[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 26 Volume 1 1999 July 24th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== http://www.fourmilab.to/hackdiet/www/hackdietf.html - The Hacker's Diet: How to lose weight and hair through stress and poor nutrition And joke of the week: http://support.microsoft.com/support/kb/articles/q149/9/62.asp HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://packetstorm.harvard.edu/hwahaxornews/ * DOWN * http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #26 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #26 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. NetBus suffers same industry pitfalls as Bo2k.................... 04.0 .. Spreading Viruses Equal A Terrorist Attack ...................... 05.0 .. Y2K Bug Fixes May Cause Other Problems .......................... 06.0 .. Security Fears are Slowing UK E-Commerce ........................ 07.0 .. More Defc0n than you can shake three sticks at................... 08.0 .. How to Look Like a Hacker.(quite hilarious really)............... 09.0 .. AV Vendors Still Scrambling Over BO2K ........................... 10.0 .. The Back Orifice 2000 Controversy................................ 11.0 .. Year Old IIS Hole Still Causing Problems ........................ 12.0 .. NCIC 2000 Now Online ............................................ 13.0 .. E-commerce Increases Security Risk .............................. 14.0 .. Cyberspace Relatively Safe ...................................... 15.0 .. AntiOnline Under Investigation .................................. 16.0 .. Parse Defcon Video Available .................................... 17.0 .. cDc Challenges Microsoft to Recall SMS (wicked!)................. 18.0 .. BlackHat Insiders Want to Quit Security Biz...................... 19.0 .. Attrition Closes Down Negation .................................. 20.0 .. ISS Offers Cracking Tools ....................................... 21.0 .. IBM Researching Proactive Security .............................. 22.0 .. InET Issue #3 ................................................... 23.0 .. National ID Card Law Set to be Enacted .......................... 24.0 .. Local Agencies Not Concerned About Computer Intrusions .......... 25.0 .. Microfraud Becomes Big Deal ..................................... 26.0 .. China Arrests One After Posting to Internet ..................... 27.0 .. The Truth About Abe - MTV "Punk Hacker" ......................... 28.0 .. This is just silly: BO2Kfun Page Shut Down From Overuse ....... 29.0 .. Man Sentenced for Using Cell Phone .............................. 30.0 .. HILLARY CLINTON AND HACKERS...................................... 31.0 .. SAMBA 2.0.5 SECURITY FIXES....................................... 32.0 .. SECURITY STANDARDS FOR BANKING................................... 33.0 .. What makes UNIX users so smart? ................................. 34.0 .. Statement by Legions of the Underground Released ................ 35.0 .. L0pht Releases Public Beta of AntiSniff ......................... 36.0 .. Bill to Limit Crypto Exports Approved ........................... 37.0 .. Russian and Ukrainian Govs Monitor Internet Communications ...... 38.0 .. Here we go again, Mitnick to be Sentenced on Monday (Supposedly) 39.0 .. Virus Infestations on the Rise (?)............................... 40.0 .. Do Handheld Electronics cause Problems with Avionics? ........... 41.0 .. Alert: RDS IIS vulnerability/fix ................................ 42.0 .. Highschool crackers.............................................. 43.0 .. Unauthorized Access to IIS Servers through ODBC Data Access with RDS 44.0 .. Who's fault is the Y2K bug?. .................................... 45.0 .. CERT ADVISORY CA-99-09........................................... 46.0 .. Tracking Criminals With New Technology........................... 47.0 .. 3Com HiPer Arcs Community Name Vulnerability..................... 48.0 .. Aleph One in Tokyo............................................... 49.0 .. Windows2000 introduces Public Key Encryption..................... 50.0 .. Remote OS detection via TCP/IP Stack FingerPrinting (Extra)...... =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: Aug19th-22nd Niagara Falls... ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ News/Humour site+ ................http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ Link http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 Link http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack Link http://www.ottawacitizen.com/business/ Link http://search.yahoo.com.sg/search/news_sg?p=hack Link http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack Link http://www.zdnet.com/zdtv/cybercrime/ Link http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) Link NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm Link http://freespeech.org/eua/ Electronic Underground Affiliation Link http://ech0.cjb.net ech0 Security Link http://axon.jccc.net/hir/ Hackers Information Report Link http://net-security.org Net Security Link http://www.403-security.org Daily news and security related site Link Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe, visit http://www.counterpane.com/unsubform.html.� Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.� He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest�� Sun� 14 Feb, 1999�� Volume 11 : Issue 09 �� ISSN� 1004-042X �� Editor: Jim Thomas (cudigest@sun.soci.niu.edu) �� News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) �� Archivist: Brendan Kehoe �� Poof Reader:�� Etaion Shrdlu, Jr. �� Shadow-Archivists: Dan Carosone / Paul Southworth �� Ralph Sims / Jyrki Kuoppala �� Ian Dickinson �� Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Also shouts to; kimblerj and xochitl13 who dropped off postcards, tnx guys! Ken Williams/tattooman of PacketStorm, hang in there Ken...:( & Kevin Mitnick (watch yer back) kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN ********* SEE AA.A + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ NO DINERO, NO DOMAIN (TECH. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/technology/story/20878.html Network Solutions will demand advance payments for domain name registrations in a move designed to squelch cyber-squatters. By Debbi Gardiner. Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* * Issue #26 * * What can I say? the press is full of bullshit stories * about defcon and bo2k, guess nothing else happened * lately.... slim pickings indeed. * * hwa@press.usmc.net * */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 NetBus suffers same industry pitfalls as Bo2k ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ NetBus Pro - Remote Admin Shareware or Evil Tool contributed by sprfish NetBus is facing similar problems as Back Orifice from AntiVirus companies. NetBus, a $12 shareware program, is classified as a 'hacker tool' and is detected and removed by all of the major AntiVirus software makers. The authors of NetBus have contemplated suing the AV companies claiming that they are trying to protect their own remote administration programs while squashing the competition. MSNBC http://www.msnbc.com/news/290766.asp NetBus maker to sue anti-virus firms? Back Orifice-like tool is removed by virus software; authors say that�s hurting sales, and the tool�s legit By Bob Sullivan MSNBC July 16 � While one �remote administration tool,� Back Orifice, stole headlines last week, authors of the another well-known back-door program, NetBus Pro, were gearing up to sue for the right to sell it. Anti-virus software currently detects and removes NetBus, another program that lets intruders take control of a victim�s PC from anywhere on the Internet. NetBus Pro authors, who charge $12 for the product, say it�s a legitimate software tool. They might sue anti-virus vendors for interfering with their right to sell it IT�S A STICKY STORY. The first version of NetBus was a favorite among hackers � it even included easy ways to taunt victims, such as buttons to open and close a victim�s CD-ROM door. Earlier this year, author Carl-Fredrik Neikter came out with an updated version, which he said was redesigned to be used as a professional �remote administration tool.� And he started charging a $12 registration fee. But anti-virus software companies, noting that NetBus can still be used by hackers, treat the program like a virus. That makes NetBus and any anti-virus program incompatible, and NetBus Pro owners say that�s stifling their sales. Even worse, according to Neikter�s partner Judson Spence, it�s anti-competitive � he says the anti-virus companies are squelching his product because it�s competition for their remote administration software. Symantec, which makes Norton�s AntiVirus Utility, sells remote administration tool PC Anywhere for $159. �On its face, it looks like a good case,� said attorney Mark Rubin, who has been retained my NetBus. �The product belongs to a corporation. It�s designed to do a function. You�ve got another business telling people, �You can�t use that product� ... You�ve got Symantec saying you shouldn�t use NetBus Pro. That�s the classic definition of an anti-competitive act.� Members of the Cult of the Dead Cow, which authored Back Orifice, agree with Rubin�s premise. Back Orifice is also removed by anti-virus programs. �It�s a huge problem for anybody who wants to use our product legitimately that they have to completely disable their AV software to use BO2K,� said a member calling himself Tweety Fish. �We�ve talked about suing them, but since our product is free, and we gain no income from what we do, the legal fees would probably be prohibitive. From what we can tell, we would have a pretty good case.� Anti-virus companies say while this might be an interesting intellectual debate, it would be a silly court case. NetBus is a hacking tool, they say, designed to run on victims� machines without their knowledge. The lawsuit would be frivolous, as it would be difficult to persuade a judge that NetBus is a legitimate software product. �Our policy would be if they were to release a version which very clearly identifies itself as NetBus every time it ran, then we would not detect that,� said Stephen Trilling, director of research at Symantec�s Antivirus Research Center. Further, he said, Norton users are given an option when NetBus is detected � they can leave the software on their machine. He denied Symantec would ever consider using Norton�s AntiVirus program to disable a competitive product. �We�re in the business of protecting customers,� he said. The issue does have some shades of gray � when NetBus was released in February, Data Fellows� F-Secure product initially didn�t detect the new NetBus, deferring to the notion it was a commercial product. But later, after customers complained, NetBus detection was added. �Net administrators I know would get fired for using NetBus,� said Dan Takata, spokesman for Data Fellows. �It can be used for good, but it�s inherently a hacker program.� That�s just not so, complains Spence, who says more than 700,000 copies of the program have been downloaded, and about 2,000 people have registered copies of the program. He says several corporations, and even the U.S. Air Force, are interested in using NetBus as an administration tool. �I�m optimistic that once we raise the issue, legal departments [at AV companies] will act,� says Rubin. �Every day this costs money to NetBus Pro.� @HWA 04.0 Spreading Viruses Equal A Terrorist Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by nvirB Andre Gauthier, chairman of the Information Technology Association of Canada thinks that people who create and or spread viruses should be treated as terrorists and should have stiffer penalties applied to them. The ITAC recently requested the Canadian government increase the penalties for these types of crimes. Edmonton Journal http://www.edmontonjournal.com/technology/stories/990716/2615262.html Get tough on computer-virus makers, Ottawa told Rogue programs that play havoc with computer files seen as equivalent to a terrorist attack Philip Demont Southam Newspapers; Southam News Ottawa has to get tougher with hackers who send file-destroying computer viruses over the Internet, the industry association representing Canada's computer industry said Thursday. The mischievous makers who devise programs that destroy corporate computer files and cause entire high-tech systems to collapse are getting away with a slap on the wrist for a crime that is costing the Canadian economy millions annually, said Andre Gauthier, chair of the Information Technology Association of Canada and senior vice-president of LGS Group Inc. "Too many people consider these things as funny. But sending a virus is just like launching a terrorist attack on a company," Gauthier said. ITAC, which represents 1,300 Canadian software and hardware companies, sent a letter Thursday to federal Justice Minister Anne McLellan asking her to increase the penalties for this kind of crime and to work more closely with other law enforcement agencies globally to track down virus makers. Over the past several months, the Chernobyl, Melissa and Worm-Explore.Zip viruses made headlines internationally as they attacked the computer systems of corporations and government agencies in many countries. Viruses are programs that enter a computer system through the e-mail or other external links and then cause havoc in the network, everything from exploding fireworks on a person's computer screen to the elimination of stored files on the system's hard drive. In many cases, these hackers are people who enjoy the intellectual challenge of writing. In other situations, they are only after the publicity these viruses can receive, causing people to treat these crimes as less dangerous. "But (in the information age), a crime no longer requires a .45-calibre Magnum. We have to deal with these things in a far more serious manner. They do a lot of damage," said Robert Lendvai, vice-president of marketing at OLAP@Home Inc., an Ottawa-based software programmer. For instance, one Ottawa public relations firm had to close its doors for one day to repair the damage from the Melissa virus, he said. ITAC's Gauthier figured Canadian corporations and governments lose $100 million annually because of these computer bugs. That figure was extrapolated from the $1-billion US loss estimated to American corporations derived from an earlier U.S. study. Companies are getting help in the form of more sophisticated virus detection programs, now "a basic protection" for any smart firm, said David Lynch, vice-president of sales and marketing of KyberPASS Corp., an Ottawa-based electronic commerce software maker. These detection programs generally work by looking for indicators within a corporate computer system that change for an unexplained reason. In that case, the program will send a warning that you may have a problem. "But viruses are always going to be with us," he said. KyberPASS was hit by three viruses in the past year, two of which entered the system through the company's e-mail and one when someone in the corporation downloaded an outside file, Lynch said. "It's computer vandalism. Some of it is paint on the walls. And some is like throwing eggs at the door," he said. @HWA 05.0 Y2K Bug Fixes May Cause Other Problems ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid Sure, the programmers who are busy patching up old Cobal code to correct the massive Y2K problem may leave in their own backdoors. Of course that is possible but how widespread is this problem really? Is the claim of $1 Billion dollars lost accurate or just FUD? I guess there is no way to really know for sure. MSNBC http://www.msnbc.com/news/290746.asp More fud and sensationalism....; Beware the millennium bug repair The people hired to root out the Y2K bug could give themselves the keys to billions of corporate dollars By Jim Miklaszewski NBC NEWS CORRESPONDENT WASHINGTON, July 16 � Security experts believe that computer fraud, linked directly to the so-called Year 2000 computer bug, will cost America�s big business big money. In fact, one firm predicts that in a single computer theft, some American business will lose $1 billion. It could potentially be the biggest corporate heist in world history �CLEARLY, SOMEONE is going to be hit on their balance sheet pretty hard,� said Bob Mack, vice president of the Gartner Group. Ironically, the companies themselves may be hiring these potential computer crooks without even knowing it. Most major firms are using outside consultants to rid their computer systems of any potential Y2K bugs. But to do that, these consultants are given access to the companies deepest, darkest, most sensitive computer secrets and codes � leaving the companies and their computers wide open to theft. �They have to have access to your most critical systems. You�re essentially giving them the keys to the kingdom,� said Ira Winkler, chief of the president�s Security Advisors Group. The consultants, it�s feared, can insert their own codes into a company computer � trapdoors � that would permit them to hack back into the system at will. �They�re inserting malicious activity, if you will, into the code that will allow them to do things that the code was never allowed to do,� said Mike Higgins, of Para-Protect Services, of Alexandria, Va. Once inside, the computer thieves could electronically steal money or the companies� latest trade secrets, be it the latest cure for cancer or design for a new sneakers, potentially worth billions of dollars. �Why do people hack into computers today in the business world?,� Higgins said. �Because that�s where the money is.� And global financial systems are largely electronically connected now, and the interconnection is only expected to increase. �Y2K remediation, by definition, creates and increases the opportunity for theft and fraud,� said Joe Pucciarelli, a Gartner analyst, in a statement on the company�s advisory. Advertisement �Given the enormity of the Y2K task, the vast number of people assigned to fix the problem, and the element of human foibles, at least one significant theft is likely to occur in the next five years,� Pucciarelli said. Corporations must keep a close eye on staffers and consultants working on Y2K projects, said Bob Mack, another Gartner analyst, in an interview. �The point we�re making is that there are things corporations can do to limit fraud,� Mack said. All Y2K bug-fixing efforts should be audited by third parties if possible, and detailed records should be kept on all Y2K projects. Once planted, these back doors could go undetected forever � leaving some companies vulnerable long after the Y2K New Year�s celebration. Mario Seminerio of ZDNN contributed to this report. @HWA 06.0 Security Fears are Slowing UK E-Commerce ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Fears over the lack of security on the internet is slowing the progression of e-commerce in the UK said attendees of TheEcademy an advisory group to the British government. This groups feels that these fears over the lack of security on the net are unfounded and misplaced. One attendee was quoted as saying "There is no security problem." What world do these guys live on? Tech Web http://www.techweb.com/wire/story/TWB19990716S0018 Scary Security Stories Hinder E-Commerce (07/16/99, 4:06 p.m. ET) By Madeleine Acey, TechWeb LONDON -- Unwarranted hype over the security risks of e-commerce has led to misplaced fear about setting up in Internet business. This was the view of IT vendors, analysts, and lawyers who gathered in London on Thursday to create an advisory document for the U.K. government on how to spur reluctant British businesses into e-commerce. The 50-member group, all part of TheEcademy -- an e-commerce education forum, also said regulation would be an inhibitor and had already held back progress. "There is no security problem," said Frederick Wilson of Lloyds TSB banking group. "There's only one problem -- people don't understand. We have to convince customers it is secure." Other delegates said people let technophobia cloud the issue and needed to realize e-commerce was no more insecure than any other type of business. "All the security and payment issues we have, have always existed in business," said one. "How secure is your shop or your head office?" said another. EDI works globally and has been around for years without issues, a third pointed out. Microsoft U.K. e-commerce business manager Peter Bell said Visa was the "biggest proponent" of scare stories. "They say there's 45 percent fraud on the Internet," he said. But online businesses like Expedia sold $1 million worth of travel tickets last year without one security incident, said Durlacher European Internet Analyst Sarah Skinner. A show of hands found most of the group felt the U.K. telecom industry and its regulation -- or lack of regulation -- was holding back e-commerce. Bell said British Telecommunications' contracts only let customers run data at 64K over their lines. "People should ignore it, let BT sue you," he said. Government regulation is supposed to ensure the near-monopoly BT operates fairly. Many agreed e-commerce worked best when governments didn't try to legislate for it. "Our objective would be to take as much regulation out of the equation as possible," said TheEcademy chairman Thomas Power. Russell Loarridge suggested the government publish a code of practice to prevent spamming -- people would only receive marketing e-mail if requested. Another delegate said the EU - led by a British Labor politician -- had already voted for the opposite. The group agreed the IT industry was partly to blame for resistance to e-commerce as it used language that was alien to many businesses. They said the success stories -- and how they were achieved -- should be publicized to counteract the fear of credit card details being stolen, payments not being made, and systems falling over. "We need people with the business experience to be visionaries to encourage the same sort of transition [as when businesses first moved from manual processes to computer systems]," one member of the discussion forum said. "People want to know, how has someone else done it," another offered, suggesting TheEcademy publish boilerplate guides to adopting e-commerce. A working document would be produced from the group's meeting, Power said, and be presented to the Department of Trade and Industry. @HWA 07.0 More Defc0n than you can shake three sticks at ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ Forbes:http://www.forbes.com/tool/html/99/jul/0716/feat2.htm Defcon Live! By Adam L. Penenberg ildog, a member of the hacker group Cult of the Dead Cow, is lounging in his hotel suite, a smile smeared on his face. Being Las Vegas in July, the temperature outside is 100 degrees, but Dildog is air-conditioned cool. The unveiling of his latest software upgrade for Back Orifice--a not-so-subtle dig at Microsoft's Back Office--was a success, a raucous party that had more in common with a heavy metal concert than a software release. A gaggle of groupies, most of them in their twenties and dressed in noir black, with tattoos, piercings and scraggly hair, wait for him. They sit cross-legged on the carpet, availing themselves to a well-stocked minibar piled high with bottles of vodka, bourbon, whiskey. Cult of the Dead kicked off the conference with a laser-light show, culminating in a deafening electronic moo sound. Of the 3,000 hackers, crackers, geeks, "scene whores" (hacker groupies), computer security professionals, journalists, undercover cops and federal agents who attended this year's Defcon hacker convention, 2,000 of them crammed into a conference room at the Alexis Park Hotel to watch the "BO2K" release. Last year, Cult of the Dead Cow had chosen Defcon to release the first version of its Back Orifice. Written by fellow Cult member Sir Dystic, it works on Windows 95 and 98 machines by secretly creating a backdoor so that a remote user can control all functions on those computer. The upgrade Dildog coded is designed to work with networks that run on Windows NT, and it hides itself extremely well. While software makers, computer security companies, antivirus makers and law enforcement say the release of BO2K is just a way for hackers to legitimize illegal computer intrusions, Dildog claims he is just trying to point out potential problems with Microsoft's software. Computer security companies are "afraid to admit that their detection system is horribly and possibly irreparably flawed," he says. "[They] give people the impression their software 'raises the bar' against the average hacker. Unfortunately, this also fools people with really critical networks into thinking that this software is sufficient to protect them. People trusting this stuff to protect them from Trojan horses are in for a surprise." Cult of the Dead Cow members didn't come all the way to Las Vegas to disappoint, and they didn't. They kicked off the conference with a laser-light show, culminating in a deafening electronic moo sound. The crowd roared. Then, while Dildog and his associates explained their don't-blame-us-if-Microsoft-products-suck philosophy, a CD-ROM label was projected on the wall behind them, a cow head spinning and spinning. At the end of the presentation, Cult members flung some two dozen CD-ROMS containing the Back Orifice update. The crowd surged forward. Antivirus makers and computer security company reps watched closely, hoping to later corral someone with a copy. The first one to crack the program would win bragging rights, their names in a press release, perhaps even a mention in some magazine or newspaper articles as heros who thwarted the evil intentions of the Cult of the Dead Cow hacker gang. n employee of ISS, the big-time computer-security company based in Atlanta, Ga. threw himself into the mob and somehow snagged a copy. Within 24 hours, the company would crack parts of the program and release an application that could identify it. At the time, Dildog didn't know this, and even if he had he wouldn't have cared. In an earlier Internet conversation, an ISS employee approached him and asked how much of a bribe it would take for him to pass the company an advance copy of the software, he claims. As a joke, the Cult sent back a note saying it would take $1 million and a monster truck, the idea they ostensibly got from "Hack Heaven," the sham article written by former New Republic associate editor Stephen Glass. ISS denies the company ever offered money for the software. Some hackers thought the spectacle undermined Dildog's credibility and made him look arrogant. Although ISS has been more than happy to play up the fact that it can detect the software, Dildog says he fully expected that companies would not only reverse engineer it, they would soon come up with a removal tool. That is why he released his software as "open source." That means hackers the world over can tweak the code to suit their needs. For every new version that hits the Net, computer security companies will have to create new ways to counter it. Although antivirus makers have been pretty good at picking up polymorphic versions of the same program, it will be interesting to see what the overall impact of BO2K will be. Often, network administrators forget to apply the latest versions of antivirus software, or incorrectly configure parts of their network, leading to holes that would enable BO2K to fester. Already, BO2K has made it on to some hacker sites, bugs and all. Some users say the program has a tendency to crash and some files were improperly coded. But in the next couple of weeks or so, Cult of the Dead Cow plans to fix any glitches and post the new and improved program on its web site. From previous experience, Dildog knows that BO2K will then spread like a virus, morphing into perhaps dozens of different versions. The group claims it counted more than 300,000 downloads of the original Back Orifice, which ran solely on Windows 95 and 98 and was spread primarily by E-mail attachment. Who knows how many other copies were spread friend to friend, hacker to hacker, "cracker" to victim? Back in his hotel suite, Dildog's cool is slightly interrupted. When told some hackers who had attended his BO2K launch thought the spectacle undermined his credibility and made him look arrogant, he sniffed, "I never said I wasn't arrogant. Besides, why shouldn't every software release be like a rock concert?" (Though Mirco$crap did that in their presentations? - Ed) @HWA 08.0 How to Look Like a Hacker ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Some cool pictures in a rather mainstream place that attempts to cover what it thinks is Hacker Fashion. There are pictures from Defcon of Sir Dystic, Dark Tangent, Niki, Redrasta, Dr. Byte, and the whole cDc crew. Pity they missed my blue hair. Las Vegas Weekly http://www.lasvegasweekly.com/departments/07_14_99/fashion_defcon.html How to be a hacker ... or at least look like one Written and photographed by Anonymous I confess. In my younger daze I was a hacker. It was easier then. We worked on paper terminals that we accessed by sneaking into a local university library. We'd change grades, write stupid little programs and screw things up. We really didn't know what rules we were breaking. At that time, neither did the authorities. Today's hackers are a different lot. They are really savvy about the rules and how the game is played. Depending upon your own definition of evil, they are either on the dark side or the good side. It's a perfect yin yang. Wondering what today's generation of hackers looked like I went down to Defcon VII held last weekend here in Vegas. What I saw didn't surprise me. In fact it scared me. The following is a checklist on how to at least pretend you're a hacker. - Black t-shirts with esoteric statements, or corporate - logos (but only if the shirt is free), or those oh-so-comfy thrift-store clothes. - Black t-shirts with esoteric statements, or corporate logos (but only if the shirt is free), or those oh-so-comfy thrift-store clothes. - Sunglasses to protect your eyes against that big - bright yellow thing that is in the sky during what is called "daylight hours". - Black tribal tatoos to contrast against your skin made - pasty white from years of not going out into the sun. - A proper diet of pizza, beer, cigarettes and loads of caffeine. - A cold hard stare for anyone trying to take your picture because you're trying to remain anonymous even though the authorities who would be interested in your picture already have really good snapshots of you. A quick draw to cover your face is also necessary. - Strange jewelry, shoes, and backpacks. - Icons of the dead and almost dead. - That retro 20th century look. - Anything that makes Bill Gates look like the devil. - Come up with a cool cyber name like Death Veggy. @HWA 09.0 AV Vendors Still Scrambling Over BO2K ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Space Rogue Everyone wants a piece of the Anti BO2K press pie. Both Aladdin Knowledge Systems and BindView Development have announced products that claim to protect users from the malicious use of Back Orifice 2000. The BindView product looks like nothing more than a signature ID program, useless against an open source application such as BO2K. The Aladdin product actually looks interesting claiming to trap BO2K and other malicious email attachments in a 'sandbox' and detecting attempts to modify system files. This method should protect against the numerous mutations that will undoubtedly appear. Excite News - BindView http://news.excite.com/news/bw/990715/tx-bindview BindView Development - BO2K Advisory http://www.bindview.com/security/advisory/bo2K.html Excite News - Aladdin http://news.excite.com/news/bw/990713/wa-aladdin-knowledge eSafe - Aladdin's Security Product http://www.esafe.com/ 10.0 The Back Orifice 2000 Controversy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reprinted from HNN's Buffer Overflow with Eric's kind permission. By: Eric Ruppenthal Symantec, producers of Norton Anti-virus, along with many other anti-virus producing companies announced recently that it was classifying Back Orifice 2000 as a Trojan and or virus. This is a concerted effort to bar the competition of Cult of the Dead Cow in the network administration tool field. By using their anti-virus programs to keep computer users from using BO2K, these companies are engaging in unfair business tactics to keep a legitimate program from stealing the profits of their network administration tool programs. This creates a serious anti-trust problem. Back Orifice 2000 was produced by Cult of the Dead Cow (cDc) as an actual legitimate tool to be used to remotely administer Microsoft OS computer networks. It was introduced in Las Vegas on July 11, at DefCon 7. Since its official release to the public on July 14, every effort has been made to define this program not as a evil tool, but as something to be used in the real world of business. The program is free to any U.S. citizen who plans no exportation of it because of the encryption contained in the program. Many of the companies that produce anti-virus programs also deal in the network administration tool arena. The applications these companies produce are similar in functionality to BO2K with the difference being cDc offers their program free of charge. The companies see this factor as having the potential to seriously undermine their profit margins. So what do they do? They use a commonplace tool to remove this program as a threat; knowing full well that millions of computer systems in this country run anti-virus programs, including the networks this tool could be used on. They use this to their advantage by having it detect and label BO2K as a virus. This blatant attempt at monopolizing the network admin field thus blocks most attempts by any network administrator from using BO2K in a legitimate capacity without having to compromise virus protection. Symantec produces a program called PcAnywhere. Another company that is a close ally of Symantec is Microsoft. Microsoft is currently involved in a government anti-trust suit. Microsoft also makes a network administration tool called Systems Management Server that is integrated within the Microsoft BackOffice Suite. BO2K uses a little known hole that Microsoft deliberately placed in its OS source code to run in a stealth mode. Many of the enterprise management tools such as SMS from Microsoft do stealth remote control. Read the comparison of BO2K, Norton's PcAnywhere and Compaq's Carbon Copy 32 at http://www.bo2k.com/comparison.html They all have a silent install option and they all have silent remote control. SMS even has a configurator much like the BO2K wizard to configure the agent before sending it to the target machine. The technology of stealth monitoring and control was there way before BO2K. But these companies would have you believe that BO2K is the only tool inherently destructive towards computer systems because it is made by a well-known group of non-commercial programmers. What cDc has done is put it in everyones face and built a technologically superior solution that is free and open source. Any program has the potential to be misused. If there is a way for someone to exploit a hole in your computers defenses, it will be found. Microsoft is fully aware of the problems associated with powerful remote administration. Their SMS administration software has similar problems, by their own admission. From their page describing SMS; http://www.microsoft.com/smsmgmt/techdetails/remote.asp "Security of all the operations that Systems Management Server allows you to do on a client, remote control is possibly the most dangerous in terms of security. Once an administrator is remote controlling a client, he has as many rights and access to that machine as if he were sitting at it. Added to this, there is also the possibility of carrying out a remote control session without the user at the client being aware of it." Microsoft's site goes on to say, "It is possible to configure a remote control from a state where there is never any visible or audible indication that a remote control session is under way. It has been made this flexible due to customer demands ranging from one end of the spectrum to the other. When configuring the options available in the Remote Tools Client Agent properties, due notice must also be taken of company policy and local laws about what level of unannounced and unacknowledged intrusion is permitted." According to a press release by cDc, "In the past, Back Orifice has been used as a Trojan horse by script-kiddie crackers to annoy and sometimes harm Internet connected Windows machines. This is a fact of life with a tool that has the ability to be silently installed and can perform administration without end-user intervention. This, however, is not unique to Back Orifice. There are many Trojan horse programs out there, and many legitimate remote administration tools, that have the capability to perform quiet remote installations." Their statement goes on to say, "We have designed Back Orifice 2000 to meet user demands and to provide the most powerful remote administration available for the Microsoft Windows platform. Many people don't like to see free software like Back Orifice being used in replacement for expensive commercial products. So, they throw around statements like 'the program is only a malicious tool', and 'It has no legitimate purpose. The Microsoft Crypto API claims to provide 'strong encryption'. Of course, if you don't have the source code, you can't verify that this is true. We aren't taking that chance. Back Orifice 2000 encryption is proven strong, and we're not afraid to show you exactly how it's implemented." cDc has produced a program that is to be used in a legitimate business environment by a network administrator to aid in the administration of the computers they manage. They want you to know exactly how legit Back Orifice really is but these companies are trying to prevent this freely available tool from being released by using one of their own product line applications to suppress BO2K so that another of their products can flourish. Both Symantec and Microsoft�s products stand to lose a good percentage of market shares if BO2K were allowed to be released free to the public and become a commonly used tool. All of these programs, not just BO2K, can be detrimental to any computer system if used in the wrong hands. BO2K must be given a chance to prove itself a legitimate tool and taken off the virus definitions lists. The open-source model has provided Back Orifice 2000 with a more than legitimate position in the industry and Back Orifice 2000 will grow to encompass all of the features of currently existing commercial remote administration tools. Says a member of cDc; "We're dedicated to empowering people with their technology." Submitted by: Eric Ruppenthal HFactorX International Organization @HWA 11.0 Year Old IIS Hole Still Causing Problems ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond A major hole in IIS announced by Microsoft last year has still not been patched by most customers. Eight lines of code is all that is needed to take full control at the system level of major popular web sites. The problem is that under certain conditions a user can connect directly to MS Access through IIS which then of course gives the attacker full system privileges. MSNBC http://www.msnbc.com/news/290621.asp Microsoft - Old http://www.microsoft.com/security/bulletins/ms98-004.asp Microsoft - New http://www.microsoft.com/security/bulletins/ms99-025.asp MSNBC; Year-old hole exposed big Web sites Compaq, Dell, Compuserve and others failed to heed Microsoft security warning and were left vulnerable By Bob Sullivan MSNBC July 19 � A security expert was able to demonstrate major vulnerabilities in big-name Web sites last week, including Dell Computer Corp., Compaq Computer Corp., PSINet, Compuserve and Nasdaq-Amex. The vulnerability, which was demonstrated to MSNBC, was simple but potentially devastating. It required as few as eight lines of computer code but could have exposed personal information, including credit card numbers. THE HOLE WAS actually announced by Microsoft on July 17 of last year � confirming a long-held suspicion that even large-scale information technology departments are having a tough time keeping up with the work required to maintain Web site security. The cat-and-mouse nature of security means Microsoft and other software vendors regularly issue bulletins with �patches� to security holes, or �exploits,� found and announced by hackers. As such recipes for hacking into sites make their way quickly through the hacking community, Web site administrators must meticulously follow each bulletin. In this case, many sites did not. �It�s one thing when there�s a problem� said Russ Cooper, who administers the popular NTBugTraq mailing list. Cooper publicized the flaw on his list Monday morning. �It�s another thing when companies know about something for a year and haven�t done anything.... These companies have just ignored Microsoft�s recommendation.� The flaw was discovered a year ago, and Microsoft published a "fix� and added it to the security checklist for Windows NT administrators. (Microsoft is a partner in MSNBC.) A new flavor of the same problem was discovered last week by Greg Gonzalez, vice president of Web services at ITE Inc., which hosts several e-commerce sites. He says his discovery meant that a hacker could write a simple eight-line program and gain administrative access to Web sites running Microsoft�s Internet Information Server Web server software � with no user name or password required. Sites that followed Microsoft�s instructions from a year ago would have been immune, but Gonzalez said about half the sites he checked were vulnerable. �With a lot of exploits you see �professional� hackers writing code,� he said. �This exploit does not require anywhere near that level of expertise.� This morning, Microsoft re-issued its security alert about the problem �to serve as a reminder about this vulnerability, to restate the threat and encourage system administrators to evaluate their systems.� At the center of the problem, according to Cooper, is lack of due dilligence on the part of some companies to protect consumers� private information. �Lots of companies went to the trouble of putting together a privacy statement. That�s all well and good,� he said, �But if companies don�t have an effective way of dealing with patches, with problems, what good is a privacy statement?� The problem is much more complicated than that, according to the chief technology officer at one of the big-name Web sites that was discovered to be vulnerable. �We get about 15-40 of these alerts every week,� the CTO, who asked not to be identified, told MSNBC. Despite staff who are dedicated to following up on security issues, lower-priority problems can slip through the cracks. �We�re not Fort Knox.... We rely on third parties to say whether they are yellow or red situations.� He says Microsoft downplayed the severity of the bug a year ago. Several other companies impacted by this security flaw declined comment. Spokespersons for Compuserve and PSINet said no personal information is stored on their Web sites, so there was no real danger to consumers. Compaq would only confirm that its site had been vulnerable but said the hole was patched after Microsoft security experts contacted Compaq recently. A spokeman for Dell said personal information was not at risk because such data is password protected, encrypted, and stored �elsewhere on its site.� �The net of it is when an issue arises, we need to be proactive to take care of our customers,�said Craig Beilinson, a product manager for Windows 2000 at Microsoft. The security hole itself involves the use of Microsoft�s database product, Access, in combination with its Web server software, Internet Information Server (IIS). Instead of connecting to a Web page in the traditional manner, a malicious hacker can connect directly to the Access database. From there, the hacker by default gains �system privileges,� and using Visual Basic can execute any command the Web administrator could. That would include downloading a list of user names and passwords, and the ability to connect to any other computer which feeds information to the Web server � including a database of credit cards and other personal information. Gonzalez, who found the new method last week while testing his own site for vulnerabilities, said the largest e-commerce sites may have an added layer of security that would have prevented easy access to critical data such as card numbers � perhaps storing such numbers on a different network, behind another user name and password. �The top 10 e-commerce sites may or may not have an additional layer,� he said. �But there�s a zillion other sites that aren�t going to have additional layers in place.� @HWA 12.0 NCIC 2000 Now Online ~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by DaFed The FBI has announced a major new initiative in fighting crime, the National Crime Information Center 2000. This new system replaces the original NCIC, at a cost of $183.2 million, which was used since 1967. The NCIC 2000 indexes and cross references several different crime related databases such as those containing information on stolen guns, deported felons, missing persons and stolen vehicles. We sure hope that this version of NCIC is more secure than the last one. CNN http://www.cnn.com/TECH/computing/9907/19/system.idg/index.html FBI turns on new crime-fighting system July 19, 1999 Web posted at: 2:22 p.m. EDT (1822 GMT) by Scott Tillett From... (IDG) -- FBI officials announced today that they have successfully rolled out a massive new computer system that state and local law enforcement officials will use to fight crime. The new system, the National Crime Information Center 2000 -- like the original NCIC, which the FBI had used since 1967 -- allows crime fighters to search through 17 databases when investigating crimes or questioning criminal suspects. The databases include information on stolen guns, deported felons, missing persons and stolen vehicles, for example. NCIC 2000 will allow law enforcement officials with special hardware and software to transmit suspects' fingerprints to confirm their identity and to see if the suspects are wanted for other crimes. It also will allow the officials to view mug shots to confirm identities -- a capability the original NCIC did not have. Law enforcement officers also can use NCIC 2000 to identify relationships among information in the databases. For example, under the old NCIC, if someone stole a car and a gun as part of the same crime and if a law enforcement officer later stopped the car thief on the highway, the officer could use the system to find out easily that the car had been stolen. But he would not necessarily know that the car thief might also have a stolen gun. NCIC 2000 shows the connection, keeping related information on a crime linked together, FBI spokesman Stephen Fischer said. The new NCIC 2000 also adds name-search functionality. For example, a search for the name "James" would return alternate spellings, such as "Jim" or "Jimmy," Fischer said. NCIC 2000 went online after years of escalating costs and congressional finger-wagging. System architects originally envisioned NCIC 2000 costing about $80 million, but the final price was $183.2 million, Fischer said. The discrepancy between the original cost and the actual cost came in part because contractors originally were "overly ambitious" when estimating the project, Fischer said. NCIC 2000 went live on July 11, but bugs in the system, as well as FBI attention on the capture of suspected railroad killer Angel Maturino Resendez, delayed the unveiling of the system, Fischer said. He added that bugs in NCIC 2000 were fixed by Monday evening. The bugs related to connectivity with the National Instant Criminal Background Check System, which is used for approving gun purchases. That system draws on NCIC 2000 and other databases to approve or disapprove gun purchases. FBI officials will hold the formal ceremony unveiling NCIC 2000 next month in Clarksburg, W.Va. FBI turns on new crime-fighting system @HWA 13.0 E-commerce Increases Security Risk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid Companies engaged in e-commerce are 57 percent more likely to suffer an information security breach than those that don't do business online, according to a survey published in ICSA Inc.'s Information Security magazine. The survey found that companies conducting business online are 57 percent more likely to experience a proprietary information leak and 24 percent more likely to experience an unwanted intrusion into their systems. Information Security Magazine- 1999 Information Security Industry Survey http://www.infosecuritymag.com/july99/charts.html @HWA 14.0 Cyberspace Relatively Safe ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid Obviously a story written without much research, John Kroll claims that cyberspace is relatively safe. While his article pretty much only covers fraud on eBay the overall tone would give most people the wrong impression of life in cyberspace. Cleveland Live http://www.cleveland.com/business/news/fm19kro.ssf So far, cyberspace is reasonably safe Monday, July 19, 1999 By JOHN KROLL THE PLAIN DEALER Robert J. Guest is one in a million. Or at least one in 10,000. Guest, a 31-year-old Californian, pleaded guilty to fraud in a federal court in California last week, according to prosecutors. He admitted taking about $37,000 from bidders over eBay Inc.'s Internet auction site but never delivering the digital cameras, laptops and other merchandise he had promised. Sounds like another Internet horror story, right? Like all the hackers who are compromising our nation's defense and the Postal Service plan to start charging everyone who uses e-mail. Well, Internet auction fraud is like those threats - that is, it exists rarely, if at all. Almost every hack into a government computer has done nothing worse than apply some electronic graffiti. There is no government plan - that's none, zip, zero, zilch - to charge for e-mail. And fraud in Internet auctions is hard to find. Even though Thom Mrozek, a spokesman for the U.S. attorney's office that prosecuted Guest, told Bloomberg News that the case "demonstrates that the buyer needs to beware, particularly in the anonymous realm of the Internet," he says this is not an epidemic. Guest's was only the second prosecution in the country involving online auction fraud, Mrozek said. Of course, it could be the dirty dealing in the digital rooms of eBay is just flying under the radar. No federal prosecutor's going to go after some guy who rips off one or two buyers for maybe $50. Don't even ask about using state laws or small-claims court. As Parma Heights attorney Rodger A. Pelagalli told Plain Dealer technology reporter Chuck Melvin, if you get stung on eBay, your best weapon is likely to be a strongly worded letter. But Melvin, who did this week's package of stories on online auctions, says it seems that even penny-ante crime is rare. Less than 0.01 percent of the millions of eBay trades produce fraud complaints to eBay itself, the site told the New York Department of Consumer Affairs this year. That's fewer than one in every 10,000 trades. It sounds as if Diogenes should hang up his lamp and take his search for an honest man online. Headline news: Internet users don't cheat! Let's not get carried away. Like the old bank robber Yellow Kid Weil, today's electronic thieves probably still go "where the money is" - and for all the millions of trades on eBay, the take per trade is fairly low. But while we can't proclaim an Age of Innocence on the whole Internet, the low level of fraud at a big online auctioneer like eBay underlines the point Melvin makes in his report: If you've got anything you want to buy or sell, the Internet is now the place to be. Just watch out for uninvited Guests. �1999 THE PLAIN DEALER. Used with permission @HWA 15.0 AntiOnline Under Investigation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by cult An article in the Ottawa Citizen details recent claims made by attrition.org about the activities and FBI investigation of AntiOnline founder John Vranesevich. Unfortunately this article has no comments from the FBI. John Vranesevich refused to discuss the matter with the reporter and is now threatening a lawsuit over the article. Ottawa Citizen http://www.ottawacitizen.com/hightech/990719/2623591.html Attrition.org- Negation http://www.attrition.org/negation/ottawa.html Late Update The Ottawa Citizen has either pulled or moved the above article. The folks at Attrition have been kind enough to archive a copy for your reading pleasure. Attrition.org - Spy vs Spy In Hacker Underworld http://www.attrition.org/~jericho/media/ottawa_citizen.spy_vs_spy_in_hacker_underworld http://www.ottawacitizen.com/hightech/990719/2623591.html The Ottawa Citizen Online Business Page Monday 19 July 1999 Spy vs. spy in the hacker underworld Network security expert is under investigation for attacks on U.S. government Web sites Bob Paquin The Ottawa Citizen In the murky world of hackers and crackers, appearances can be deceptive. "White hat" good guys, working for software or security firms, have occasionally been caught moonlighting as "black hat" rogues. Such appears to be the case with John Vranesevich, a network security expert and founder of top-rated hacker Web site AntiOnline. Mr. Vranesevich is currently under investigation by the FBI with regard to recent attacks on U.S. government Web sites. It is alleged that he may have employed hackers to target high profile sites in order to scoop the rest of the media with exclusive reporting. Mr. Vranesevich has denied the allegations. Brian Martin, also under FBI investigation for hacking, recently released a report on his Web site (www.attrition.org/negation/special) which details a series of links between Mr. Vranesevich and an alleged member of the hacker group Masters of Downloading, which claimed responsibility for the U.S. Senate Web site hack earlier this month. Mr. Martin, who researches hacker culture through his Web site, claims to have been tracking questionable AntiOnline reporting over the past year. Mr. Vranesevich, 20, has over the past couple of years become one of the most widely quoted and authoritative sources on hacking and security-related information.�Begun in late 1994 as a 5-megabyte high school hobby Web site, AntiOnline has since grown into a multi-domain business venture. ABC News has described it as a "Rick's Cafe in the Casablanca world of hacking."�Besides reporting on hacking news, the site offers a downloadable library of hacking software tools, archives of several hacker newsletters and journals, and copies of some of the hacked pages featured in reported stories. While growing increasingly popular with the mainstream media, however, Mr. Vranesevich has slowly built up a number of enemies among the hacker underground. Spurred, perhaps, by an extensive FBI and U.S. Department of Justice hacker crackdown, which resulted in raids on 20 suspected hackers across six states, Mr. Vranesevich declared a dramatic change of stance, distancing himself from the subjects he covers. In a "Change in Mission" notice posted on his Web site, Mr. Vranesevich said: "Unfortunately, I've found myself looking in the mirror with disgust these past few months. Looking back, I've seen myself talking with people who have broken into hundreds of governmental servers, stolen sensitive data from military sites, broken into atomic research centres, and yes, people who have even attempted to sell data to individuals that presented themselves as being foreign terrorists � Many times, I knew about these instances before hand, and could have stopped them." He also claimed to have been secretly working with the U.S. Airforce to develop a "profile of a hacker" for use in fighting "CyberCrime". Mr. Vranesevich's message concluded with a note to the thousands of hackers who read his site: "You yell and scream about freedom of speech, yet you destroy sites which have information that disagree with your opinions.�You yell and scream about privacy, yet you install trojans into others' systems, and read their personal email and files. You truly are hypocrites.�All of these grand manifestos that you develop are little more than excuses that you make up to justify your actions to yourself." Mr. Martin, on the other hand, alleges that many of the reports from AntiOnline, and subsequent follow-on reporting in other media outlets, have been exaggerated and sensationalized. "Not only had AntiOnline driven the media hype behind the stories, they put various government and Department of Defense organizations on full alert preparing for the fallout these attacks would cause," he states on his own Web site. In detailing the relationship between Mr. Vranesevich and the alleged hacker in questions, Mr. Martin notes that "the typical journalist/contact relationship did not exist, and in fact, AntiOnline may have been responsible for creating some of the news to report on � he pays people to break into sites in order to report on it as an exclusive." @HWA 16.0 Parse Defcon Video Available ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ryan Parse has posted several video clips of Defcon as well as interviewers from some of the luminaries present. Biztech TV http://biztechtv.com/admin/parse/defcon.asp @HWA 17.0 cDc Challenges Microsoft to Recall SMS (wicked!) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by omega The cDc, writers of BO2K, have publicly challenged Microsoft to voluntarily recall all copies of its Systems Management Server network software and have requested the AV industry to respond with signature scanning for SMS files. The premise for this challenge is that Microsoft has labeled Back Orifice 2000 a malicious tool. cDc claims that if BO2K is malicious then SMS must also be, by definition, malicious. Both programs do the exact same thing and have almost identical feature sets. The Cult of the Dead Cow http://www.cultdeadcow.com/news/pr19990719.html ______________________________________________________________________ _ _ BACK ORIFICE 2000 ((___)) BACK ORIFICE 2000 show some control [ x x ] show some control \ / (' ') (U) ________________________ http://www.bo2k.com/ ________________________ FOR IMMEDIATE RELEASE FOR IMMEDIATE RELEASE Press Contact: The Deth Vegetable cDc Minister of Propaganda veggie@cultdeadcow.com DON'T WORRY WINDOWS USERS, EVERYTHING WILL BO2K [July 19th, San Francisco] The CULT OF THE DEAD COW (cDc) publicly challenges Microsoft Corporation to voluntarily recall all copies of its Systems Management Server network software. In addition, cDc calls for the antivirus industry to respond with signature scanning for SMS files. "Hypocrisy" is such an ugly word. So instead, why don't we just chalk this one up to Do-What-We-Say-Not-What-We-Do? Microsoft evidently dislikes our new tool so much that they've taken to complaining about one of its key features. We're talking about Back Orifice 2000, and the feature in question is its stealth mode. Microsoft has claimed that BO2K is a malicious tool with no legitimate use. Their primary evidence is BO2K's stealth feature, which gives you the option to run the server on the remote machine without it being evident to anybody sitting at that machine. In fact, here's what they're saying right now on the Microsoft Security Advisor website: BO2K is a program that, when installed on a Windows computer, allows the computer to be remotely controlled by another user. Remote control software is not malicious in and of itself; in fact, legitimate remote control software packages are available for use by system administrators. What is different about BO2K is that it is intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make it difficult to detect. http://www.microsoft.com/security/bulletins/bo2k.asp Now, we concede that on its face, this sounds like a valid criticism. Being able to operate a remote admin tool without the person at the other end knowing that it's running on the machine seems downright devious. (Keep in mind that BO2K's stealth feature is an OPTION, which is in fact disabled by default.) Maybe Microsoft is right; perhaps this stealth feature in and of itself is enough to brand it a hacker tool with no redeeming social value. But then, what are we to make of Systems Management Server (SMS)? SMS is Microsoft's remote admin tool for Windows. As it happens, SMS has a nearly identical stealth feature. As a matter of fact, they explain this feature in a Word document available from the Microsoft website: Security Of all the operations that Systems Management Server allows you to do on a client, remote control is possibly the most "dangerous" in terms of security. Once an administrator is remote controlling a client, he has as many rights and access to that machine as if he were sitting at it. Added to this, there is also the possibility of carrying out a remote control session without the user at the client being aware of it. Thus, it is important to understand the different security options available and also to understand the legal implications of using some of them in certain jurisdictions." Visible and Audible Indicators It is possible to configure a remote control from a state where there is never any visible or audible indication that a remote control session is under way. It has been made this flexible due to customer demands ranging from one end of this spectrum to the other. When configuring the options available in the Remote Tools Client Agent properties, due notice must also be taken of company policy and local laws about what level of unannounced and unacknowledged intrusion is permitted." http://www.microsoft.com/smsmgmt/techdetails/remote.asp Notice that? Microsoft's own tool has the same evil capability as BO2K. Now, Microsoft did not invent surreptitious desktop surveillance; there are other products on the market that perform these functions. Microsoft is just the largest supplier of the technology, as SMS comes bundled with each copy of Back Office. Why is it that Microsoft can offer a tool having this illegitimate functionality without any moral qualms, but when WE do it, they throw a hissy fit? Well... we have a hunch. "Microsoft wants to keep everybody talking about the evil software from us crazy computer hackers. So they paint BO2K as a dangerous application with no constructive uses," says Reid Fleming (cDc). "We beg to differ." BO2K doesn't exploit any bugs in the Windows operating system that Microsoft is willing to categorize as such. So in order to convince the public that BO2K is a solely destructive tool, Microsoft is forced to criticize the tool's feature set. Evidently whoever dreamed up this press strategy was unaware of Systems Management Server and its stealth feature. Of course, there's another possibility. Microsoft sells SMS for cash money. Meanwhile, BO2K is free. (It's also open source, and better constructed any way you measure it: size, efficiency, functionality, security.) Maybe this is just another example of Microsoft's alleged anticompetitiveness? "BO2K, like SMS, is a powerful software tool. Like any powerful tool, it can be used either responsibly or irresponsibly," says Count Zero (cDc). "For Microsoft to claim that BO2K has no legitimate purpose is ridiculous. Their own SMS tool has nearly the same functionality as BO2K, and Microsoft is happy to let you pay $1,000+ for it." Regardless of their motivations, Microsoft is selling software which does many of same things as Back Orifice 2000, including the pernicious ability to run hidden from the user. And if stealth mode is what makes BO2K a malicious program, then Microsoft's Systems Management Server is a malicious program too. Consequently, we challenge Microsoft to recall all copies of the SMS administration tool, because its featureset contains stealth capability. This feature clearly illustrates that their software has no legitimate use. Furthermore, we urge all antivirus vendors to include signatures for SMS in their scanner utilities. Back Orifice 2000 is available for download free of charge from http://www.bo2k.com/. .......................................................................... APPENDIX Equally hypocritical quotes from Microsoft about Back Orifice: "Users who are tricked into getting this thing installed on their system are vulnerable to the attacker, who can then do anything that the victim can do -- move the mouse, open files, run programs, etc. -- which is little different from what legitimate remote-control software can do. Back Orifice, however, is designed to be stealthy and evade detection by the user." "In fact, it really ends up doing bad things -- that�s what a Trojan horse does. Back Orifice falls into that category because it is intentionally designed to hide itself from detection. The creators claim that this is a useful administration tool, but it doesn�t even prompt people when it installs itself on the system. It doesn�t warn them that it�s getting installed. And, once it�s installed, it makes the system available to other people on the Internet. That is a malicious act." "It�s incomprehensible why a tool like this would be created. [...] [T]here�s no purpose for this tool other than harming actual users of software products." -- Jason Garms, lead product manager for Windows NT security Microsoft's prefabricated interview, 8-July-1999 .......................................................................... The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the world. Formed in 1984, the cDc has published the longest running e-zine on the Internet, swallowed swords, made waffles, and so on. For more background information, journalists are invited to check out our Medialist at http://www.cultdeadcow.com/news/medialist.htm. Cheerio. "Microsoft", "Windows", "Systems Management Server", "Word", and "Back Office" are all trademarks of the Microsoft Corporation. Blah blah blah, this is giving me a headache. "cDc. It's alla'bout style, jackass." @HWA 18.0 BlackHat Insiders Want to Quit Security Biz ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid While Defcon made it into the popular press and gathered all the attention The BlackHat Briefings is where a lot of the security industry traded secrets. Infoworld's Stuart McClure and Joel Scambray give a pretty good overview of the goings on at the conference and describe a growing sentiment within the industry that you can't secure the world. InfoWorld http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/29/o03-29.44.htm July 19, 1999 (Vol. 21, Issue 29) SECURITY WATCH BY STUART McCLURE & JOEL SCAMBRAY Black Hat conference survives a denial-of-service attack, but will it outlast attrition? The Security Watch team writes to you this week from the ever-expanding concrete facades of Las Vegas, where we were in attendance at the third annual Black Hat Briefings USA conference from July 7 through July 8. The original concept behind the Black Hat conference was to "meet the enemy," where corporate types could rub elbows with the glitterati of the hacker set, including such notables as Simple Nomad of the Nomad Mobile Research Center (www.nmrc.org) and Dr. Mudge of L0pht (www.l0pht.com). The event has evolved into a general meeting of the minds among security practitioners of all types, from public-sector managers to professional consultants. Our feelings can best be summed up by the offhand comment of Windows NT security guru Dominique Brezinski, in his talk at the finale of the first day of presentations: "My life is miserable and pathetic, and I want to get out of security soon." Although the remark was mostly intended as a self-deprecating jest, it reflected the undercurrent of frustration that many speakers echoed throughout the conference: Despite all of the work being done in the security field, the same old problems never seem to get solved. These recurring issues include the endemic lack of security expertise in the market today, the Achilles' heel of poor password choices, and an ever-expanding list of commercial software bugs that are becoming impossible to fix. Despite the formidable intellectual talent assembled at Black Hat, the general response to some of these problems is to throw up the hands and say, "I give up." For example, Brezinski gave a fascinating discussion of the implications of NT and Solaris' shared-code search path for creating a trusted forensic toolkit CD-ROM, but he concluded his talk by noting that an attacker sophisticated enough to make kernel modifications would be impossible to defeat. Here are two other good examples: Security legend Bill Cheswick's printed materials yawned that "this security stuff is all the same. ... From a security viewpoint, there is little new about the Internet." And cryptography expert Bruce Schneier's ruminations included, "A secure computer is one that has been insured," which means you should get used to the notion that your system will be compromised. We can understand Cheswick's sentiments, because he has been one of the leading lights in security for the past 30 years, but it was a bit troubling to hear the "next generation" of the security avant-garde openly proclaiming the need to seek more serene pastures. Pessimism aside, there were still a great deal of interesting topics covered by the Black Hat speakers. Some highlights included Mudge's technical outline of L0pht's new program, AntiSniff, which remotely detects promiscuous-mode network interfaces, and Simple Nomad's release of Pandora 4 with a functional version of its NetWare Level 3 packet-signing exploit. Our company, Ernst & Young, gave a similar demonstration on NT of "passing the hash" to circumvent the NT challenge/response log-on. The original idea for this type of attack was proposed on NTBugtraq years ago but was never publicly proved. And despite the gloom expressed in some of their thoughts, all of the speakers showed great patience and perseverance during the incessant testing of the Venetian hotel's fire-alarm system throughout the two-day conference. In the end, Black Hat's spirit proved resistant to this denial-of-service attempt. Of course, a lot of the good information coming out of Black Hat doesn't appear in any official program but is gleaned in the corridors outside the conference hall during breaks in the program. We've done our best to capture the essence of Black Hat, but a lot of great dialogue was left on the cutting room floor. The next best thing to being there is purchasing the full conference, including a video of the presentations in MP3 format, at www.blackhat.com. Meanwhile, send your thoughts on addressing security symptoms vs. problems to security_watch@infoworld.com. Stuart McClure is a senior manager and Joel Scambray is a manager at Ernst & Young's eSecurity Solutions group. They have managed information security in academic, corporate, and government environments for the past nine years. Copyright (c) 1999 InfoWorld Media Group Inc. @HWA 19.0 Attrition Closes Down Negation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Staff The Attrition.org staff has decided to stop updating the Negation section of their web site. The Negation section covers the activity of John Vranesevich of AntiOnline. The Attrition staff claim that they have accomplished what they set out to do which was to prove beyond a reasonable doubt that AntiOnline and John Vranesevich are a fraud. The Attrition statement says that they have also proven John Vranesevich guilty of libel, repeated copyright violation, paying people to break into systems, idle threats to stifle competition, and serious errors in supposed "factual news". The Negation section will remain posted for all to see, it will just no longer be updated. Negation http://www.attrition.org/negation/ @HWA 20.0 ISS Offers Cracking Tools ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Just like any tool these have both good and bad uses. ISS has announced three prototype tools, Telephony Scanner, a wardailing program, Attacker Tracker, a log file analysis tool, and SQL Cracker, for auditing SQL passwords. Free demos are available. ISS Protoworx http://xforce.iss.net/protoworx/ @HWA 21.0 IBM Researching Proactive Security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond The proactive Security project at IBM is producing some interesting results. There are white papers and demos available. Definitely a site worth looking at. IBM http://www.hrl.il.ibm.com/proactive/ <- lots of interesting postscript papers here 22.0 InET Issue #3 ~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by GothstaiN Good news for the non-english crowd. InET Magazine issue #3 has been released and it only comes in Spanish. Intrusos http://www.intrusos.cjb.net @HWA 23.0 National ID Card Law Set to be Enacted ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid In an effort to fight illegal immigration US Representative Lamar Smith, from San Antonio, Texas, has proposed that your social security number and possibly microchips encoded with your fingerprints and other personal data be a mandatory part of your drivers license. At a hearing Thursday, the House Immigration subcommittee will debate the future of modified driver licenses, which has been labeled by some as a "national ID card." Wired http://www.wired.com/news/news/politics/story/20881.html House Immigration subcommittee http://www.house.gov/judiciary/sub106.htm Your License or Your Life by Declan McCullagh 3:00 a.m. 22.Jul.99.PDT WASHINGTON -- If Representative Lamar Smith has his way, your driver's license will soon sport your Social Security number, whether you like it or not. It may also include microchips encoded with your fingerprints and other personal data. Government agencies will no longer accept as identification licenses that don't meet the new standards. Smith, a Republican from San Antonio, is firmly convinced the new features will reduce immigration. Not only is he doggedly opposed to illegal immigration, he wants to reduce legal immigration, insisting that low-skilled workers compete with US citizens for entry-level jobs. See also: Your Driver License, For Sale? http://redirect.wired.com/redir/10025/http://www.wired.com/news/news/politics/story/20435.html At a hearing Thursday, the House Immigration subcommittee will debate the future of modified driver licenses, which detractors derisively call a "national ID card." Since Smith heads the subcommittee, his opponents have had an uphill battle. Making their fight even more difficult is the fact that Congress approved the new license rules in 1996. Civil liberties and privacy groups are doggedly attempting to repeal the law before it takes effect next year. So far, they've had little success. It's true that in 1998 they managed to get the Transportation Department to delay following through on regulations for a year. But that temporary setback expires in October 1999. They had no luck in inserting a flat-out repeal in a transportation spending bill last month. "We're urging Congress to reverse course on national IDs," said Greg Nojeim, legislative counsel for the American Civil Liberties Union. "Too many proposals to combat illegal immigration instead limit the rights and freedoms of Americans. We don't need a national ID card to be the legacy of efforts to keep undocumented people from working." The ACLU is part of a coalition with other liberal groups, such as the Electronic Frontier Foundation and Electronic Privacy Information Center. But the alliance also includes arch-conservative organizations: the Eagle Forum, the Free Congress Foundation, and Americans for Tax Reform. The organizations found common ground in what they uniformly believe is a serious threat to privacy. "Proposals for a national ID have been consistently rejected in the United States as an infringement of personal liberty," said a recent coalition letter urging Congress to nix the current law. "We care about this hearing because there are other members that are receptive to privacy concerns. While Lamar Smith is on the other side, other members need to hear what's going on," said Lori Cole, a spokesman for the Eagle Forum's office in Washington. For his part, Smith angrily denies that he's Big Brother incarnate in a note he posted on his Web site: "I do not support a national ID card and don't know anyone who does." In response to the 1996 law that requires "security features" in licenses, the Department of Transportation in June 1998 proposed that states must encode SSNs (and possibly digitized fingerprints) onto drivers licenses. After October 2000, the feds will require these new licenses if people want to use any government service, board an airplane, be eligible for Medicare -- in other words, live a normal life and do the everyday things most Americans take for granted. The DOT will be allowed to proceed in October 1999, unless Congress acts. "The states are concerned that they will be legally obligated to encode information in drivers licenses and collect Social Security numbers," says one Hill source. The National Conference of State Legislators and the National Association of Counties have joined the coalition. They sent a letter to House Speaker Dennis Hastert on 30 June urging Congress to repeal Section 656 of the Illegal Immigration Reform and Immigrant Responsibilities Act of 1996. Another letter signed by six Congressmen urges colleagues to support a repeal measure -- the Privacy Protection Act -- introduced by Representative Ron Paul (R-Texas). @HWA 24.0 Local Agencies Not Concerned About Computer Intrusions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Carole A report released by the Emergency Response and Research Institute paints a disturbing picture. The report claims that many local, county and state agencies have little or no fear of illegal data access. While most respondents said that they have dealt with Viruses, 30% claimed that computer tampering was of little or no concern to them. Someone needs to wake these people up. Civic http://www.civic.com/news/1999/july/civ-virus-7-21-99.html Emergency Response and Research Institute http://www.emergency.com/ Survey Finds Local Agencies Hit Hard by Viruses; Not Worried About Hacking July 21, 1999 An overwhelming majority of local, county and state agencies have been the victims of computer viruses, but few are worried about being hacked, according to a recent survey by the Emergency Response and Research Institute, a public safety consulting group. The ERRI report found that nearly 83 percent of 175 agencies that participated in the survey had dealt with a computer virus, indicating a possible lack of effective anti-virus software in use or unsafe computing practices by respondents. Although 63 percent of the respondents called computer "hacking/cracking" a problem, about one-third did not view the issue as a concern at all. "This is the first survey that we know of its kind that contacted, city, county and state agencies on this issue," said Clark L. Staten, executive director of ERRI. "We would like to take it more in-depth and broaden it to be [more] statistically significant.... It's a problem that is not receiving recognition." ERRI analysts, who received the completed surveys during May and June, also noted that more than 94 percent of those surveyed used a World Wide Web site to communicate with the public. Far fewer (59 percent) reported using e-mail to respond to public comments or complaints. Staten would not name specific locations that participated because they had been promised anonymity, but he said most of the respondents were emergency agencies from municipalities across the United States, including fire departments, university security departments, state emergency management agencies and emergency medical services departments. Six agencies from Canada also responded, he said. ERRI, based in Chicago, was founded to provide solutions to the emergency response and government community. More information is available at www.emergency.com. -- Dan Caterinicchia (danc@civic.com) @HWA 25.0 Microfraud Becomes Big Deal ~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond Still think the Internet is a safe place to conduct business? Here is an eye opening article that takes a look at what it calls 'microfraud'. Stealing a little money from a lot of people. The idea has been around for years but is only now coming to fruition with the unlimited reach and anonymity of the internet. Scientific American http://www.sciam.com/1999/0899issue/0899cyber.html HOW TO STEAL MILLIONS IN CHUMP CHANGE It used to be a joke: a computer can make a mistake in a fraction of a second that would take an army of mathematicians working with pencil and paper 100 years to make. For 900,000 people whose credit cards apparently suffered fraudulent charges in a single computer-based scam, this old saw morphed into an unpleasant reality. The Federal Trade Commission (FTC) is trying to recover as much as $45 million from a handful of people who used modern technology to flood outdated security precautions. In late 1998 the group accounted for 4 percent of all the Visa chargebacks (in which a merchant's account is debited for the amount of a transaction) in the world. Victims did not have to use their cards on the Web to be hit with charges. They didn't even have to use their cards at all. It would have taken about three years for a dishonest restaurant employee or store clerk working 24 hours a day just to fill out and submit the bogus transactions that FTC investigators ascribe to Kenneth H. Taves, his wife, Teresa, and their associates. The group, they say, set up a series of companies that processed Visa charges for adult Web sites and used the card numbers from those transactions plus others made up by a simple computer program to charge people for services that never existed. (At press time, Taves was in jail on contempt-of-court charges after disobeying an order to turn over records and to repatriate about $6 million from accounts in the Cayman Islands. His trial is scheduled for September 28.) The essence of the scam was an updated version of the hoary computer-crime legend in which a clever programmer siphons fractional pennies from millions of bank accounts and ends up rich with no one the wiser. Here each fraudulent charge was typically $19.95, an amount unlikely to alarm a harried consumer who might not remember every last purchase on a statement. The transactions also clearly passed under the radar of Visa's fraud-detection algorithms. Although Visa and its member banks have been notably silent about the role of their security measures in the debacle, sources suggest that antifraud efforts have largely been geared to prevent smaller numbers of high-ticket thefts. Indeed, the relatively small amount of each bill involved aggrieved customers in a financial catch-22: banks usually will go back only two months when reversing disputed charges, but $38.90 is comfortably less than the $50 limit above which U.S. financial institutions are required by law to compensate customers for fraudulent credit-card transactions. To make matters more difficult, Taves and his cohorts had an obvious excuse for disputed charges in the nature of the product they were selling: it was only natural, they reportedly faxed at least one bank, that people would want to disavow subscriptions to Web sites selling pornographic pictures. Although it provided a convenient cover story, the porn connection may also have been Taves's undoing, says John G. Faughnan, a physician and software developer whose Web page is the best source of information on the scam. Many of the more than 200 victims who contacted him found their jobs or their marriages in jeopar