wrote to BugTraq about a problem in AMaViS virus scanner for
Linux (http://satan.oih.rwth-aachen.de/AMaViS). Read about the exploit below.
The AMaViS incoming-mail virus scanning utility (available at
http://satan.oih.rwth-aachen.de/AMaViS/) for Linux has problems.
I tried to contact the maintainer of the package (Christian
Bricart) on June 26, again several times over the course of
the last month, but I have not received anything from him
and the AMaViS website does not yet acknowledge the problem
or provide a fix. However, on Jun 30, co-contributors to
the package (Juergen Quade and Mogens Kjaer) responded
quickly with an acknowledgement of the problem and a few
fixes. Because the co-authors do not maintain the
downloadable package, however, the latest downloadable
version of AMaViS (0.2.0-pre4 and possibly earlier) still
has a bug which allows remote users to send arbitrary
commands as root to a Linux machine running the AMaViS
scripts.
Exploit:
Send a message with a virus-infected file attachment. Use
something like "`/sbin/reboot`@dummy.com" as your reply-to
address in your MUA when sending the message. When the
AMaViS box receives the message, it will go through its
scripts, find the virus, construct an email message to send
back to the sender of the virus-infected file... line 601+
in the "scanmails" script:
cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $7" $2
V I R U S A L E R T
Our viruschecker found a VIRUS in your email to "$7".
We stopped delivery of this email!
Now it is on you to check your system for viruses
For further information about this viruschecker see:
http://aachalon.de/AMaViS/
AMaViS - A Mail Virus Scanner, licenced GPL
EOF
... the $2 expands to a shell command (e.g. "/sbin/reboot")
which runs as root.
To solve it, Juergen Quade created the following diff
file. It represents the difference between his "secured"
and "insecure" scanmails shell script file. I solved it
differently, using a procmail recipe, but this will work
too:
--- scanmails.orig Wed Jun 30 12:54:02 1999
+++ scanmails Wed Jun 30 12:54:15 1999
@@ -122,6 +122,50 @@
deliver=/usr/bin/procmail
+
############################################################
###
+# Chris McDonough informed us, that it is possible to
execute #
+# programs by sending an email, wich contains a virus and
has #
+# as return address something
like: #
+#
`/sbin/reboot`@softing.com #
+#
or
#
+# $(/sbin/reboot)
@softing.com #
+# The execution of the command (/sbin/reboot) is done by
the #
+# "mail" program. Therefore we parse the arguments in
order #
+# to substitute those characters to
nothing #
+
#
#
+# Wed Jun 30 11:47:55 MEST
1999 #
+
############################################################
###
+
+# substitute all "`","$(",")" to nothing
+receiver=${7//\`/}
+receiver=${receiver//\$\(/}
+receiver=${receiver//\)/}
+
+sender=${2//\`/}
+sender=${sender//\$\(/}
+sender=${sender//\)/}
+
+if [ "$sender" != "$2" -o "$receiver" != "$7" ] ; then
+ cat <<EOF | ${mail} -s "Intrusion???" ${mailto}
+
############################################################
###
+# Chris McDonough informed us, that it is possible to
execute #
+# programs by sending an email, wich contains a virus and
has #
+# as return address something
like: #
+#
\`/sbin/rebbot\`@softing.com #
+#
or
#
+# \$\(/sbin/rebbot\)
@softing.com #
+# The execution of the command (/sbin/rebbot) is done by
the #
+# "mail" program. Therefore we parse the arguments in
order #
+# to substitute those characters to
nothing #
+
#
#
+# Wed Jun 30 11:47:55 MEST
1999 #
+
############################################################
###
+ $7 or $2 is not a valid Email address
+ (changed to $receiver and $sender)!
+EOF
+fi
+#
+
################################################
# main program #
# -------------- #
@@ -171,8 +215,8 @@
echo xxxxxxxxxxxxxxxxxx`date`xxxxxxxxxxxxxxxxxxxxxxx >
${tmpdir}/logfile
echo ${scanscriptname} called $* >>${tmpdir}/logfile
-echo FROM: $2 >>/${tmpdir}/logfile
-echo TO: $7 >>/${tmpdir}/logfile
+echo FROM: $sender >>/${tmpdir}/logfile
+echo TO: $receiver >>/${tmpdir}/logfile
${metamail} -r -q -x -w ${tmpdir}/receivedmail > /dev/null
2>&1
@@ -597,11 +641,11 @@
################### send a mail back to sender
######################
-cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $7" $2
+cat <<EOF| ${mail} -s "VIRUS IN YOUR MAIL TO $receiver"
$sender
V I R U S A L E R T
- Our viruschecker found a VIRUS in your email to "$7".
+ Our viruschecker found a VIRUS in your email to
"$receiver".
We stopped delivery of this email!
Now it is on you to check your system for
viruses
@@ -614,12 +658,12 @@
############### send a mail to the addressee
########################
-cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM $2" $7
+cat <<EOF| ${mail} -s "VIRUS IN A MAIL FOR YOU FROM
$sender" $receiver
V I R U S A L E R T
Our viruschecker found a VIRUS in a mail from
- "$2"
+ "$sender"
to you.
Delivery of the email was stopped!
@HWA
38.0 E-COMMERCE IS SECURE
~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 3:04 pm CET
IT vendors, analysts and lawyers gathered in London on Thursday to create an
advisory document for the U.K. government about spreading e-commerce business.
The main problem is that people are not aware that their credit card number is most
likely to be stolen in a supermarket, then on the Internet. Frederick Wilson of Lloyds
TSB banking group said: "There is no security problem, but only one problem - people
don't understand. We have to convince customers it is secure".
@HWA
39.0 GAO REPORT ON US NAVY
~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 17th July 1999 on 2:55 pm CET
GAO (US General Accounting Office ), released a report about Y2K situation in US
Navy. "Failure to address the year 2000 problem in time could severely degrade or
disrupt the Navy's day-to-day and, more importantly, mission-critical operations" - the
report says. US Navy answered that they will use some guidelines provided to them
by GAO (for instance mission-critical systems must be fixed by 2000).
@HWA
40.0 GEEKS IN SPACE
~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Friday 16th July 1999 on 12:47 pm CET
Slashdot (www.slashdot.org) announced Geeks in Space - their own radio shown. As
they say it is a show dealing with "News for Nerds, Stuff that Matters". Show will be
run by Rob Malda and Jeff Bates and it will cover stories from Slashdot site, Linux
news , open source and "cool technologies". Show could be heard in Real Audio
format (.rm) , MP3 instant play format (.mu3) and in normal MP3 file (.mp3).
@HWA
41.0 DOD to use Netscape's PKI
~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
15 July 1999
http://jya.com/dod-pki2.htm
Date: Thu, 15 Jul 1999 10:15:02 -0400
From: dlnews_sender@DTIC.MIL
Subject: DOD EXECUTES PKI LICENSE OPTION
To: DODNEWS-L@DTIC.MIL
= N E W S R E L E A S E
= OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE (PUBLIC AFFAIRS)
= WASHINGTON, D.C. 20301
====================================================
No. 333-99
(703)607-6900 (media)
IMMEDIATE RELEASE
July 15, 1999
(703)697-5737(public/industry)
DOD EXECUTES PKI LICENSE OPTION
The Department of Defense has acquired a capability to provide public key infrastructure (PKI) services, as part of its near-term efforts to go "paperless" and
enhance the security of its information systems.
The Defense Information Systems Agency through the Integrated-Computer Aided Software Engineering contract has executed the final option of a DoD-wide
license with Netscape Communications Corporation. The Netscape license provides the Department of Defense and the Intelligence Community with a site license
for a number of Netscape server products as well as the professional version of the Netscape client software.
The Netscape software, specifically the Certificate Management System (CMS) 4.1, will be a part of the pilot DoD public key infrastructure. The CMS 4.1 product
provides functions such as issuing and managing digital certificates, encryption key recovery, support for Federal Information Processing Standard-compliant
hardware cryptography, and support for the Digital Signature Standard.
The deployment of this product is part of the Department's efforts to transition to a paperless environment. With PKI technology, DoD will be able to ensure the
authenticity of digital signatures on contracting documents, travel vouchers, and other forms that obligate taxpayer funds, to authenticate users of information systems,
and protect the privacy of transactions over networks. DoD plans pilot programs in electronic commerce, as well as in the Global Command and Control and
Combat Support Systems. PKI technology is also employed in the Defense Travel System to assure the authenticity of electronic travel transactions.
Details on the products and license can be found on the Internet at http://dii-sw.ncr.disa.mil/Del/netlic.html. Details on downloading the products can be found at
http://netscape.intdec.com/disa/.
-END-
@HWA
42.0 Federal Computer Week: FBI turns on new computer crime fighting system
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
http://www.fcw.com/pubs/fcw/1999/0712/web-fbi-7-15-99.html
JULY 15, 1999 . . . 18:05 EDT
FBI turns on new crime-fighting system
BY L. SCOTT TILLETT (scott@fcw.com)
FBI officials announced today that they have successfully rolled out a
massive new computer system that state and local law enforcement officials
will use to fight crime.
The new system, the National Crime Information Center 2000 -- like the
original NCIC, which the FBI had used since 1967 -- allows crime fighters to
search through 17 databases when investigating crimes or questioning criminal
suspects. The databases include information on stolen guns, deported felons,
missing persons and stolen vehicles, for example.
NCIC 2000 will allow law enforcement officials with special hardware and
software to transmit suspects' fingerprints to confirm their identity and to see if
the suspects are wanted for other crimes. It also will allow the officials to view
mug shots to confirm identities -- a capability the original NCIC did not have.
Law enforcement officers also can use NCIC 2000 to identify relationships
among information in the databases. For example, under the old NCIC, if
someone stole a car and a gun as part of the same crime and if a law
enforcement officer later stopped the car thief on the highway, the officer
could use the system to find out easily that the car had been stolen. But he
would not necessarily know that the car thief might also have a stolen gun.
NCIC 2000 shows the connection, keeping related information on a crime
linked together, FBI spokesman Stephen Fischer said.
The new NCIC 2000 also adds name-search functionality. For example, a
search for the name "James" would return alternate spellings, such as "Jim" or
"Jimmy," Fischer said.
NCIC 2000 went online after years of escalating costs and congressional
finger-wagging. System architects originally envisioned NCIC 2000 costing
about $80 million, but the final price was $183.2 million, Fischer said. The
discrepancy between the original cost and the actual cost came in part
because contractors originally were "overly ambitious" when estimating the
project, Fischer said.
NCIC 2000 went live on July 11, but bugs in the system, as well as FBI
attention on the capture of suspected railroad killer Angel Maturino Resendez,
delayed the unveiling of the system, Fischer said. He added that bugs in NCIC
2000 were fixed by Monday evening. The bugs related to connectivity with
the National Instant Criminal Background Check System, which is used for
approving gun purchases. That system draws on NCIC 2000 and other
databases to approve or disapprove gun purchases.
FBI officials will hold the formal ceremony unveiling NCIC 2000 next month
in Clarksburg, W.Va.
@HWA
43.0 NMRC: Netware 5 Hijack Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
it is possible to hijack a client's NCP (Netware Core Protocol) session and
issue calls to the NetWare server as admin. The requirements are that the connection
is using the IPX protocol and you know the MAC address of the admin's station (In IPX,
the station address is a concatenation of the network segment number and the MAC address)
http://www.nmrc.org/news/spoofncp.txt
_______________________________________________________________________________
Nomad Mobile Research Centre
A D V I S O R Y
www.nmrc.org
Jitsu-Disk [jitsu@nmrc.org]
Simple Nomad [thegnome@nmrc.org]
15Jul1999
_______________________________________________________________________________
Platform : Novell Netware
Application : NDS/NCP
Severity : High
Synopsis
--------
Armed with the MAC address of the Administrator, an intruder can hijack an
Admin's session and issue NCP calls as the the Admin on Netware servers.
Tested configuration
--------------------
The bug was tested with the following configuration :
Novell Netware 5, Service Pack 2 (with IPX configured)
Latest Client Software for Windows 95/98
Also confirmed on Netware 4.x.
Bug(s) report
-------------
This is an old bug. We reported it to Novell over a year ago, and even released
exploit code (see http://www.nmrc.org/pandora/). Since several people had
problems using the exploit code and Novell still hasn't corrected (to our
satisfaction) all of the problems with Netware 5, we've updated the exploit
code in the new Pandora v4, which is now in beta release. While Netware/IP is
the recommended path for Netware 5, most organizations using Netware are still
using Novell's proprietary IPX protocol for server access. IPX is required for
this exploit to work.
In essence, IPX fragmented requests/replies (NCP call 0x68) are not signed if
the packet signature level is not set to 3. Setting it to 3 on the server side
is good, but if the client is set at 1, it is possible to spoof or hijack a
portion of the client's session. If the target client is the Admin, we can tell
the server to make us security equivalent to the Admin. Please refer to the
details at http://www.nmrc.org/pandora/ncp.txt, especially sections 6 and
7, which detail how the attack works.
The new Pandora Online utility
will simply require you insert the MAC address
of the Admin's workstation into a dialog box, and Pandora will handle the rest
of the sniffing required to make the attack work. As always, placement of your
attack box is critical:
---------- ---------- ---------- -------------
| Admin | | Attack | | Router | | Netware 5 |
| Client | | Box | | | | Server |
---------- ---------- ---------- -------------
| | | | |
--------------------------- -------------
So here are the steps:
0. Admin client is Packet Signature Level 1, and server is Packet Signature
Level 3.
1. Attack box gets Admin's MAC address, and inserts it into the Pandora
Online tool. Attacker has the option to adjust other parameters as needed, but
the main one is the MAC address.
2. Admin performs actions dealing with NDS that use fragmented packets (normal
administrator activity will give us the needed packets quickly).
3. Attack box sends forged request to server, making us security equivalent to
Admin.
4. Netware 5 server accepts forged packets.
5. Admin client loses connection from server as its packet sequence is now out
of whack.
6. Attacker adjusts security settings for self so that the attacker has full
access to entire tree, and removes "equal to Admin", so s/he will not show up
on a basic "who's equiv to me" investigation by Admin.
Caveats:
0. This attack will fail in a switched environment since sniffing is involved.
1. This is a race. If the Admin client beats the attacker, the attacker must try
again.
2. Obviously the attacker being on the same Ethernet segment as the Admin will
help considerably in an attack. In theory this should work if you are anywhere
in between the Admin client and the server, although you will need to use the
MAC address of the router interface the Admin's session is coming from. At best,
this may not work at all, but is still theoretically possible.
3. In theory this could be adapted to a Netware/IP environment, as Novell's
TCP/IP stack is vulnerable to sequence number prediction. We have not explored
adapting Pandora exploit code over to a pure IP environment, but will explore
this possibility in future Pandora releases.
Solution/Workaround
-------------------
Use Packet Signature Level 3 everywhere, and make sure clients cannot touch
their own signature settings. LAN Admins should never access a server unless
using Level 3, and the security on the workstation should be restrictive enough
to prevent unauthorized adjustments (i.e. use a locked-down NT client with no
server services running, behind a locked door, although this simply places your
trust in Microsoft). Use switched Ethernet.
Alternately, you can ask Novell to patch things. We did our part a year ago.
Comments
--------
Simple Nomad had to leave Las Vegas right after Black Hat due to a minor
medical emergency at home, and missed DefCon. This advisory was one of the
things slated to be discussed during the DefCon presentation.
As stated, Novell was contacted regarding this bug in June of 1998, 13 months
ago. We got this to work in a lab setting. YMMV.
The new Pandora v4 includes all of the Pandora v3 attacks against Netware 4
updated to work against Netware 5. It was developed with 100% freeware libraries
and compilers. We are proud that this code doesn't look like a normal 95/98/NT,
the GUI was developed on Linux. Pandora v4 is 100% freeware. Source code is
freely available.
We always recommend using the latest versions of Netware with the latest
patches, and using the maximum security settings at all times on Netware
servers.
_______________________________________________________________________________
@HWA
44.0 CNet: IBM offers privacy consulting services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
- IBM has developed a process, using expert tools, to help customers develop privacy policies.
The consulting helps match the selected privacy policy with the appropriate systems and
technology
C|Net http://news.com/News/Item/0,4,39283,00.html?st.ne.fd.tohhed.ni
IBM offers privacy consulting services
By Sandeep Junnarkar
Staff Writer, CNET News.com
July 16, 1999, 6:40 a.m. PT
URL: http://www.news.com/News/Item/0,4,39283,00.html
Riding the raging success of its e-commerce services, IBM today announced consulting services aimed at
helping businesses implement privacy policies, procedures, and technology.
The services will also try to provide insight into how to build consumer trust in in the far-flung
networked world.
IBM's announcement comes at a time of growing concerns over privacy issues on the Internet. An increasing
number of e-commerce sites and portals collect consumer information and many companies place employee
information on access-restricted sites on the Internet so individuals can manage some aspects of their
human resource needs.
The consulting services will be part of IBM's Global Services division. At the core of the services is
a tool-assisted methodology that shows the steps involved and the questions that need to be addressed to
set up the right privacy policies and systems.
Analysts said the services will help users identify "hard," costs such as new systems and upgrades, and
"soft" costs--expenses that customers hadn't considered.
Privacy services are designed to address specific customer requirements and are based on work with IBM
researchers, global service professionals, and industry experts. IBM plans to implement policies and
procedures needed to protect personal information that is collected and maintained on customers and employees.
"The growth of electronic commerce depends on trust," said Gary Roboff, chairman of Banking Industry Technology
Secretariat (BITS) Research & Planning Steering Committee, in a statement. BITS is a organization that focuses
on privacy issues. "These new services can help companies such as banks build that trust, and show individuals
--the customers of our customers--that they are protected by a thoughtful, comprehensive privacy program."
IBM's privacy services also help identify the types of information being gathered and processed, ensuring that
consumers get proper notification of how their personal information will be used.
@HWA
45.0 mod_ssl 2.3.6 Bug Fixes
~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
mod_ssl provides provides strong cryptography for the Apache, the Internet's most
popular web server. This version contains various bug fixes, as well as a new certificate construct for client
authentication
http://freshmeat.net/news/1999/07/15/932074176.html
@HWA
46.0 Clinton authorizes National Infrastructure Assurance Council
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
http://library.whitehouse.gov/PressReleases.cgi?date=2&briefing=8
- text of press release here. The President will appoint up to 30 members to the council, which will seek to
foster cooperation with the public and private sector in the goal of protecting critical infrastructure.
Seen by many as continuing the initial work of the earlier Presidential
Commission for the Protection of Critical Infrastructure
July 15, 1999
REMARKS BY THE PRESIDENT AND PRIME MINISTER EHUD BARAK OF ISRAEL IN PRESS AVAILABILITY
THE WHITE HOUSE
Office of the Press Secretary
______________________________________________________________
For Immediate Release July 15, 1999
REMARKS BY THE PRESIDENT
AND PRIME MINISTER EHUD BARAK OF ISRAEL
IN PRESS AVAILABILITY
Rose Garden
2:29 P.M. EDT
THE PRESIDENT: Good afternoon, ladies and gentlemen. I
am delighted to welcome Prime Minister Barak to Washington. As all
of you know, he is the most decorated soldier in Israel's history.
And as a soldier, as Army Chief of Staff, Interior Minister and
Foreign Minister, he has made immeasurable contributions to his
nation's security and its emergence as a modern, thriving democratic
society, time and again taking on tough tasks and getting them done
right.
Now, as Prime Minister, he has put Middle East peace at
the top of his agenda, telling his fellow citizens that Israel's
triumph -- and I quote -- "will not be complete until true peace,
trust and cooperation reign between Israel and its neighbors."
Mr. Prime Minister, if your mentor, Yitzhak Rabin were
here today, I believe he would be very gratified, seeing the
leadership of his cherished nation in your most capable hands.
For more than half a century, the United States has
stood proudly with Israel and for the security of its people and its
nation. Now, Mr. Prime Minister, as Israel again walks bravely down
the path of peace, America will walk with you, ready to help in any
way we can.
As we have seen before here at this house, as Israelis,
Palestinians, Egyptians and Jordanians have come together, what at
first seems unlikely, even impossible, can actually become reality
when the will for peace is strong. America will help as
you move forward, as you put implementation of the Wye River
agreement back on course, as you work for a final status
agreement; as you seek to widen the circle of peace to include
Syria and Lebanon, and to revitalize talks among Israel and the
Arab world to solve regional problems and build a prosperous
common future. I look forward to our meeting and to
strengthening the bonds between Israel and the United States.
First, Mr. Prime Minister, again, welcome. The podium
is yours.
PRIME MINISTER BARAK: Mr. President, ladies and
gentlemen, I came here as a messenger of the people of Israel who
have called for change and renewal, and I am determined to bring
about change and renewal. I and the people of Israel attach
great importance to the relations with the United States, its
friendship and support, and its invaluable contribution to the
peace process. The United States has always been a true and
tried friend of Israel, and President Clinton personally has
played an important role in changing the Middle East landscape.
I came to Washington following a series of talks with a
number of Middle East leaders. I assured them that we would work
as partners with mutual trust in order to overcome all the
challenges and complications that are still awaiting us down the
street.
We agreed that we need to abide by the previous
agreements signed by all parties, including the Wye Accords. It
is our intention to inject new momentum into the peace process
and to put it back on all tracks. For this, we need American
leadership and support all along the way.
Mr. President, we are on the threshold of the 21st
century and the third millennium. Mothers, fathers and children
all across the Middle East yearn for the dawn of a new era. They
expect us to provide them with a better and safer future. We
cannot let their hopes down. Together, as partners in the search
for peace, we can help transform the Middle East from an area of
confrontation and enmity to a region of peace, security and
prosperity.
I look forward to all my meetings here, and I hope that
this visit will usher in a new era in the peace process and
further deepen American-Israeli relations. Thank you very much.
(Applause.)
Q Mr. Prime Minister --
Q Mr. President --
THE PRESIDENT: Let me tell you -- here's what we'll
do. We'll take a couple of questions from the Americans, and a
couple of questions from the Israelis, but we'll start with a
question from the American press.
Sam?
Q Yes, sir. Mr. Prime Minister, when you say as you
did the other day, words to the effect that the United States
perhaps should step back somewhat and let the parties do more of
the work, what do you mean by that?
And, Mr. President, how would that change U.S.
involvement in the process?
PRIME MINISTER BARAK: I think that the United States
can contribute to the process more as facilitator than as a kind
of policeman, judge and arbitrator at the same time. This was
the tradition when Yitzhak Rabin was leading the peace process.
And I deeply believe that this is the right way to have the best
kind of inference and the best kind of contribution that the
United States can bring into the peace process.
It is clear to all of us that without United States
participation, contribution, and without the leadership that had
been shown in the past by the President -- and I hope will be
shown in the future by the American administration -- we won't be
able to reach a peace. And I'm confident we'll find these
resources and move forward towards peace that all our peoples are
awaiting.
THE PRESIDENT: I agree with what the Prime Minister
said. I thought that the peace process worked best when we were
essentially facilitating direct contacts between the parties and
helping to make sure that there was a clear understanding,
helping to make sure that we were there to do whatever we could
do to, now and in the future, to make sure that it would work.
We took a more active role, in effect, as mediator when
the bonds of trust and the lines of communication had become so
frayed that we were in danger of losing the peace process. And
I did not want that to happen, and I didn't think either side
wanted that to happen. So we did what was necessary to keep it
going. But, obviously, if there is a genuine priority put on
this, there's a sense trust and mutual communication on both
sides -- the people in the region have to live with the
consequences of the agreements they make; it is far better for
them to take as large a role as possible in making those
agreements. And so, to that extent, I agree with the Prime
Minister.
Do you want to call on an Israeli journalist? Is there
anyone --
Q Mr. President, you say that you are waiting for
Mr. Barak as a kid waiting for a new toy. You don't think that
by this remark you make is some kind of patronizing on Mr. Barak,
that you want to play with him? What kind of game do you want to
play with Mr. Barak?
THE PRESIDENT: No, I don't think it's patronizing at
all; it's just the reverse. What I'm saying is that the United
States is a sponsor of the peace process. We have done what we
could consistently for more than 20 years now through all kinds
of administrations to try to advance the peace process. I have
probably spent more time on it than anyone has, and certainly
I've spent a lot of time on it.
But my view is that we should not be in a patronizing
role, we should be in a supportive role. We should do what is
necessary to keep the peace process going. But you heard what
the Prime Minister said. He said that the United States' role
was essential, it was best if it worked as a facilitator. He has
already gone to see all the leaders of the region with whom he
must work -- or many of the leaders of the region with whom he
must work -- which I thought was the right thing to do in the
right order. So I was supporting the position that he took.
PRIME MINISTER BARAK: Wolf Blitzer, you are half
American, half Israel, so you get priority. (Laughter.)
Q Thank you, Mr. Prime Minister. I think what the
previous reporter, Shimon Shiffer (phonetic) was asking the
President -- I don't think the President necessarily understood
the question. Your comment at the Democratic fundraiser in
Florida the other day when you said you were as excited as a
young kid with a new toy about the meetings that you're going to
have with the new Prime Minister, which today have caused some
consternation, headlines in Israel -- that you were referring to
the Prime Minister as a new toy.
THE PRESIDENT: No, no -- I see, yes --
PRIME MINISTER BARAK: May I tell you, Wolf, that I
feel like someone who got the mission of diffusing a time bomb,
and I believe that we are all under urgent need to deal very
seriously not with tricky interpretation of an innocent favorable
statement, but by looking into the real problems and focus on
solving them.
THE PRESIDENT: Yes, let me say, though -- I didn't
understand, you're right. Thank you, Wolf. That is -- in
English, what that means is that you are very excited. It has no
reference to the Prime Minister. For example -- (laughter) -- I
would never do that. For example, if I -- no, no, if I were
taking a trip to Hawaii, I might say, I'm as excited as a kid
with a new toy -- doesn't mean I think Hawaii's a new toy, if you
see what I mean. It means that it's a slogan, you know. In
American English, it means I am very excited about the prospect
of the rejuvenation of the peace process. And that's all it
means. I would never say such a patronizing thing -- ever.
So I thank you -- thank you, Wolf. This is an historic
moment. Blitzer helps me make peace with the press and the
people of Israel. That's wonderful. (Laughter.) Yes, now you
get a real question.
Q Mr. President, the Prime Minister has suggested
that he's going to have to use up a lot of his domestic political
capital in Israel in order to fully implement the Wye agreement.
Would it be wise to go right away to the final status issues and
let them save some of that political capital for the tough
decisions Israel is going to have to make down the road? Would
you be willing to go along with deferring some of the agreements
that were achieved at Wye?
THE PRESIDENT: First of all, I'm not quite sure that's
what he said, but I think that those kinds of questions ought --
may be properly to be asked of us after we have a chance to have
our meeting. But the problem is, we have -- maybe we ought to
let him answer it -- but there is another party there and they
have their expectations. So maybe I should let the Prime
Minister answer that.
PRIME MINISTER BARAK: We abide by an international
agreement, Wye Agreement included. It had been signed by an
Israeli freely-elected government, by the Americans and by
Chairman Arafat. We are committed to live up to it. But there
is a need to combine the implementation of Wye with the moving
forward of the permanent status agreement. It could be this way
-- first Wye, then final status. It could be this way. But only
through an agreement with Arafat after mutual, open, frank and
direct discussion.
If we, together, agree, together with the Americans and
Arafat, that something could be made in order to bring those two
elements together, I hope and believe that even the international
press would not resist it very forcefully.
Q Prime Minister Barak, you have met with President
Mubarak, you have met with King Abdullah. What are the
possibilities of a meeting between you and President Hafiz al
Assad?
PRIME MINISTER BARAK: We still wait to see. When the
time comes, I hope we'll be able to meet. It takes two to tango.
I'm ready, the arena is ready; maybe the dancing instructor is
ready. We have to find opportunity and begin.
THE PRESIDENT: Now, let me say, that is not a
patronizing remark toward President Assad as the Prime Minister's
dancing partner. (Laughter.)
Helen, go ahead.
Q Mr. Prime Minister, when do you plan to disband
the heavily armed settlements in Palestine?
PRIME MINISTER BARAK: I'm not sure whether I
understood the question, so could you please repeat it?
Q There are more and more settlements being built
around Jerusalem and so forth. Are you going to disband them?
PRIME MINISTER BARAK: No. I'm not going to build new
ones. I'm not going to dismantle any one of them -- Israelis
citizens live in them. They came to these places -- almost all
of them -- through an approval of the Israeli government. We are
responsible for them. But the overall picture will be settled
once we end the permanent status negotiation and whatever will be
agreed, we will do. I believe in a strong block of settlements
that will include most of the settlers in Judeo-Samaria and the
Gaza Strip.
Thank you.
THE PRESIDENT: Thank you.
Q Mr. President, many Arab American organizations in
this country are very skeptical about Arabs getting a fair chance
in Israel, while Arab Americans from Arab descent and from this
country going to Israel having very harsh treatment. There are
four people sitting in a jail without due process. They are
badly treated at the airport. Can you comment on that?
PRIME MINISTER BARAK: I will answer. I'm ready to
look into this problem. We have no intentions to humiliate or to
intimidate any Arab citizens, be it Israelis, Americans or other
countries. And I cannot respond directly to the story you are
telling since I don't know the details.
THE PRESIDENT: Thank you very much.
Q Mr. President, do you personally believe in the
Palestinian right of return, even though you comments perhaps at
the press conference with Mr. Mubarak might not reflect a change
in U.S. policy?
And to Prime Minster Barak, one issue here in the
states has been the question of moving the U.S. embassy in Israel
from Jerusalem to Tel Aviv. Do you think that that has to
happen? I'm sorry -- from Tel Aviv to Jerusalem. Thank you. Do
you believe that that needs to happen now?
PRIME MINISTER BARAK: Be careful about the directions
-- (laughter.)
Q Do you believe that that needs to happen now, or
can that wait for progress in the peace process?
THE PRESIDENT: Do you want me to go first? First of
all, as you correctly stated, nothing that I have said should be
interpreted as a change in United States policy. I do think
there will be a general atmosphere when the peace is finally made
which will be positive. That's all I said.
On that question, the question you asked me, that is
explicitly an issue stated for final status negotiations by the
parties. That's part of the final status talks. The United
States, as a sponsor of the peace process, has asked the parties
to do nothing to prejudge final status issues. We certainly
should be doing nothing to prejudge the final status issues.
That is why I have had a consistent position on that, on the
embassy, on every issue -- whatever else we do, the United States
has no business trying to prejudge these final status issues.
That's what the parties have to work out in the final status
talks.
Q But Mrs. Clinton has certainly prejudged them,
sir.
PRIME MINISTER BARAK: As the Prime Minister of Israel,
I would like to see all the embassies from all around the world
coming to Jerusalem, and we will do whatever we can to provide
the preconditions for it. I feel that the essence of the peace
effort that we are trying to drive forward right now is the bring
within the shortest possible time a new landscape, political
landscape, in the Middle East that will make the whole question
irrelevant; you will see all the embassies together side by side
in Jerusalem. Thank you very much.
Q Mr. Prime Minister, is there going to be Israeli
astronauts on the space station -- are you going to discuss this
issue, and do you desire such?
PRIME MINISTER BARAK: I like Israelis, especially
Israeli astronauts. There is an officer, highly competent
officer in our Air Force and I would be more than glad to see him
walking in space when we enter the new millennium, maybe in 2001
or 2002. Thank you.
PRESIDENT CLINTON: Thank you. We have to go to work.
Q Mr. President, what about Mrs. Clinton? She's
prejudged the issues. What about Mrs. Clinton's prejudgment, Mr.
President? Tell us about Mrs. Clinton's prejudgment, sir.
THE PRESIDENT: That's why Senator Moynihan's law is
good -- every individual member of Congress can express a
personal opinion, but because of the waiver, the United States
does not have to prejudge the final status issue. That's good.
That's the way the law is set up, and it's good.
Q Also, she's not President, is she?
THE PRESIDENT: That's right.
Q Yet. (Laughter.)
END 2:47 P.M. EDT
@HWA
47.0 Federal Computer Week: GSA makes last awards for security services pact
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
- 27 comanies in all received a piece of the pie, which is earmarked to help agencies working
on compliance with Presidential Decision Directive 63, protecting critical infrastructure.
Winners include Booz-Allen & Hamilton, GTE, IBM Federal, Trident
http://www.fcw.com/pubs/fcw/1999/0712/web-safe-7-15-99.html
JULY 15, 1999 . . . 17:30 EDT
GSA makes last awards for security services pact
BY DIANE FRANK (dfrank@fcw.com)
The Federal Technology Service's Office of Information Security has
awarded the last of its Program Safeguard contracts for information security
services and last week awarded the first task order under the program.
The Safeguard blanket purchase agreement contracts provide services for
agencies developing and implementing plans to comply with Presidential
Decision Directive 63, which requires agencies to protect their critical
infrastructures, including information systems, from cyberattacks.
GSA awarded its first Safeguard task order to Booz-Allen & Hamilton Inc.,
according to Richard Krauss, program manager for Safeguard. The company
will help the Department of Veterans Affairs develop a network security
architectural plan for the agency's transition from a private network to the FTS
2001 public network.
The 27 winning vendors are as follows:
ACS Government Solutions Inc.
Anteon
AverStar
BB&N Technologies Inc.
Booz-Allen & Hamilton Inc.
CACI Inc.
Collins Consulting
Computer Sciences Corp.
Electronic Data Systems Corp.
Electronic Warfare Associates Inc.
GRC International Inc.
GTE
IBM Federal
Kajax Engineering Inc.
KPMG LLP
L&E Associates Inc.
Litton/PRC Inc.
Litton/TASC Inc.
Lockheed Martin
Logicon
Science Applications International Corp.
Software Technologies Group Inc.
SRA International Inc.
Telos Corp.
Trident
TRW
Unisys Federal Systems
@HWA
48.0 Federal Computer Week: Army awards $248 million ID contract
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
- Symbol Technologies wins contract to provide a wide range of identification devices, including
smart cards and wireless scanners. Goal is to provide Army with realtime logistics data
http://www.fcw.com/pubs/fcw/1999/0712/web-army-7-14-99.html
JULY 14, 1999 . . . 18:50 EDT
Army awards $248 million ID contract
BY BOB BREWIN (antenna@fcw.com)
The Army awarded a $248 million contract Tuesday to Symbol
Technologies Inc. to field and deploy a wide range of automatic identification
devices including bar code readers, magnetic stripe cards and radio frequency
"tags" to track supplies and parts for Army, Navy, Air Force and Marine
users worldwide.
The Army Communications-Electronics Command, which manages the
Automatic Identification Technologies II procurement, said the contract will
enhance warfighting through real-time access to logistics data. Lack of such a
coherent system in the Persian Gulf War caused tons of supplies to pile up at
ports while service personnel had to manually determine the contents of crates
and standard 40-foot shipping containers.
Symbol, headquartered in Holstville, N.Y., said it will supply DOD with a
"complete line of wireless mobile computing and scanning systems" on the AIT
II contract. Symbol said the systems it plans to supply through AIT II will
enhance the rapid and accurate deployment of materials and personnel
throughout the world, track supplies through the military's global distribution
centers. The AIT II contract also calls for Symbol to provide smart card
technology for military personnel identification.
@HWA
49.0 Denial of Service Vulnerability in IBM AIX
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
- A denial of service vulnerability has been discovered in the ptrace()
system call of AIX versions 4.2.x and 4.3.x allowing non-root users to
crash the system. A temporary fix is available from IBM
http://securityportal.com/topnews/aix19990714.html
-----BEGIN PGP SIGNED MESSAGE-----
Tue Jul 13 20:46:31 CDT 1999
============================
A denial of service vulnerability has been discovered in the ptrace() system call of AIX versions 4.2.x and 4.3.x allowing non-root users to
crash the system. This vulnerability has been posted to the bugtraq mailing list.
Temporary Fix
=============
A temporary fix is available via anonymous ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/adb_hang.tar.Z
Filename sum md5
======================================================================
unix_mp.42.adb_hang_fix 00772 2693 960214a1945f2c70311283adc0b231a3
unix_mp.43.adb_hang_fix 15044 3302 584d1c5ea0223110e2d8eba84388f526
This temporary fix has not been fully regression tested. The fix consists of a multiprocessor kernel which can be used on either a
uniprocessor or multiprocessor machine. There may be a slight performance penalty when using a multiprocessor kernel on a uniprocessor
machine.
Use the following steps (as root) to install the temporary fix:
1. Determine the version of the kernel fileset on your machine.
# lslpp -l <fileset>
If the version of the kernel fileset for your machine is not at the level described below, install the requisite APAR listed. This will help ensure
that the temporary kernel fix will run properly.
Release Fileset Version requisite APAR
===============================================================
AIX 4.2.x bos.mp or bos.up 4.2.1.23 IY00689
AIX 4.3.x bos.mp or bos.up 4.3.2.8 IY00727
2. Uncompress and extract the fix.
# uncompress < adb_hang.tar.Z | tar xf -
# cd adb_hang
3. Review and run the adb_hang.sh script to install the new kernel.
# view ./adb_hang.sh
# ./adb_hang.sh
4. Reboot.
Obtaining Fixes
===============
IBM AIX APARs may be ordered using Electronic Fix Distribution (via the FixDist program), or from the IBM Support Center. For more
information on FixDist, and to obtain fixes via the Internet, please reference
http://aix.software.ibm.com/aix.us/swfixes/
or send email to "aixserv@austin.ibm.com" with the word "FixDist" in the "Subject:" line.
To facilitate ease of ordering all security related APARs for each AIX release, security fixes are periodically bundled into a cumulative
APAR. For more information on these cumulative APARs including last update and list of individual fixes, send email to
"aixserv@austin.ibm.com" with the word "subscribe Security_APARs" in the "Subject:" line.
Contact Information
===================
Comments regarding the content of this announcement can be directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to encrypt new AIX security vulnerabilities, send email to security-alert@austin.ibm.com
with a subject of "get key".
If you would like to subscribe to the AIX security newsletter, send a note to aixserv@austin.ibm.com with a subject of "subscribe Security".
To cancel your subscription, use a subject of "unsubscribe Security". To see a list of other available subscriptions, use a subject of "help".
IBM and AIX are a registered trademark of International Business Machines Corporation. All other trademarks are property of their
respective holders.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBN4vxDgsPbaL1YgqvAQFASAP9HBQ4UCcMURj0W0WnKivLo/UXF4yhs3Cl
tX9H4tQsGo3U93G2cm3P59C8zbtZd355IVRxTtbOlCLL5CZBMIjNE7c6nyvvn0A0
RCeC1T9+nxZZfFCG81Rd1OME242KzjVz/1w1jQtNqdYugm9/YHm8hamd+KCRNtXl
e+x8Vg16YU4=
=JB4f
-----END PGP SIGNATURE-----
@HWA
50.0 Trinux revisited by www.securityportal.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Linux Security Appliance
BO2K Information Center
July 12, 1999 - They say that good things come in small packages with Linux,
but even so, it is hard to believe how much functionality you can get out of
Trinux. Whether your network is primarily NT, Linux, or some other flavor of Unix is
immaterial - if it is based on TCP/IP, Trinux can be a valuable tool. Trinux is the
Linux Security Appliance, and is a valuable tool for any network engineer and
security specialist.
What is Trinux? Trinux is a small, portable, re-compiled version of Linux, stripped
of non-essential modules and enhanced with GPL security tools. By doing an
excellent job of identifying module dependencies, the authors of Trinux are able
to create a special Linux distribution that can fit on two high density floppies.
Some of the many tools included with Trinux are:
Firewalk - this is a tool that employs traceroute techniques to discover and determine Access Control Lists for
firewalls and routers.
Ipfwadm - utility to administer the IP accounting and IP firewall services offered by the Linux kernel.
Iptraf - IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP
connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN
station packet and byte counts.
Neped - stands for "NEtwork Promiscuous Ethernet Detector", a tool designed to detect Linux sniffers on a local
network.
Netwatch - monitors Ethernet traffic for hosts, packet counts and protocols.
Nmap - The Network Mapper is the premier port scanning tool for Linux. Allows state of the art scanning using a
variety of techniques.
Snmpset/snmpget/snmpwalk - allows you to easily retrieve and set SNMP variables.
Tcpdump - the standard packet sniffer for Unix.
You can get Trinux at many sites that archive Linux tools. The authors have setup a site at www.trinux.org,
containing the software, detailed documentation and version history. The software can be downloaded into two files,
boot (the boot image) and classic (the applications). After downloading the files, simply use the rawrite utility (from
DOS) or dd (from Linux/Unix), to create the floppies. Next, copy the module for your network card (a .o file, such as
3c59x.o) to the boot floppy, and you are ready to go.
How do we see usage of Trinux? Trinux is not a pretty, GUI-based management console, but a versatile tool you can
take anywhere that can provide quick answers. Trinux is a must for consultants and network engineers who travel to
many different sites and must diagnose a wide variety of problems. A Trinux user can quickly build a picture of a
foreign network and assess security problems. Due to the fact that it can be carried around in just two floppies can
give you the flexibility to quickly put a client's PC into service as a Trinux station. Make certain to carry driver modules
for all of the network cards you think you will encounter. Network Administrators may want to keep a dedicated Trinux
station in the computer room to provide a quick diagnosis of network security issues and to provide validation for (or
contradiction with) other network management tools.
The elegance and simplicity of Trinux displays not only the wisdom of the network appliance concept, but also shows
the power of specially compiled Linux distributions to deliver on that concept. If you are responsible for the security of
a network, large or small, you owe it to yourself to invest a couple hours of your time and test out this tool.
@HWA
51.0 ComputerWorld: Crypto Expert - Most encryption software is insecure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via http://www.securityportal.com/
- Bruce Schneier, author of Applied Cryptography, says it is hard to tell whether problems lie in the alogorithm,
implementation, or elsewhere. He strongly recommends staying conservative, and use well known and highly
scrutinized crypto algorithms
Crypto expert: Most encryption
software is insecure
By Ann Harrison
LAS VEGAS -- Respected cryptography authority Bruce
Schneier this week told a security conference that most
products and systems that use cryptography are insecure
and most commercial cryptography doesn't perform as
advertised.
Instead, he recommended that companies use strong
random number generators and published nonproprietary
algorithms and cryptographic protocols.
Schneier, who is president of Counterpane Systems in
Minneapolis, author of Applied Cryptography and inventor of
the Blowfish, Twofish and Yarrow algorithms, noted that it's
difficult to distinguish bad cryptography from good
cryptography in security products.
Experienced security testing is needed to uncover bugs, but
products are often shipped without this type of evaluation,
he told the audience at the Black Hat Briefings. "Beta testing
can never uncover security flaws," Schneier said.
According to Schneier, flaws can be found almost
anywhere: in the threat model, the design, the algorithms
and protocols, the implementation, the configuration, the
user interface, the usage procedures and other locations in
the design of products.
There is usually no reason to use a new or unpublished
algorithm in place of an older and better analyzed one,
Schneier said. "There is no need ever for proprietary
algorithms," he added.
Insecure random number generators can also compromise
the security of entire systems since the security of many
algorithms and protocols assumes good random numbers,
Schneier said. He noted that random numbers are critical
for most modern cryptographic applications including
session keys, seeds for generating public keys and random
values for digital signatures.
Security consultants at the conference said they took
Schneier's suggestions to heart. "I would suggest that no
one ever purchase proprietary encryption products if it's
protecting anything of value because someone can
reverse-engineer it," said Byran Baisden, a software
engineer at Edge Technologies Inc. in Fairfax, Va. Edge
designed the Nvision product for network management
platforms and consults for the federal government.
Matthew S. Cramer, lead security practitioner at Armstrong
World Industries Inc. in Lancaster, Pa., said Schneier does
a good job pointing out flawed systems and helping
companies evaluate products such as virtual private
networks that use encryption. "The tough job is picking
which ones are snake oil and which ones are real and
Bruce provides a lot of information to the community to pick
out which is which," Cramer said.
@HWA
52.0 Y2K Villains come in all shapes and sizes...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.computerworld.com/home/news.nsf/all/9907165y2kfraud/
You network may be covered from the inside but what about physically huh?
got thos suckers bolted down and and id card system in action y'all?
Y2K 'repairs' could open door for
billion-dollar thefts
By Thomas Hoffman
Don't be surprised if crackers make off with at least one
electronic heist in the $1 billion range by taking advantage of
the year 2000 problem, according to a new report from
Gartner Group Inc.
Gartner believes that contractors and programmers hired by
companies to make Y2K fixes may have left "trapdoors" to
move money between accounts.
"The likely perpetrator would be a highly skilled software
engineer who has worked on Y2K remediation efforts and
understands both computer systems and the underlying
business processes," Gartner said in a statement today.
"...The worst-case scenario for theft would include a highly
skilled software engineer involved with Y2K remediation who
feels unrecognized or unappreciated."
An opportunity for theft could occur when a system crashes
and repairs are made by a single software engineer without
usual oversight and review, Gartner said.
@HWA
3Com eyes new wireless standard for PALM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.computerworld.com/home/news.nsf/all/9907165palmwap
3Com eyes new wireless standard
for Palm
By James Niccolai
3Com Corp. is exploring an emerging technology called the
Wireless Access Protocol (WAP) for possible use in its
Palm computer, a move that would bring new Web
browsing capabilities to the popular handheld device,
analysts and sources familiar with the matter said this
week.
Moving to WAP would be a significant step for 3Com, which
has invested heavily to develop a text-based technology
called "Web Clipping" for its wireless Palm VII, which was
launched in May in the New York area. But analysts said the
momentum growing behind WAP might not leave 3Com
with any choice but to switch to WAP.
Web Clipping allows mobile users to download short bursts
of text information from Web sites that have tailored content
for 3Com's technology. Web Clipping doesn't allow users to
surf the Web at large, but downloads information to "query
applications" offered by more than 60 firms, including United
Airlines, The Weather Channel, ETrade Group Inc. and The
Wall Street Journal. The list of content and service
providers using Web Clipping is growing, and users can
download new query applications from Palm's Web site,
3Com said.
In contrast, WAP provides a set of open standards that
allow mobile devices like cell phones, pagers and handheld
computers to browse content on the Web. Sites, however,
must be reformatted to support a programming language
called Wireless Markup Language that supports both text
and bitmap images.
WAP still is an emerging technology, but the industry
momentum behind it, combined with its potential to offer
users greater freedom to surf the Internet, may force 3Com
to make a transition from Web Clipping to WAP, analysts
said.
"I think they would be foolish not to support WAP. They're
trying to push Web Clipping as a metaphor for surfing the
Web, but I don't think they'll be that successful," said Ken
Dulaney, vice president of mobile computing research at
market analyst firm Gartner Group Inc. in San Jose, Calif.
Dulaney characterized 3Com's apparent reluctance to
move to WAP as "a touch of Microsoft-itis."
"I think it's stupid for them to wait," he said. "They ought to
be in the middle of things. They're obviously waiting, but
what they're waiting for I don't know."
3Com denies it has any plans to move away from its
proprietary technology, although the company
acknowledges that WAP is on its radar screen.
"We're certainly looking at WAP and find it very interesting,
but we don't have any imminent plans" to use the
technology, Tammy Medanich, product marketing manager
at 3Com's Palm Computing division, said in a recent
interview.
But two sources close to the matter told IDG News Service
that 3Com has already begun talks with the WAP Forum, an
industry group formed to promote the technology. Other
industry sources have indicated to Gartner Group's Dulaney
that 3Com will move to the new technology sooner rather
than later, Dulaney said.
The world's largest handset makers, including L.M.
Ericsson Telephone Co., Nokia Corp. and Motorola Inc., all
have announced plans to ship WAP-enabled phones late
this year or early in 2000. Telecom carriers AT&T Corp.,
France Telecom SA and Nippon Telegraph & Telephone
Corp. (NTT) are also backing the effort, along with IT
heavyweights like Microsoft Corp. and Intel Corp.
"For 3Com to take on Microsoft and all the other players
would be suicide in my opinion," Dulaney said.
3Com maintains that Web Clipping has proved popular
among its early customers. What's more, the company
notes, content for the Palm VII is available now, whereas
companies are only just beginning to think about retooling
their Web content for WAP.
Web Clipping is "fast and efficient" at downloading snippets
of information, said Jill House, a research analyst at
International Data Corp.'s (IDC) smart handheld devices
group. Still, she characterized the technology as an "interim
solution" to providing mobile users with wireless Web
access.
Like Dulaney, House believes 3Com will be forced to yield to
the market impetus building up behind WAP. IDC expects
shipments of WAP-enabled products to increase rapidly,
soaring from almost zero today to close to 10 million by
2003. About 5 million Palm OS-based devices will ship in
the same year, up from an estimated 2.9 million this year,
House said.
"[WAP is] a strong technology with a lot of interest from the
industry. Given both those factors, it would be very
surprising if 3Com were not considering it" for use in the
Palm, she said.
Officials at the WAP Forum declined to comment on
whether any discussions with 3Com are under way, but
said 3Com's membership to the Forum would be of great
value.
"Our principal goal is to create one worldwide standard that
all wireless handheld devices work on for Internet access
and browsing, and it would be a huge accomplishment to
have 3Com join," said Chuck Parrish, who recently
completed his tenure as chairman of the WAP Forum.
Parrish is also executive vice president at Phone.com Inc.,
which makes client and server software for WAP devices.
One major benefit of having a single standard among
wireless providers would be to enable content developers to
write their content once and have it understood by all
devices, Parrish said.
@HWA
54.0 Intel creates Net-specific unit.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.computerworld.com/home/news.nsf/all/9907165intelnet
(Online News, 07/16/99 11:36 AM)
Intel creates Net-specific unit
By Cheri Paquet
Intel Corp. has divided its communications business into a
networking business unit and a new unit dedicated to the
development of Internet-specific products.
Intel's new Communications Products Group will include
communication servers, computer telephony hardware,
network appliances, routers, hubs, switches, VPN (virtual
private network) software and LAN management hardware,
the company said in a statement issued yesterday.
Meanwhile, the Network Communications Group will
continue to focus on developing Intel's microprocessors,
LAN chip controllers and network processors.
To form the new Internet unit, Intel combined its
Communications and Internet Server Division, Network
Systems Division, Systems Management Division and the
Dialogic subsidiary it recently acquired. Dialogic makes
computer telephony software, network interfaces and media
processing boards.
Intel Vice President John Miner, formerly general manager
of the Enterprise Server Group, will head up the
Communications Products Group and will report directly to
Craig Barrett, Intel's president and CEO. Michael Fister,
vice president of the Intel Architecture Business Group and
general manager of Enterprise Server Group, will succeed
Miner in his former role.
@HWA
55.0 Bugtraq: JavaScript used to bypass cookie settings in Netscape
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Communicator 4.[56]x, JavaScript used to bypass cookie settings
Peter W (peterw@USA.NET)
Fri, 9 Jul 1999 18:18:57 -0400
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Oliver Lineham: "Navigator cookie security"
Previous message: ET LoWNOISE: "[LoWNOISE] Lotus Domino"
Next in thread: Oliver Lineham: "Navigator cookie security"
Reply: Oliver Lineham: "Navigator cookie security"
Reply: Claudio Telmon: "Re: Communicator 4.[56]x, JavaScript used to bypass cookie settings"
As Netscape has not acknowledged my email or bug report from last week,
and one form of this vulnerability is currently being used, I have decided
it best to publicize this problem.
SUMMARY
This post describes a flaw verified in Netscape Communicator 4.6-0 as
distributed by Red Hat software for x86 Linux and Communicator 4.51 and
4.61 for Windows NT. Communicator does not enforce "originating server"
cookie restrictions as expected when JavaScript is enabled, leading to
privacy issues for users who may think they have taken reasonable
precautions.
BACKGROUND
Communicator 4.6 has a setting to warn before accepting cookies, and
another to "Only accept cookies originating from the same server as the
page being viewed". That latter option is supposed to, and used to,
completely and quietly reject "DoubleClick" style third party ad cookies,
i.e., cookies from servers that did not produce the main HTML document.
These third party ad servers use cookies to track Web users as they move
through completely unrelated Web sites. By accepting the cookie, one
allows the third party to compile a profile of visits to other Web sites
that use the third party's ad service (though normally the third party
does not know the end user's exact identity).
PROBLEM
Last week I noticed a warning for a cookie (for doubleclick.net) not from
the domain of the page I was viewing (newsalert.com) -- which the cookie
settings should have rejected outright. If I turn off the warning,
Netscape silently accepts the doubleclick cookie, although I still have
the "originating server" restriction enabled.
MEANS OF EXPLOIT
The reason? I had JavaScript enabled for Web browsing. The offending
newsalert page used a tag something like
<SCRIPT language="JavaScript1.1" SRC="http://ad.doubleclick.net/...">
and Communicator seems to interpret this as a "page" from doubleclick when
it's only getting a snippet of JavaScript code.
INTENT ?
I have been in communication with DoubleClick on this issue. They raise
credible reasons to justify using <SCRIPT> instead of simple <A><IMG>
tags: preventing caching, and allowing the ability to use media other than
simple images for their ads. Nevertheless, this technique does subvert
user preferences, regardless of whether this was the original intent.
DoubleClick does have an "opt out" program that sets a generic cookie to
prevent further tracking; see http://www.adchoices.com/ for details.
Newsalert management and web staff have not responded.
COMPETING PRODUCTS
Initial tests with Microsoft Internet Explorer 5.0 for Windows NT suggest
that it does not have any option like Netscape's "originating server"
restriction. By explicitly categorizing *.doubleclick.net in a zone like
"Restricted sites" where all cookies are disabled, MSIE 5 will reject
cookies offered by doubleclick.net <SCRIPT> tags; of course this must be
done for each third party domain individually.
WORKAROUNDS
Concerned Netscape users should either turn on warnings and read notices
carefully, disable JavaScript, or completely disable cookies.
SUGGESTED FIX
The cookie security mechanism should not accept <SCRIPT SRC="..."> as a
valid "page" for the purpose of the cookie settings. Nor should it allow
any similar means of bypassing the "originating server" restriction,
including external CSS files[1], or other documents not of type text/html.
For each rendered page, the domain of the main document's URL should be
compared against the domains of any other supplemental pieces in deciding
if those pieces qualify as "originating server" content.
VENDOR RESPONSE
While there has been no response from Netscape Communications, I am
grateful for the prompt, polite responses of DoubleClick's employees;
although I disapprove of their willfully continuing to use this technique,
and their advocacy of unwieldy "opt-out" procedures.
-Peter
[1] By specifying a style sheet from a different domain with
<link rel="stylesheet" type="text/css" href="...">
you can also sneak a cookie past the "originating server" restriction, but
only if both style sheets and javascript are enabled.[2]
Even better, you can set cookies for more domains with "Location:"
redirects. E.G. "http://example.org/" can have a URL like
http://example.com/redirectPlusCookie in the LINK tag that issues a
Set-Cookie and a Location header, redirecting the user to
http://example.net/stylesheetPlusCookie. With JavaScript and CSS enabled,
Netscape will accept cookies from both example.com and example.net.
Or, a more vicious approach is to reference a URL on the same server which
issues the redirect for the CSS or <SCRIPT> SRC to another domain. Users
who look at the HTML source won't see anything unusual, but such
redirections will also bypass the "originating server" setting.
Finally, if you're not convinced of the problems, consider that these
"originating server" tricks also work if you're viewing a file:// URL,
even with a cookie-setting intermediate redirect.
[2] Sorry, Netscape, I didn't tell you this last week because only now did
I bother to test mechanisms other than the direct <SCRIPT> tag.
The Intel Pentium III chip: designed to deny your privacy
Boycott Intel. http://www.privacy.org/bigbrotherinside/
Next message: Oliver Lineham: "Navigator cookie security"
Previous message: ET LoWNOISE: "[LoWNOISE] Lotus Domino"
Next in thread: Oliver Lineham: "Navigator cookie security"
Reply: Oliver Lineham: "Navigator cookie security"
Reply: Claudio Telmon: "Re: Communicator 4.[56]x, JavaScript used to bypass cookie settings"
@HWA
56.0 Granny Hacker from Heck attends DefCon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
via AntiOnline http://www,antionline.com/
Granny Hacker From Heck Visits Def Con
Thursday, July 15, 1999 at 16:29:59
by Carolyn Meinel - Writing For AntiOnline
July 1, 1999. A staffer from Loompanics calls to say that the
Def Con convention staff has ordered them to not sell my "The
Happy Hacker: A Guide to Mostly Harmless Hacking"
(http://happyhacker.org/buyhh.html) at their upcoming computer
criminal soiree.
This means war! How can I best stick it to the Def Con d00dz?
Oho, their web site (http://www.defcon.org) is advertising a
Bastard Operator from Hell (BOFH)
(http://www.rangsoc.demon.co.uk/bofh_last.htm) contest. A
true BOFH should run a computer with all sorts of tantalizing
services. Build something
that looks like an eight year old could
break in. Then the attacker runs exploit after exploit against the
box. And every attack mysteriously SCREWS UP!!!
Muhahaha. By offering a prize for the best victim computer, the
Def Con guys hops to get better targets for the hackers playing
Capture the Flag.
Amarillo, TX, July 6 and 7, I'm out there with Happy Hacker
Wargame director Vincent Larsen and wargame admin Jon to
put together our BOFH entry: Fangz. Ah, yes, Fangz, an Intel
box running Red Hat Linux (at least that's what any port
scanner would tell you, snicker). It runs ftp, pop3, smtp, a DNS
server, telnet with a guest account with no password, guest
access to vi and a C compiler; and a Lithium Quake server with
back doors in place. Ahem, every service is working according
to the RFCs, but not quite running the way hackers would
expect:):)
OK, let's get this straight. All I did was provide the hardware
and use the Hacker Wargame to test various iterations of
Vincent and Jon's Process Based Security
(http://www.sage-inc.com) modifications to Red Hat Linux.
Red Hat is a hacker's paradise. A clean install of the latest
version has over 200 ways to break into it. Vincent and Jon's
version of Red Hat, however, would make the BOFH himself
proud. That's why I decided against entering a FreeBSD or
OpenBSD system. They have pretty good security, too. But
they don't TORMENT hackers the way Process Based
Security does.
At sunrise Friday morning, July 9, I caught a ride on the Happy
Hacker Godfather's King Air business jet, along with him and
Jon. Also there was this giant Texan on board. I asked him,
"You look like a bodyguard. You look like you could pick up
someone by the neck and hold him out at arm's length."
"I'm an interior decorator. That's my story and I'm sticking with
it."
Nine AM we are on site at the Alexis Park hotel. We stagger
along with Fangz, a monitor, laptop, my favorite Ethernet hub,
my crummy backup Ethernet hub, lots of spare 10BASE-T
cabling, tools, and duct tape just in case I need to tape anyone
to the wall.
A Def Con "goon" (security guard) helps us out by taking us to
the head of the registration line. Who should be handling, um,
exceptional cases such as ourselves but Pete Shipley. As his
mouth drops with surprise to see us Happy Hacksters out in
force, he fails to flash his copyrighted vampire fangs. Now these
are very important, copyrighted vampire fangz, er, I mean,
fangs. Shipley's lawyer actually sent several letters to the
publisher of my Happy Hacker book claiming that Shipley had
gotten a copyright on wearing vampire fangs, so the guy on the
cover of my book wearing fangs owed Shipley royalties. Or
something like this.
Anyhow, the publisher, being a hacker himself (Dr. Mark
Ludwig), decided to have a little fun with Shipley. In the second
edition he blotted out Shipley's fanged features with a green
blob reading "hey man get my face off this cover."
Anyhow, I think Mark using Shipley's copyrighted fangs on my
book cover is why Shipley can't wear fangs any more. That
must be what got Shipley to being such a major enemy of mine.
After all, my lady BOFH personality ought to win the adulation
of hackers everywhere. LART, LART, who has the LART?;^)
(http://www.winternet.com/~eric/sysadmin/lart.1m.html)
Shipley swears it isn't because I hacked him at Def Con 3 in
front of dozens of witnesses (see Granny Hacker from Heck).
Oh, yes, if you are a reporter, contact me and I'll give you
phone numbers for two of those witnesses.
Well, that fangless Shipley just about ruined my day. What next,
would Cult of the Dead Cow's (http://cultdeadcow.com) Deth
Vegetable trash can his Mr. T bust and prance on stage in a
business suit?
We got Fangz set up pretty quickly. All I did was some physical
stuff. Meanwhile, Jon changed the gateway, DNS server and IP
address himself because there are some interesting twists to
Fangz. Then he spent the next few hours waiting for the Capture
the Flag/BOFH contest to start by changing a few more things
on Fangz, like the process control tables for the "mv" and "cat"
commands. Oh, you say you never heard of Red Hat Linux
"process control tables"? Muhahaha.
Then... Priest pays me a visit. Priest. He's a tall middle aged guy
whose trademark is the loud Hawaiian shirts and shorts he
wears at every Def Con. At Def Con 5 he won his "I am the
Fed" T-shirt by showing off an FBI badge. Of course I believe
everything I see.
"Carolyn," he gestures to me. He sidles up close and whispers,
"I left the agency a few weeks ago. An Internet startup in
California offered me a chance to get rich. I have a
nondisclosure agreement for you. Interested?"
Of course I like to get rich, too. I sincerely believe that Internet
startups like to offer FBI agents tons of money. "Sure."
Meanwhile the Capture the Flag/BOFH game has finally gotten
started. Less than 100 of the 3,600 Def Con attendees have
signed up to play the game. What? Less than one hundred? I
ask several players. They all say there are perhaps only 200
people at Def Con who actually know how to break into
computers. The rest? Feds, narcs, groupies, and fakes. And
BOFHs:):)
Suddenly people start shouting. I turn to see a man prancing on
top of a table next to the Penguin Palace booth. He is naked
except for an extremely tiny g-string. It's a good thing his
genitals are tiny enough to fit into it. Then he pulls on his jeans
and leads a parade of drooling teenagers out of the room.
A tiny waisted bleached blonde with braless boobs in a
spaghetti string shirt prances over to some Capture the Flag
players. Not only is each boob the size of her head, they are
powered by antigravity devices. From time to time she pulls up
her shirt and sticks her naked boobs into the faces of the
players. They keep on shooing her off -- "We're trying to hack,
dammit!"
(to be continued: groupies get drunk and laid; Feds, narcs and
Cult of the Dead Cow urge code kiddies to hack more
government Web sites so Congress will boost the Information
Warfare budget from $1 billion to $1.4 billion; fangz LARTs
hackers; Michael Schiffman beefs up his muscles with a bicycle
pump; Shipley remains fangless; Priest attempts an entrapment
scheme; and Granny Operator from Heck gets into trouble.)
@HWA
57.0 Carolyn's ("Granny Hacker") profile on Antionline
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Granny Hacker From Heck
Tuesday, February 23, 1999 at 11:43:38
by Carolyn Meinel - Writing For AntiOnline
I sit in my home office, slaving over a hot computer. It's an NT
server; next to it is an Indigo running Irix 6.2. Across the room is
my Slackware box. They are linked by, ta, da! Ethernet. Two
modems hum with TCP/IP over PPP.
I'm the grannie hacker from heck. Elite d00dz tremble before my
wrath. You don't believe me? Check out this
(http://www.attrition.org/slander/content.html). See? Some of the
scene's most dreaded hackers and brilliant computer security
experts are trembling before my awesome skillz as, so they say, I
run around erasing the systems files of helpless hacker boxes. I'm
talking about people such as admitted black hat
(http://www.wired.com/news/news/culture/story/16872.html)
Brian Martin, AKA jericho, trembling in his boots. You know,
the computer security professional from Repent Security, Inc.
(http://www.repsec.com) Come on, check this out
(http://www.attrition.org/slander/content.html) and see how
terrified he is of me!
Heck, even some FBI agents think I've waged a war of naughty
images plastered over the likes of the New York Times and
PenthouseWeb sites -- that I'm the Hacking for Girliez gang.
Don't believe me? Martin even has a sound bite on his Web site
with me apparently confessing to their crimes!
(http://www.attrition.org/shame/www/admit.html)
So how did I become the grannie hacker from heck? It all started
in 1995 when I went to Def Con III. Being such a good
housekeeper, I couldn't help but be the person who discovered a
live phone line in the convention ballroom. Of course I sprawled
out on the floor, plugged my laptop into the line and telneted into
a shell account. Lo and behold, "Evil Pete" Shipley, leader of the
Dis Org gang (http://www.dis.org/doc.html), strode over. He was
quite a wonderment, with fangs and spurs and lovely black hair
flowing to his waist. He crouched down beside me and asked,
"You got a telnet session going?"
"Yup."
"May I borrow it for a minute? I need to do something at work."
That was when the naughty side of me took over, you know, the
Mrs. Hyde thing. "Suurreee:)," I replied. I handed my laptop to
him, then leaned over and clicked a function key.
"What did you just do?" Evil Pete demanded.
"I turned on logging." I tried to wipe the cat got the canary look
off my face.
"You tried to steal my password!" Evil Pete stood up and started
shouting, to no one in particular, "This woman tried to hack me!
Bad hacker etiquette!"
"Sheesh," I pouted. "It's my computer, I can run keystroke
logging if I want to!"
Maybe I was plum lucky. Full as that ballroom was with guys
toting Miranda cards, not a single Fed rushed over to bust me.
That was what really got me inspired. I could hack a big wig
computer security fellow right in front of the Feds, and get away
with it! The sense of power drove me mad, muhahaha....
Anyhow, that is how I got started persecuting the biggest and the
baddest hackers and computer security experts on the planet.
Recently the organizer of Rootfest (http://www.rootfest.org)
kicked me off the program of his hacker con because Evil Pete
had warned him that I had put out a special, secret Guide to
(mostly) Harmless Hacking showing newbies how to hack Pete's
dis.org domain. Pete even showed him a copy of this GTMHH, a
special edition of Vol.1, #3. It's one that you won't find anywhere
on the Web, I think only Pete, Mr. Rootfest and I have copies of
it. Anyhow, this smart move of Pete's has saved the planet from
the live "how to hack" class I was going to teach at Rootfest.
Intoxicated as I am by hacking, nowadays my spinning wheel sits
gathering dust, and a shirt I was sewing lies half-finished. I used
to be such a sweet housewifey, I swear! You don't believe me? I
have witnesses! I used to demonstrate wool carding at the New
Mexico State Fair! I used to make gourmet goat cheese and
station bouquets of cut flowers from my greenhouse in
Martha-Stewart-approved locations about my home.
What caused my fall from the Better Homes and Gardens set?
The sweet taste of being a meanie against the world's hairiest
hackers!
Sooo, will the rampage of grannie hacker from heck ever end?
My victims are trying to figure out how to defend themselves
against me. Evil Pete told the organizer of Rootfest that in self
defense, my hacker victims have brought many lawsuits against
me. Much more effective than a firewall, right? Especially against
us Uberhacker grannies!
Now, I haven't seen any of these lawsuits, but as we all know,
hackers never lie. The suspense is getting to me. When will this
army of lawyers my victims have marshalled actually materialize?
Will they sue me into submission? How much more damage will I
and my Happy Hacker (http://www.happyhacker.org) army of
newbies do before lawyers save the world from my
depredations? Stop me before I hack again!
In the meantime, while waiting for the lawyers to save you, what
can you do to keep me from making naughty body parts sprout
on your Web site? Here are my top five suggestions:
1) Buy my Happy Hacker book. I don't rm the operating system
of anyone who buys my book, because after reading it you will
know enough to protect yourself from me. Also, when you see
me trying to secure shell into your ftp port, you'll know I'm just
yanking your chain.
2) Send me computer jokes. I'm a sucker for them and will be
too busy laughing and forwarding them to my friends to hack you.
The following is an example of something that meets my
laughability standards:
An engineer, a systems analyst, and a programmer are driving
down a mountain road when the brakes fail. They scream down
the mountain gaining speed every second and screeching around
corners. Finally they manage to stop, more by luck than by
judgment, inches from a thousand foot drop to the jagged rocks
on the valley floor. More than slightly shaken, they emerge from
the car. "I think I can fix it," says the engineer. The systems
analyst says, "No, I think we should take it into town and have a
specialist examine it." The programmer, holding his chin between
thumb and forefinger says, "Okay, but first I think we should get
back in and see if it does it again."
3) Give me a 120 cubic meter Cameron hot air balloon with
complete accessories, you know, stuff like a rate of
ascent/descent meter, GPS, one ton king cab chase truck with
Tommylift gate... I'll be so busy accidentally landing on the
classified areas of Sandia Labs, Area 51 etc. that I'll retire my
computers next to the spinning wheel and unfinished shirt. I can
see it now, "Gosh, Colonel, you know how these balloons are, I
got caught in a thermal and next thing I knew I was here:)"
4) After we had a fight, my ex-husband used thermite to melt
down our 30 mm Finnish antitank gun. Gimme another one. With
ammunition. Or else.
5) Our church music director could use 50 copies of the score
for Jesus Christ Superstar. If I can get some snivelling coward to
give them to us in exchange for me promising not to hack him,
maybe I can get to sing Mary Magdalene. If Lisa gets the part, I'll
hack the church computer so Zippy the Pinheadisms creep into
the bulletins.
I guess that's enough extortionate demands. I gotta get back to
sneaking Trojans into military computers so I can launch World
War III while making it look like Y2K bugs so I won't get into
trouble. As for those computer security professionals I've been
fubaring, do you suppose I'll ever feel remorse? No way! If they
want to call themselves computer security experts, they'd better
be ready to take heat from the granny hacker from heck!
Carolyn Meinel (cmeinel@techbroker.com) is a computer fubar
expert and clown princess of the non-profit Happy Hacker, Inc.
She lives in Cedar Crest, NM with her long-suffering hubby, four
cats, three horses, three dogs, two toads and two mosquito fish.
PS: The thing about the thermite is a slight exaggeration.
Everything else is true -- remember, you read this on the Internet,
so it must be true. Be sure to email a copy of this to Craig
Shergold and everyone else your know and Bill Gates will give
you $1000. Be sure to put "Good Times" in the subject. If you
don't email this out within ten days, you will be cursed with seven
years of bad luck and wake up in a bathtub full of ice with your
kidneys missing. Honest!
<sic>
@HWA
58.0 HP Support Bulletin HPSBUX9907-100
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://securityportal.com/topnews/hp19990708.html
-------------------------------------------------------------------------------
Document ID: HPSBUX9907-100
Date Loaded: 19990707
Title: CDE Leaves Current Directory in root PATH
-------------------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #00100, 07 July 1999
-------------------------------------------------------------------------
The information in the following Security Bulletin should be acted upon as soon as possible. Hewlett-Packard Company will not be liable for any
consequences to any customer resulting from customers failure to fully implement instructions in this Security Bulletin as soon as possible.
-------------------------------------------------------------------------
PROBLEM: The current directory is in the root users PATH after logging in using CDE.
PLATFORM: HP 9000 series 700/800 at hp-ux revision 10.X
DAMAGE: Increase in privileges.
SOLUTION: Modify /usr/dt/bin/Xsession until a patch is available.
AVAILABILITY: This advisory will be updated when patches are available.
-------------------------------------------------------------------------
I.
A. Background - The PATH environment variable is constructed from several sources including dtsearchpath and scripts in
/etc/dt/config/Xsession.d/ and /usr/dt/config/Xsession.d/. The resulting PATH contains the string "::" which will be interpreted as the
current directory. The root user should not have the current directory in the PATH.
B. Fixing the problem - Since the PATH environment variable can be affected by dtsearchpath and several scripts, the
recommended solution is to clean up the root users PATH after is has been created.
In /usr/dt/bin/Xsession just before this:
# ###########################################################################
#
# Startup section.
Add this:
###################### Clean up $PATH for root ##########################
if [ "$USER" = "root" ]
then
Log "Clean up PATH for root user"
Log "Old PATH = $PATH"
PATH=echo $PATH | awk
{
# Remove elements from PATH that are
# (a) "."
# (b) ""
# © blank
#
gsub (" ",":", $0) # Substitite ":" for each blank
n = split ($0, path, ":") # Split into elements with ":" as delimiter
first = 1 # To suppress leading ":" in new PATH
for (i=1; i<=n; i++) {
len = length(path[i])
dot = index(path[i], ".")
dot_only = 0
if ((len == 1) && (dot==1)) {
dot_only = 1
}
# print element if it is not "" and not "."
if (!(len==0) && !(dot_only==1)) {
if(first != 1) {
printf (":") # if not first element, print ":" in front
}
printf ("%s",path[i])
first = 0
}
}
}
END { printf ("\n") }
Log "New PATH = $PATH"
fi
###################### End - Clean up $PATH for root ####################
C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP Electronic Support Center via electronic mail, do the following:
Use your browser to get to the HP Electronic Support Center page at:
http://us-support.external.hp.com
(for US, Canada, Asia-Pacific, & Latin-America) http://europe-support.external.hp.com (for Europe)
Login with your user ID and password (or register for one).
Remember to save the User ID assigned to you, and your password.
Once you are in the Main Menu:
To -subscribe- to future HP Security Bulletins,
click on "Support Information Digests".
To -review- bulletins already released from the main Menu,
click on the "Search Technical Knowledge Database."
Near the bottom of the next page, click on "Browse the HP Security Bulletin Archive".
Once in the archive there is another link to our current Security Patch Matrix. Updated daily, this matrix categorizes security patches by
platform/OS release, and by bulletin topic.
The security patch matrix is also available via anonymous ftp:
us-ffs.external.hp.com
~ftp/export/patches/hp-ux_patch_matrix
D. To report new security vulnerabilities, send email to
security-alert@hp.com
Please encrypt any exploit information using the security-alert PGP key, available from your local key server, or by sending a message
with a -subject- (not body) of get key (no quotes) to security-alert@hp.com.
Permission is granted for copying and circulating this Bulletin to Hewlett-Packard (HP) customers (or the Internet community) for the
purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to HP, and provided such
reproduction and/or distribution is performed for non-commercial purposes.
Any other use of this information is prohibited. HP is not liable for any misuse of this information by any third party.
________________________________________________________________________
-----End of Document ID: HPSBUX9907-100--------------------------------------
@HWA
59.0 Microsoft Security Bulletin (MS99-024): Patch for Unprotected IOCTLs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********************************
Microsoft Security Bulletin (MS99-024)
--------------------------------------
Patch Available for "Unprotected IOCTLs" Vulnerability
Originally Posted: July 06, 1999
Summary
======
Microsoft has released a patch that eliminates a vulnerability that could allow denial of service attacks against a Microsoft® Windows NT®
workstation, server or terminal server. An unprivileged program can disable the local mouse or keyboard on a server or workstation, and disable
the console mouse or keyboard on a terminal server.
Frequently asked questions regarding this vulnerability can be found at
http://www.microsoft.com/security/bulletins/MS99-024faq.asp
Issue
====
The IOCTLs that are used to obtain services from the keyboard and mouse drivers in Windows NT do not require that the calling program have
administrative privileges. A user-level program could use legitimate calls to disable the mouse and keyboard, after which the machine would need
to be rebooted to restore normal service. On a terminal server, such a program could disable the keyboard and mouse on the console.
Affected Software Versions
=========================
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Enterprise Edition
Microsoft Windows NT Server 4.0, Terminal Server Edition
Patch Availability
=================
Windows NT Server and Workstation 4.0:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/
fixes/usa/nt40/Hotfixes-PostSP5/IOCTL-fix/
Windows NT Server 4.0, Terminal Server Edition:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/
fixes/usa/nt40tse/Hotfixes-PostSP4/IOCTL-fix/
NOTE: Line breaks have added to the above URLs for readability
More Information
===============
Please see the following references for more information related to this issue.
Microsoft Security Bulletin MS99-024:
Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-024faq.asp.
Microsoft Knowledge Base (KB) article Q236359,
Denial of Service Attack Using Unprotected IOCTL Function Call, http://support.microsoft.com/support/kb/articles/q236/3/59.asp. (Note: It
may take 24 hours from the original posting of this bulletin for the KB article to be visible; however, a copy will be immediately available in
the patch folder.)
Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp.
Obtaining Support on this Issue
==============================
This is a fully supported patch. Information on contacting Microsoft Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.
Acknowledgments
==============
Microsoft acknowledges Mark Russinovich of Systems Internals (http://www.sysinternals.com) for discovering this vulnerability and reporting it to
us.
Revisions
========
July 06, 1999: Bulletin Created.
--------------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.
60.0 ZDNet: Does the media cause hacking?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- short preview of DEF CON 7.0 in Las Vegas, July 9-11. Article quotes
several experts, saying that the extensive reporting and fame given those who deface a government web page is
adequate incentive to do it
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Does the media provoke hacking?
By Robert Lemos, ZDNN
July 5, 1999 6:34 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2288043-2,00.html
Could the media be the cause of the recent rash of hacker outbreaks? The answer may come at
DEF CON 7.0, the world's biggest hacking spectacle, which kicks off this coming weekend.
DEF CON, an annual strange brew of security experts, law
enforcement officials, hackers and, yes -- "The Media" -- descends
upon Las Vegas this Friday.
The event will be televised. It will also be streamed on the Web,
reported upon for newspapers and Web sites, and written about in
magazines for months to come.
And all that attention has some media analysts questioning whether the media's coverage of
hacking and cyber vandalism promotes more of the same.
"Every step in the evolution of hackers, the media has gotten the story
wrong," said Jon Katz, a media critic with Slashdot.org and Wired Magazine.
"When the media uses the term 'hacker,' they are really talking about vandals.
It doesn't help that the media falls into the trap every time."
Graffiti on the Net
One indication of the media's effect on hacking: Such unwelcome Web
intrusions, at least anecdotally, are on the rise.
Boston-area security consultant B. K. DeLong says there have been more than 1,300 incidences
of Web-page defacements so far this year (he only began tracking the number of hacks late last
year).
They're certainly gaining in prominence: Several Web site hacks, including the WhiteHouse.gov,
Senate.gov and Army.mil, were covered extensively by major media such as CNN and the New
York Times, as well as by the electronic media, including ZDNet (NYSE:ZDZ) subsidiary ZDNN.
Whether you call them cyber vandals or hackers, they have the run of the Web, said DeLong.
Most sites hackable
"I personally think that 75 to 85 percent of sites are hackable," he said.
DeLong believes that if hackers leave these sites alone, it stems more from fear of potential legal
repercussions than problems breaking in.
One old-school hacker agrees that media publicity and the notoriety it guarantees keeps the hacks
coming. Like Katz, he doesn't view page defacements as hacks.
"Web-page defacing is not hacking," said Space Rogue, a long-time hacker.
Hackers have traditionally plied their trade in part to gain knowledge about computer systems. In
a Web page defacement, "there is really little knowledge gained [about the network], and no other
motives besides fame."
Space Rogue works with the security group L0pht Heavy Industries and runs the Hacker News
Network, an underground information site.
Members of the Keebler Elves, a cybergang that hacked the National Oceanographic and
Atmospheric Administration's Storm Prediction Center site last week, disagree.
"Defacing a site to me is showing the admins, government [and others]
that go to the site that we own them," wrote "soupnazi," one of the
founding members of the Keebler Elves, in a chat with ZDNN. "They
wouldn't even know we were in [their systems], if we didn't deface
[them]."
Only when they want to send a message do they deface a page,
soupnazi said.
"I've told the Keebler members that I'm not a big fan of defacing pages," he said. "I'd rather have
root [complete access] to someone's account."
Getting the message across
Another hacker, who claims responsibility for the Army.mil defacement, also defended the tactic.
"Messages can be gotten across, if you hit the right machines," said "t1edown" in a chat with
ZDNN.
The hacker theorizes that the seeming increase in defacements is partially due
to media coverage, which he thinks makes more kids want to learn to hack.
But he also thinks that gaping security holes are part of the problem.
For example, the Army.mil attack came through a known hole in the security
of a Web server tool, Allaire Corp.'s ColdFusion. Though a patch is
available, and L0pht says it informed the Army of the weakness in its
security, the Army failed to update all its servers.
Web defacement: A good thing?
But not everyone thinks Web defacement is necessarily bad.
Alex Fowler, director of strategic initiatives at the cyber-rights organization Electronic Frontier
Foundation, does not advocate hacking, but stresses that there can be valid reasons for graffiti.
Fowler paraphrased an African-American woman who attended a recent EFF panel on public
spaces in cyberspace, saying, "Graffiti is about a space for the disenfranchised to cry out and
inform those around them, even when anonymity has been forced upon them."
He added that graffiti -- cyber and otherwise -- is visible to those who may not agree with the
sentiments involved, unlike a Web page.
"Building AOLsux.com only preaches to the choir," he said. "You are not actually talking to the
people who like AOL or the ones that have not thought about the issue."
No danger?
Slashdot's Katz believes there is no danger in the defacements, and hardly any reason for media
coverage.
In fact, he blames journalists for confusing vandals with hackers, and turning them into Orwellian
villains.
"Ever since the end of the Cold War, law enforcement and the media have been short of bad
guys," he said.
"The people that the media calls hackers have done very little damage to the Net," he said. "They
are kids that like to show anonymous power. To make them into a serious menace, a danger to
society, is ludicrous."
@HWA
-=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
O
0
o
O O O
0
-=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
END of main news articles content... read om for ads, humour, hacked websites etc
-=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
HWA.hax0r.news
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
<a href="http://www.2600.com/">www.2600.com</a>
<a href="http://www.kevinmitnick.com></a>
+-----------------------------------------------------------------------------+
| SmoGserz's site ... http://smog.cjb.net/ NEWS on SCIENCE |
| =================== http://smog.cjb.net/ NEWS on SECURITY |
| NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET |
| http://smog.cjb.net/ NEWS on TECHNOLOGY |
+-----------------------------------------------------------------------------+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
<a href="http://www.csoft.net">One of our sponsers, visit them now</a> www.csoft.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
Send in submissions for this section please! .............
This sent in by FProphet;
Respect from the other side;
http://www.cutehtml.com/support/cracks2.html
cuteftp32300.zip by ZuLu
The text file with this crack says "Eliminates 30-day expiration,
checksums, and unregistered text." Notice that anyone can
disable checksums, but not necessarily all the hashes. ZuLu also
credits us as an "awesome FTP client." Thanks!
-=-
@HWA
SITE.1 http://smog.cjb.net
SiteOp: SmoG
Science, Technology, E-Books, News, Software, Security.. this site has been here
before and its back, they are growing and have matured a bit since the first attempt
at running the site, so stop by and add it to your daily/weekly bookmarks for fresh
stuff.
- eentity
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
Note: The hacked site reports stay, especially with some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
From HNN rumours section http://www.hackernews.com/
see the archives section on HNN or attrition.org for copies of many of these
sites in their defaced form.
http://www.attrition.org/
July 14th via HNN
contributed by Anonymous
Cracked
The following sites have been reported as compromised.
http://cta.ed.ornl.gov
http://www.cknights.com
http://www.learndifferent.com
http://www.npinc.com
http://www.atgwp.navy.mil
http://www.yokipc.navy.mil
July 15th via HNN
contributed by Anonymous
Cracked
The Following sites have been reported as being
compromised.
http://www.abissa.ch
http://www.iptv.org
http://www.wtvl.net
http://www.am1370.com
http://www.anothercomforter.com
http://www.zaffron.com
http://maps.arc.nasa.gov
http://www.wines-market.com
July 16th via HNN
contributed by Anonymous
Cracked
The following sites have been reported as cracked.
http://www.action-lane.com
http://www.alpine.com.au
http://www.autoshow.net
http://www.cnbca.com
http://www.cyberregistry.com
http://www.dragonfirecomics.com
http://www.engr.ukans.edu
http://www.fogodechao.com
http://www.itcsoft.com
http://www.tourism.gov.pk
http://www.universalpool.com
Hacked sites missed by HNN while in Vegas, courtesy of ATTRITION.ORG
Latest cracked pages courtesy of attrition.org
(www.ado.army.mil) Army Digitization Office
(www.cafac.com.ar) Camara Argentina de Fabricante de Ascensores y sus Componentes
(www.fruitstech.com) Fruits Tech
(www.privaterealty.com) Private Realty
(www.autoshow.net) Auto Show
(www.itcsoft.com) ITC Software
(www.action-lane.com) Action Lane
(www.engr.ukans.edu) University of Kansas School of Engineering
(www.cnbca.com) Cunningham, Northington, Boynton, Cook and Adams, CPA
(www.fogodechao.com) Fogo de Chão
(www.tourism.gov.pk) Pakistan Tourism Development Corporation
(www.dragonfirecomics.com) Dragon Fire Comics
(www.alpine.com.au) Alpine Audio, (AU)
(www.universalpool.com) Universal Pool
(www.cyberregistry.com) Cyber Registry
(www.abissa.ch) Abissa (CH)
and more sites at the attrition cracked web sites mirror:
http://www.attrition.org/mirror/attrition/index.html
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
<a href="http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html">hack-faq</a>
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
<a href="http://www.lysator.liu.se/hackdict/split2/main_index.html">Original jargon file</a>
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
<a href="http://www.tuxedo.org/~esr/jargon/">New jargon file</a>
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://packetstorm.genocide2600.com/hwahaxornews/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://bewoner.dma.be/cum/
<a href="http://bewoner.dma.be/cum/">Go there</a>
Brasil........: http://www.psynet.net/ka0z
<a href="http://www.psynet.net/ka0z/">Go there</a>
http://www.elementais.cjb.net
<a href="http://www.elementais.cjb.net/">Go there</a>
Canada .......: http://www.hackcanada.com
<a href="http://www.hackcanada.com/">Go there</a>
Columbia......: http://www.cascabel.8m.com
<a href="http://www.cascabel.8m.com/">Go there</a>
http://www.intrusos.cjb.net
<a href="http://www.intrusos.cjb.net">Go there</a>
Indonesia.....: http://www.k-elektronik.org/index2.html
<a href="http://www.k-elektronik.org/index2.html">Go there</a>
http://members.xoom.com/neblonica/
<a href="http://members.xoom.com/neblonica/">Go there</a>
http://hackerlink.or.id/
<a href="http://hackerlink.or.id/">Go there</a>
Netherlands...: http://security.pine.nl/
<a href="http://security.pine.nl/">Go there</a>
Russia........: http://www.tsu.ru/~eugene/
<a href="http://www.tsu.ru/~eugene/">Go there</a>
Singapore.....: http://www.icepoint.com
<a href="http://www.icepoint.com">Go there</a>
Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine.
<a href="http://www.trscene.org/">Go there</a>
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
© 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]
