Copy Link
Add to Bookmark
Report
b-z1ne 01
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
::ÆÆÆ[www.blackhat.cx]ÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆ::
____________
--)-----------|____________|
,' ,'
-)------======== ,' ____ ,'
`. `. ,' ,'__ ,'
`. `. ,' ,'
`. `._,'_______,'________________[ vol.1 <=> issue#1 ]
__________.____ _____ _________ ____ __.__________.___ _______ ___________
\______ \ | / _ \ \_ ___ \| |/ _______ /| |\ \ \_ _____/
| | _/ | / /_\ \/ \ \/| < / / | |/ | \ | __)_
| | \ |___/ | \___| | \__/ /__| | \_| \
|______ ________ ____|__ /\______ _____|__ __________\___\____|_______________/
\/ \/ \/ \/ \/ @logicfive.net
.-"" |=========================== ______________ |---------------------------------
"-...l_______________________ | |' || |_]__ |
[`-.|__________ll_| |----- www.blackhat.cx --------
,' ,' `. `. | (c) The BlackHat Project |
,' ,' `. ____`. -------------------------------
-)---------======== `. `.____`.
__ . .
/ /\ `.________`.
_ / / \ --)-------------|___________|
,-- / /\/ / \ -,
| ,/ / \/ / |----> the table of contents
,---| \ \ / |---------------------------------------------------------------,
| `-- \ \ / -----' " Laws are like sausages,
| `\`*_' it is better not to see them being made. " - Otto von Bismark
| \__________________________________________________________________________'
|
|:0x01 - Welcome...................................................................lkm
| > Introduction..............................................................rza
| > About BlackHat............................................................lkm
|:0x02 - News..................................................................lkm&rza
| > WRITERS...............................................................lkm&rza
|:0x03 - Why?......................................................................rza
|:0x04 - What is wrong with security industry (brief)?.............................rza
|:0x05 - Why not to DDoS?..........................................................rza
|:0x06 - What is Script kiddie ?...................................................lkm
|:0x07 - Help the Telco business and DDoS!.................................A.Nonymouse
|
`-------------------------------------------------------------------------------------'
::###############################################################[www.blackhat.cx]###::
#:0x01 Welcome
:> Introduction.
Blackhat Community has always been more or less underground. That is just normal if you think
the nature of the scene. Misunderstood and mysterious group of people is often judged in
world-wide media. Blackhat Magazine or E-zine is trying to bring the community near to common
people and it tries to break the common stereotypes made of "hackers". Every blackhat is not evil,
they just dont want to live in this many ways cruel society.
For them cyberspace and coding is the way to make the difference. Dont judge understand.
:> About Blackzine.
COMING SOON!!!:)))
#:0x02 News.
:> WRITERS
The blackhat magazine is still looking for people who are willing to contribute articles
about almost anything related to subject. Contact either lkm or rza.
#:0x03 Why?
I started to write for boredom. And then i got idea to make a ezine. I
had support from lkm and few mates and so I thought that this idea could
work. I apologize for typos and loadda mistakes in this first issue.
hAvE pHuN:)
#:0x04 What is wrong with security industry?
Terms:
Blackhat = "hacker" (term that media uses)
Whitehat = good, good boy!
Greyhat = a blend of lil` bit of both.
Whitehat has always been the favorite of the media. Everybody loves the
ones who protect your intrests but you just dont understand who really
does the work. Security business would be no business without the so
called "bad boys". Is it so evil to exploit the faults of professionals?
Why arent they responsible for writing bad code which can be exploited?
Security industry gives you an impression that they do everything for
security and they are the hardworking people who does everything for any
effort. They are not, sad but true.
Microsoft is a good example of the rotten and paradoxal security industry.
It makes propably millions with update packs, second editions
and so on..And all those you need for their mistakes. Kinda odd to my
point of view. So is there any idea to make invulnerable software? That is the
main issue within whitehats, because making it would make them
unemployed.
Security managers always talk about "long-term investments",
"going down now but soon coming up" and so on. They got no real value in
their companies but they need investments from stock market. Thats why
you see people in suits smiling in TV even if their companies would be
going down and fast. You dont need to believe them. you dont need to
invest your money to wasteless industry.
Blackhats are the dying community of ethically equipped programmers and
developers. They dont ask money for their work and they make it to show
the common errors in
programs. In their own way they help the sec industry which most them
prolly hate. It is just unfair that security consult gets fat money for
just talking about other peoples work. Blackhats dont enforce kiddies to
"gcc exploit.c -o exploit; ./exploit", they just
give the tools for it, which isnt yet illegal as far as i know. Blackhat
lives for better and faster code. Blackhat drinks pepsi or
coca-cola(both trademarks:). Blackhat is ready to give his life for
opensource.
Im not trying to make blackhats like gods here. Im just trying give
another point of view to this everlasting judging of blackhats. You
gotta remember that many of the
security industry people are ex-blackhats, and they have done things
that they dont want to be exposed. Blackhat ezine will continue untill
it gets shutdown for speaking the truth (LOL?)
#:0x05 Why not to DDoS?
I was too tired to describe all terms used. If you dont understand what is DDoS
it is prolly useless to read this article.
Why to DDoS? The most common reason for DDoS I`ve met is the eternal "war" in IRC.
Mirkwargoups war over channels and the most common method is to ping timeout all
ops, split a ircserver and gain ops. Then you can close the chan and think youre
"eleet". You might ask why the @ before ones nick is so important, but
for "cReWz" it is the sign of power and makes one think that he is some way skilled.
Then you can close the chan and think youre"eleet". There is also packetmonkeys
who are unable to have "intelligent" conversationand DDoS is a good way to silence
the opposite point of view. Ethically and morally it is very judged but in the age
of 13 you rarely can show any signs of maturity or moral developement.
Why is it so wrong to DDoS? It is hard to judge ones own choices but the main issue
is the harm one causes to normal non-related users. There are many IRCserver which
have quit the free service cause of the amount of DDoS they had. It is not easy to
do the best you can and just watch when some 13 yrs old kiddo ruins your work. There
is propably only one sector which benefits from packeting. Security industry. Im not
saying they cause it but they get a lot of money for defending larger and smaller servers.
So when you .mack you support the worst enemy of the free software and that way youre
a part of ruining the blackhat community. Also free shell-providers often limit the IRC
access for the fear of packets. In free service ping timeouts would be too heavy on
the expences on bandwith and so on.
How to avoid DDoS? Often packeting comes from your own behavior. If you dont get too cocky
or takeover channel you dont get packets. Sounds too simple but its partly true. Of course
there is also people who do it for the "joy" and overhelming feeling of power or
the ones who just hate good services like www.google.com(*dont bring it down*).
#:0x06 What is Script kiddie ?
1) The lowest form of cracker , script kiddies do mischief with scripts and
programs written by others, often without understanding the exploit they
are using. Used of people with limited technical expertise using
easy-to-operate, pre-configured, and automated tools to conduct
disruptive activities against networked systems. Since most of these tools
are fairly well known by the security community, the adverse impact of
such actions is usually minimal.
2) People who cannot program, but who create tacky HTML pages by copying
JavaScript routines from other tacky HTML pages. More generally,
a script kiddie writes (or more likely cuts and pastes)
code without either having or desiring to have a mental model
of what the code does, someone who thinks of code as magical incantations
and asks only "what do I need to type to make this happen?"
#:0x07 Help the Telco business and DDoS!
As you probably have heard allot of Telco's -the real backbone ISP's-
are getting bankrupt.
This comes because there is more bandwidth capacity then really needed.
Because of this fact, companies are having big competition with each
other, just to sell their bandwidth and get some of the investment
back.
In the last year not allot of bandwidth was consumed, this because
major
League of DDoS stopped, or where forced to stop by governments all over
the world.
The problem of DDoSsen is a political one not a technical one.
With proper configuration of infrastructure and their components DDoS
can be exterminated.
The only problem is, that THE WHOLE WORLD that is connected should do
it. Companies that sell equipment that could be connected to public
Infrastructure should be punished if their products are abused, or
could be abused.
If you buy a car or some brand, and all those cars don't have good
Working break, causing allot of injury, then -certainly in the USA- the
Company would get Sued and often must pay allot of money.
With companies that sell equipment to get on the digital highway this
Isn't the case.
Companies such as -but not only- Microsoft, Cisco etc.. sell their
Product with no or poorly configured OS by default.
Almost every product they sell can be abused if it is installed right
from the box.
Some UNIX claim to be save, such as Openbsd, but if you check the
inetd.conf, then you can conclude that ANY UNIX box would be save if u
Used that inetd.conf.
There is not any service enabled, and that should be configured as
Default on ANY product.
People should be forced to read the fucking manual before they can
start Using insecure configuration online.
In that case the software/hardware company shouldn't be liable any
more, but the people who connected the insecure configuration online.
At this moment, backbone ISP's (Telco business) is making money out of
TRANSIT -not peering- traffic.
The more people DDoS the more unused bandwidth is used, the more money
they make.
Allot of people don't know how the glasfibre/coper (SDH/SoNet) network
are financed, and how they make money out of it.
It is real simple.
Client <----> ISP A <---> ISP B <---> ISP C <--->
The clients want to send/receive data to ISP C.
First of all the border router of his ISP (ISP-A) has a BGP routing
table, and knows how to get this shit cheap to ISP C
If there is a peering point (some physical -or virtual- place where
routers of ISP's are placed) they can have make an agreement on peering.
This means that traffic in or/and out the 2 domains, is send directly.
The route is establish through the peering point, which is cheap,
because they only rent some staging space for their Access router, a UTP
or fibre slot in the peering CORE router
Through the peering CORE router they can set up any peering with any one
who also has a access router on the peering point.
The route will always be through that place, and cannot be forced to go
through another ISP, unless you change the BGP table.
In this case your traffic should go easily from ISP-A to ISP-C without
the USE of ISP-B.
ISP-B doesn't make any money out of you.
If there isn't a peering agreement, then the traffic is called TRANSIT.
This means that traffic is going to follow a route which has to be paid
for.
ISP-A could be a customer of ISP-B or have a peering agreement with
them.
ISP-C could also be a customer or have peering agreement. (of is a
Customer of another customer or peering agreement holder with ISP-B)
In this case ISP-B is getting PAID to get traffic through.
-when you do several trace route to different destinations, and you see
ALLOT different of hops (not the first few!), it's probably transit
Traffic, the first hops are the ones of you own ISP and somewhere there
Peering point with their top-level ISP-
The only ISP's with cable with connect cities -city rings-, provinces,
Countries and continents are Telecom companies. (Worldcom is a big one)
Those companies often DO NOT PEER with others.
It just costs them money.
They only will peer if they benefit from it big time.
They also will be buying major content providers or big Webhosting
Companies, so that ALLOT of bandwidth is going to be consumed over
their Infrastructure.
They even would host big sites -CNN, movie/mp3 sites etc..- For free.
(If they wanted too, and are having a clue)
Because every byte send from those BIG sites, and which leave their
Infrastructure is PAID for.
The more the bandwidth the more they get paid.
This is why DDoS isn't that bad from their perspective.
It is useless, and retarded to do DDoSS.
But packeteers/DDoS-retards are helping the economy this way.
Unless ISP's get a clue and understand -managers don't understand the
Story as described here- that bandwidth cost money, until then the only
big supporters of DDoS are Backbone ISP's -Telco's- which have problem
In the market that there is more bandwidth then needed.
Backbone ISPs -Telco's - can do allot in detecting and eliminating DDoS
Attacks.
The only reason they do not do something about it is because of the
fact They make money out of it.
If a Backbone ISP -Telco- is originator of the attack or suffering from
an attack inside their infrastructure then they take immediately
Countermeasures, because this cost them money.
But detecting and defeating attack that occur outside of their
infrastructure only costs money, and that will not be paid by a
customer nor by the attacker.
Besides this, they also wouldn't be selling the used bandwidth caused
by the attack.
So their costs is (monitoring/detecting/defeating attack) + (not
used/sold bandwidth)
+ interest on their investments (those unused or barely used fibres
cost money!
So is DDoS bad?
From certain point of view it is not.
When all DDossing would stop today, allot of Backbone-ISP (Telco's)
would get in trouble.
And then allot of bandwith that was used consumed by DDoSSing, will come
free, and the bandwith market will fall.
Causing bankruptcy, unemployment and more importent lesser backbone-ISP
which will make internet more expensive.
We as consumer of the internet will pay more for the same service, or
even lesser bandwidth.
Unemployment of backbone-ISP personal is also a real concern.
If they get bored and annoyed because they can't good paying jobs, they
might become a threat for the internet.
So if you judge about ddossing (or anything else), think about the
consequents.
The whole world is one big network, and everything is keeping something
in balance.
------------------------------------------------------------------------------------::
gr33tZ: blackhat@IRCnet !!, aurecom , ack- , moogz , bajkero , henray , #darknet@EFnet
izik, I-Busy and all the bitches i forgott :)
!! + feedback: office@blackhat.cx + !!
::###############################################################[www.blackhat.cx###::
Brought to you by
:::::::. ::: :::. .,-::::: ::: . :: .: :::. ::::::::::::
;;;'';;' ;;; ;;`;; ,;;;'````' ;;; .;;,. ,;; ;;, ;;`;; ;;;;;;;;''''
[[[__[[\. [[[ ,[[ '[[, [[[ [[[[[/' ,[[[,,,[[[ ,[[ '[[, [[
$$""""Y$$ $$' c$$$cc$$$c $$$ _$$$$, "$$$"""$$$ c$$$cc$$$c $$
_88o,,od8Po88oo,.__ 888 888,`88bo,__,o, "888"88o, 888 "88o 888 888, 88,
""YUMMMP" """"YUMMM YMM ""` "YUMMMMMP" MMM "MMP" MMM YMM YMM ""` MMM
#BlackHat@IRCnet <-> www.BlackHat.cx
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
