[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= ========================================================================== = <=-[ HWA.hax0r.news ]-=> = ========================================================================== [=HWA'99=] Number 31 Volume 1 1999 Aug 29th 99 ========================================================================== [ 61:20:6B:69:64:20:63:6F:75: ] [ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ] [ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ] ========================================================================== Well http://welcome.to/HWA.hax0r.news/ is still down and out of reach, I have an email in to the admins of the V3 redirector site to see if I can't get access back to my redirector but i'm not hopeful. Meanwhile you can get us at www.csoft.net/~hwa =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= This week features an article by Dragos Ruiu entitleed "Stealth Coordinated Attack HOWTO" and is a very well written piece that sysadmins and hackers alike will find very informative, its a must-read (section #42) - Ed =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= New mirror sites http://www.attrition.org/hosted/hwa/ http://www.ducktank.net/hwa/issues.html. http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ http://hwazine.cjb.net/ http://www.hackunlimited.com/files/secu/papers/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ * http://hwa.hax0r.news.8m.com/ * http://www.fortunecity.com/skyscraper/feature/103/ * Crappy free sites but they offer 20M & I need the space... HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth and airportman for the Cubesoft bandwidth. Also shouts out to all our mirror sites! tnx guys. http://www.csoft.net/~hwa http://www.digitalgeeks.com/hwa HWA.hax0r.news Mirror Sites: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.attrition.org/hosted/hwa/ http://www.attrition.org/~modify/texts/zines/HWA/ http://www.ducktank.net/hwa/issues.html. ** NEW ** http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT ** http://www.csoft.net/~hwa/ http://www.digitalgeeks.com/hwa. http://members.tripod.com/~hwa_2k http://welcome.to/HWA.hax0r.news/ http://www.attrition.org/~modify/texts/zines/HWA/ http://archives.projectgamma.com/zines/hwa/. http://www.403-security.org/Htmls/hwa.hax0r.news.htm =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= SYNOPSIS (READ THIS) -------------------- The purpose of this newsletter is to 'digest' current events of interest that affect the online underground and netizens in general. This includes coverage of general security issues, hacks, exploits, underground news and anything else I think is worthy of a look see. (remember i'm doing this for me, not you, the fact some people happen to get a kick/use out of it is of secondary importance). This list is NOT meant as a replacement for, nor to compete with, the likes of publications such as CuD or PHRACK or with news sites such as AntiOnline, the Hacker News Network (HNN) or mailing lists such as BUGTRAQ or ISN nor could any other 'digest' of this type do so. It *is* intended however, to compliment such material and provide a reference to those who follow the culture by keeping tabs on as many sources as possible and providing links to further info, its a labour of love and will be continued for as long as I feel like it, i'm not motivated by dollars or the illusion of fame, did you ever notice how the most famous/infamous hackers are the ones that get caught? there's a lot to be said for remaining just outside the circle... @HWA =-----------------------------------------------------------------------= Welcome to HWA.hax0r.news ... #31 =-----------------------------------------------------------------------= We could use some more people joining the channel, its usually pretty quiet, we don't bite (usually) so if you're hanging out on irc stop by and idle a while and say hi... ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** *** *** *** please join to discuss or impart news on techno/phac scene *** *** stuff or just to hang out ... someone is usually around 24/7*** *** *** *** Note that the channel isn't there to entertain you its for *** *** you to talk to us and impart news, if you're looking for fun*** *** then do NOT join our channel try #weirdwigs or something... *** *** we're not #chatzone or #hack *** *** *** ******************************************************************* =-------------------------------------------------------------------------= Issue #31 =--------------------------------------------------------------------------= [ INDEX ] =--------------------------------------------------------------------------= Key Intros =--------------------------------------------------------------------------= 00.0 .. COPYRIGHTS ...................................................... 00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC ....................... 00.2 .. SOURCES ......................................................... 00.3 .. THIS IS WHO WE ARE .............................................. 00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?.......................... 00.5 .. THE HWA_FAQ V1.0 ................................................ =--------------------------------------------------------------------------= Key Content =--------------------------------------------------------------------------= 01.0 .. GREETS .......................................................... 01.1 .. Last minute stuff, rumours, newsbytes ........................... 01.2 .. Mailbag ......................................................... 02.0 .. From the Editor.................................................. 03.0 .. DOJ contemplates secret searches................................. 04.0 .. First net convict will do no time................................ 05.0 .. NORTON ANTIVIRUS 2000 IS OUT..................................... 06.0 .. SSL CPU CONSUMPTION CAUSES CONCERNS.............................. 07.0 .. Bug in Bill Gate's Anus?......................................... 08.0 .. CESA Causing Outrage In Libertarians ............................ 09.0 .. ReDaTtAcK Arrested, Questioned, Charged, Released................ 10.0 .. Some GPS Systems Fail With Date Rollover ........................ 11.0 .. Security Search Engine MindSec Goes Online ...................... 12.0 .. CIA Ex-Director Security Clearance Revoked ...................... 13.0 .. GAO Releases Report on Risk Assement ............................ 14.0 .. CESA Drives People to Freedom ................................... 15.0 .. Who's doing the Scanning? ....................................... 16.0 .. Japanese police go after copyright infringers.................... 17.0 .. Anti-Gay Web domain Returned to Original Owner .................. 18.0 .. EXPLOIT-DEV Mailing List Started ................................ 19.0 .. NetBus - Product Under Siege .................................... 20.0 .. Worst Security Hole Ever? ....................................... 21.0 .. IRC Banned in Malaysia .......................................... 22.0 .. I want my, I want my, I want my HNN - more goodies from HNN...... 23.0 .. Melissa Creator Admits Guilt .................................... 24.0 .. cDc Responds to Allegations About HKBs .......................... 25.0 .. $50G Offered in 'Hacker Challenge' Publicity Stunt .............. 26.0 .. NSA Recruiting In the Underground ............................... 27.0 .. Distributed.net Fingers Thief ................................... 28.0 .. Hacktivism Email List ........................................... 29.0 .. Mitnick in Car Accident ......................................... 30.0 .. Hong Kong Police Create Computer Crime Squad .................... 31.0 .. Outlook Holes Demonstrated at USENIX ............................ 32.0 .. Feds Overflowing with Siezed Equipment .......................... 33.0 .. Computer Hacker’s Sentence Spotlights High-Tech Crime Prosecutions 34.0 .. Triads Linked to Info Vandalism - Alleged CoverUp by RCMP ....... 35.0 .. DoD Preps to Fight InfoCriminals Both Foreign and Domestic ...... 36.0 .. Another Big Hole Found in NT .................................... 37.0 .. Korea to Block All Porn ......................................... 38.0 .. Grammatically Challenged InfoCriminal Defaces Site .............. 39.0 .. Bank Emails Virus to Investors .................................. 40.0 .. IS YAHOO SPAM OR ANTI-SPAM ORIENTED?............................. 41.0 .. "NINES PROBLEM".................................................. 42.0 .. Stealth Coordinated Attack HOWTO by Dragos Ruiu.................. 43.0 .. TAIWAN CIRCLES WAGONS IN CYBER-WARFARE........................... 44.0 .. UK WEBHOSTING COMPANY HIT BY VIRUS............................... 45.0 .. NETSCAPE ISSUES WEB-SERVER FIX................................... 46.0 .. CWI CRACKS 512 BIT KEY........................................... 47.0 .. MOUNTING AN ANTI-VIRUS DEFENSE................................... 48.0 .. RETROSPECTIVE ON CRACKING CONTESTS............................... 49.0 .. SHOUTCAST COMPROMISED............................................ 50.0 .. AUDIT OFFICE BLASTS AGENCIES' SERIOUS SECURITY FLAWS............. 51.0 .. ISS X-FORCE ADVISORY ON LOTUS NOTES DOMINO SERVER 4.6............ 52.0 .. TECHNOLOGY KEY TO TRACKING DOWN INTERNET CRIME................... 53.0 .. GOVT HOME-INVASION BILL DRIVES US PC USERS TO CANADA............. 54.0 .. HACKERS SCANNING FOR TROUBLE..................................... 55.0 .. Canada Net they've built a super fast network, but what to do with it? 56.0 .. Security focus BUGTRAQ summary................................... 57.0 .. A typical script kiddie attack scenerio against HTTP server...... 58.0 .. NMAP - Scan Analysis (v2)........................................ 59.0 .. Security Focus: Incidents Summary................................ 60.0 .. Security Focus: Jobs............................................. =--------------------------------------------------------------------------= AD.S .. Post your site ads or etc here, if you can offer something in return thats tres cool, if not we'll consider ur ad anyways so send it in. ads for other zines are ok too btw just mention us in yours, please remember to include links and an email contact. Corporate ads will be considered also and if your company wishes to donate to or participate in the upcoming Canc0n99 event send in your suggestions and ads now...n.b date and time may be pushed back join mailing list for up to date information....................................... Current dates: POSTPONED til further notice, place: TBA.. ................. Ha.Ha .. Humour and puzzles ............................................ Hey You!........................................................ =------=........................................................ Send in humour for this section! I need a laugh and its hard to find good stuff... ;)........................................... SITE.1 .. Featured site, ................................................. H.W .. Hacked Websites ............................................... A.0 .. APPENDICES...................................................... A.1 .. PHACVW linx and references...................................... =--------------------------------------------------------------------------= @HWA'99 00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ). Important semi-legalese and license to redistribute: YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email cruciphux@dok.org THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS: I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND REDISTRIBUTE/MIRROR. - EoD Although this file and all future issues are now copyright, some of the content holds its own copyright and these are printed and respected. News is news so i'll print any and all news but will quote sources when the source is known, if its good enough for CNN its good enough for me. And i'm doing it for free on my own time so pfffft. :) No monies are made or sought through the distribution of this material. If you have a problem or concern email me and we'll discuss it. cruciphux@dok.org Cruciphux [C*:.] 00.1 CONTACT INFORMATION AND MAIL DROP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wahoo, we now have a mail-drop, if you are outside of the U.S.A or Canada / North America (hell even if you are inside ..) and wish to send printed matter like newspaper clippings a subscription to your cool foreign hacking zine or photos, small non-explosive packages or sensitive information etc etc well, now you can. (w00t) please no more inflatable sheep or plastic dog droppings, or fake vomit thanks. Send all goodies to: HWA NEWS P.O BOX 44118 370 MAIN ST. NORTH BRAMPTON, ONTARIO CANADA L6V 4H5 WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are ~~~~~~~ reading this from some interesting places, make my day and get a mention in the zine, send in a postcard, I realize that some places it is cost prohibitive but if you have the time and money be a cool dude / gal and send a poor guy a postcard preferably one that has some scenery from your place of residence for my collection, I collect stamps too so you kill two birds with one stone by being cool and mailing in a postcard, return address not necessary, just a "hey guys being cool in Bahrain, take it easy" will do ... ;-) thanx. Ideas for interesting 'stuff' to send in apart from news: - Photo copies of old system manual front pages (optionally signed by you) ;-) - Photos of yourself, your mom, sister, dog and or cat in a NON compromising position plz I don't want pr0n. - Picture postcards - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250 tapes with hack/security related archives, logs, irc logs etc on em. - audio or video cassettes of yourself/others etc of interesting phone fun or social engineering examples or transcripts thereof. Stuff you can email: - Prank phone calls in .ram or .mp* format - Fone tones and security announcements from PBX's etc - fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities) - reserved for one smiley face -> :-) <- - PHACV lists of files that you have or phac cd's you own (we have a burner, *g*) - burns of phac cds (email first to make sure we don't already have em) - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp* If you still can't think of anything you're probably not that interesting a person after all so don't worry about it Our current email: Submissions/zine gossip.....: hwa@press.usmc.net Private email to editor.....: cruciphux@dok.org Distribution/Website........: sas72@usa.net @HWA 00.2 Sources *** ~~~~~~~~~~~ Sources can be some, all, or none of the following (by no means complete nor listed in any degree of importance) Unless otherwise noted, like msgs from lists or news from other sites, articles and information is compiled and or sourced by Cruciphux no copyright claimed. News & I/O zine ................. http://www.antionline.com/ Back Orifice/cDc..................http://www.cultdeadcow.com/ News site (HNN) .....,............http://www.hackernews.com/ Help Net Security.................http://net-security.org/ News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/ NewsTrolls .(daily news ).........http://www.newstrolls.com/ News + Exploit archive ...........http://www.rootshell.com/beta/news.html CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest News site+........................http://www.zdnet.com/ News site+Security................http://www.gammaforce.org/ News site+Security................http://www.projectgamma.com/ News site+Security................http://securityhole.8m.com/ News site+Security related site...http://www.403-security.org/ *DOWN* News/Humour site+ ................http://www.innerpulse.com News/Techie news site.............http://www.slashdot.org +Various mailing lists and some newsgroups, such as ... +other sites available on the HNN affiliates page, please see http://www.hackernews.com/affiliates.html as they seem to be popping up rather frequently ... http://www.the-project.org/ .. IRC list/admin archives http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk alt.hackers.malicious alt.hackers alt.2600 BUGTRAQ ISN security mailing list ntbugtraq <+others> NEWS Agencies, News search engines etc: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cnn.com/SEARCH/ http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0 http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack http://www.ottawacitizen.com/business/ http://search.yahoo.com.sg/search/news_sg?p=hack http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack http://www.zdnet.com/zdtv/cybercrime/ http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column) NOTE: See appendices for details on other links. http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm http://freespeech.org/eua/ Electronic Underground Affiliation http://ech0.cjb.net ech0 Security http://axon.jccc.net/hir/ Hackers Information Report http://net-security.org Net Security http://www.403-security.org Daily news and security related site Submissions/Hints/Tips/Etc ~~~~~~~~~~~~~~~~~~~~~~~~~~ All submissions that are `published' are printed with the credits you provide, if no response is received by a week or two it is assumed that you don't care wether the article/email is to be used in an issue or not and may be used at my discretion. Looking for: Good news sites that are not already listed here OR on the HNN affiliates page at http://www.hackernews.com/affiliates.html Magazines (complete or just the articles) of breaking sekurity or hacker activity in your region, this includes telephone phraud and any other technological use, abuse hole or cool thingy. ;-) cut em out and send it to the drop box. - Ed Mailing List Subscription Info (Far from complete) Feb 1999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~ ISS Security mailing list faq : http://www.iss.net/iss/maillist.html THE MOST READ: BUGTRAQ - Subscription info ~~~~~~~~~~~~~~~~~~~~~~~~~~~ What is Bugtraq? Bugtraq is a full-disclosure UNIX security mailing list, (see the info file) started by Scott Chasin . To subscribe to bugtraq, send mail to listserv@netspace.org containing the message body subscribe bugtraq. I've been archiving this list on the web since late 1993. It is searchable with glimpse and archived on-the-fly with hypermail. Searchable Hypermail Index; http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html Link About the Bugtraq mailing list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following comes from Bugtraq's info file: This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vulnerabilities. It is about defining, recognizing, and preventing use of security holes and risks. Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter. I will allow certain informational posts regarding updates to security tools, documents, etc. But I will not tolerate any unnecessary or nonessential "noise" on this list. Please follow the below guidelines on what kind of information should be posted to the Bugtraq list: + Information on Unix related security holes/backdoors (past and present) + Exploit programs, scripts or detailed processes about the above + Patches, workarounds, fixes + Announcements, advisories or warnings + Ideas, future plans or current works dealing with Unix security + Information material regarding vendor contacts and procedures + Individual experiences in dealing with above vendors or security organizations + Incident advisories or informational reporting Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq reflector address if the response does not meet the above criteria. Remember: YOYOW. You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of those words without your permission in any medium outside the distribution of this list may be challenged by you, the author. For questions or comments, please mail me: chasin@crimelab.com (Scott Chasin) Crypto-Gram ~~~~~~~~~~~ CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on cryptography and computer security. To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a blank message to crypto-gram-subscribe@chaparraltree.com.  To unsubscribe, visit http://www.counterpane.com/unsubform.html.  Back issues are available on http://www.counterpane.com. CRYPTO-GRAM is written by Bruce Schneier.  Schneier is president of Counterpane Systems, the author of "Applied Cryptography," and an inventor of the Blowfish, Twofish, and Yarrow algorithms.  He served on the board of the International Association for Cryptologic Research, EPIC, and VTW.  He is a frequent writer and lecturer on cryptography. CUD Computer Underground Digest ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This info directly from their latest ish: Computer underground Digest    Sun  14 Feb, 1999   Volume 11 : Issue 09                             ISSN  1004-042X        Editor: Jim Thomas (cudigest@sun.soci.niu.edu)        News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)        Archivist: Brendan Kehoe        Poof Reader:   Etaion Shrdlu, Jr.        Shadow-Archivists: Dan Carosone / Paul Southworth                           Ralph Sims / Jyrki Kuoppala                           Ian Dickinson        Cu Digest Homepage: http://www.soci.niu.edu/~cudigest [ISN] Security list ~~~~~~~~~~~~~~~~~~~ This is a low volume list with lots of informative articles, if I had my way i'd reproduce them ALL here, well almost all .... ;-) - Ed Subscribe: mail majordomo@repsec.com with "subscribe isn". @HWA 00.3 THIS IS WHO WE ARE ~~~~~~~~~~~~~~~~~~ Some HWA members and Legacy staff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cruciphux@dok.org.........: currently active/editorial darkshadez@ThePentagon.com: currently active/man in black fprophet@dok.org..........: currently active/IRC+ man in black sas72@usa.net ............. currently active/IRC+ distribution vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black dicentra...(email withheld): IRC+ grrl in black eentity ...( '' '' ): Currently active/IRC+ man in black Foreign Correspondants/affiliate members ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Qubik ............................: United Kingdom D----Y ...........................: USA/world media HWA members ......................: World Media Past Foreign Correspondants (currently inactive or presumed dead) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ N0Portz ..........................: Australia system error .....................: Indonesia Wile (wile coyote) ...............: Japan/the East Ruffneck ........................: Netherlands/Holland Please send in your sites for inclusion here if you haven't already also if you want your emails listed send me a note ... - Ed Spikeman's site is down as of this writing, if it comes back online it will be posted here. http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian) ******************************************************************* *** /join #HWA.hax0r.news on EFnet the key is `zwen' *** ******************************************************************* :-p 1. We do NOT work for the government in any shape or form.Unless you count paying taxes ... in which case we work for the gov't in a BIG WAY. :-/ 2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news events its a good idea to check out issue #1 at least and possibly also the Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ... @HWA 00.4 Whats in a name? why HWA.hax0r.news?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Well what does HWA stand for? never mind if you ever find out I may have to get those hax0rs from 'Hackers' or the Pretorians after you. In case you couldn't figure it out hax0r is "new skewl" and although it is laughed at, shunned, or even pidgeon holed with those 'dumb leet (l33t?) dewds' this is the state of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you up and comers, i'd highly recommend you get that book. Its almost like buying a clue. Anyway..on with the show .. - Editorial staff @HWA 00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also released in issue #3. (revised) check that issue for the faq it won't be reprinted unless changed in a big way with the exception of the following excerpt from the FAQ, included to assist first time readers: Some of the stuff related to personal useage and use in this zine are listed below: Some are very useful, others attempt to deny the any possible attempts at eschewing obfuscation by obsucuring their actual definitions. @HWA - see EoA ;-) != - Mathematical notation "is not equal to" or "does not equal" ASC(247) "wavey equals" sign means "almost equal" to. If written an =/= (equals sign with a slash thru it) also means !=, =< is Equal to or less than and => is equal to or greater than (etc, this aint fucking grade school, cripes, don't believe I just typed all that..) AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21) AOL - A great deal of people that got ripped off for net access by a huge clueless isp with sekurity that you can drive buses through, we're not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the least they could try leasing one?? *CC - 1 - Credit Card (as in phraud) 2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's CCC - Chaos Computer Club (Germany) *CON - Conference, a place hackers crackers and hax0rs among others go to swap ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk watch videos and seminars, get drunk, listen to speakers, and last but not least, get drunk. *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker speak he's the guy that breaks into systems and is often (but by no means always) a "script kiddie" see pheer 2 . An edible biscuit usually crappy tasting without a nice dip, I like jalapeno pepper dip or chives sour cream and onion, yum - Ed Ebonics - speaking like a rastafarian or hip dude of colour also wigger Vanilla Ice is a wigger, The Beastie Boys and rappers speak using ebonics, speaking in a dark tongue ... being ereet, see pheer EoC - End of Commentary EoA - End of Article or more commonly @HWA EoF - End of file EoD - End of diatribe (AOL'ers: look it up) FUD - Coined by Unknown and made famous by HNN - "Fear uncertainty and doubt", usually in general media articles not high brow articles such as ours or other HNN affiliates ;) du0d - a small furry animal that scurries over keyboards causing people to type weird crap on irc, hence when someone says something stupid or off topic 'du0d wtf are you talkin about' may be used. *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to define, I think it is best defined as pop culture's view on The Hacker ala movies such as well erhm "Hackers" and The Net etc... usually used by "real" hackers or crackers in a derogatory or slang humorous way, like 'hax0r me some coffee?' or can you hax0r some bread on the way to the table please?' 2 - A tool for cutting sheet metal. HHN - Maybe a bit confusing with HNN but we did spring to life around the same time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper noun means the hackernews site proper. k? k. ;& HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d MFI/MOI- Missing on/from IRC NFC - Depends on context: No Further Comment or No Fucking Comment NFR - Network Flight Recorder (Do a websearch) see 0wn3d NFW - No fuckin'way *0WN3D - You are cracked and owned by an elite entity see pheer *OFCS - Oh for christ's sakes PHACV - And variations of same Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare Alternates: H - hacking, hacktivist C - Cracking C - Cracking V - Virus W - Warfare A - Anarchy (explosives etc, Jolly Roger's Cookbook etc) P - Phreaking, "telephone hacking" PHone fREAKs ... CT - Cyber Terrorism *PHEER - This is what you do when an ereet or elite person is in your presence see 0wn3d *RTFM - Read the fucking manual - not always applicable since some manuals are pure shit but if the answer you seek is indeed in the manual then you should have RTFM you dumb ass. TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0 TBA - To Be Arranged/To Be Announced also 2ba TFS - Tough fucking shit. *w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions from the underground masses. also "w00ten" 2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers) *wtf - what the fuck, where the fuck, when the fuck etc .. *ZEN - The state you reach when you *think* you know everything (but really don't) usually shortly after reaching the ZEN like state something will break that you just 'fixed' or tweaked. @HWA -=- :. .: -=- 01.0 Greets!?!?! yeah greets! w0w huh. - Ed ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to all in the community for their support and interest but i'd like to see more reader input, help me out here, whats good, what sucks etc, not that I guarantee i'll take any notice mind you, but send in your thoughts anyway. * all the people who sent in cool emails and support FProphet Pyra TwstdPair _NeM_ D----Y Dicentra vexxation sAs72 Spikeman p0lix Ken Williams/tattooman of PacketStorm, hang in there Ken...:( & Kevin Mitnick (Happy Birthday) kewl sites: + http://www.securityportal.com/ NEW + http://www.securityfocus.com/ NEW + http://www.hackcanada.com/ + http://www.l0pht.com/ + http://www.2600.com/ + http://www.freekevin.com/ + http://www.genocide2600.com/ + http://www.packetstorm.harvard.edu/ ******* DOWN (THANKS JP) ****** + http://www.hackernews.com/ (Went online same time we started issue 1!) + http://www.net-security.org/ + http://www.slashdot.org/ + http://www.freshmeat.net/ + http://www.403-security.org/ + http://ech0.cjb.net/ @HWA 01.1 Last minute stuff, rumours and newsbytes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "What is popular isn't always right, and what is right isn't always popular..." - FProphet '99 +++ When was the last time you backed up your important data? ++ DEFAULT #3 RELEASED The cool DEFAULT newsletter by Help net-security.org is up to issue#3 check it out by BHZ, Friday 27th August 1999 on 3:01 pm CET Third issue of our newsletter is out. You can read abot following topics: Y2K week in review + Outlook Express Year 2000 Update, Look into basic cryptography, Freedom Network, IP Masquerading, Macintosh security, Trojan forensics, Scams - Getting something by all means, Freedom of the speech review and part two of excellent Intrusion and detection article. Download > default3.txt or default3.zip. http://default.net-security.org/dl/default3.txt http://default.net-security.org/dl/default3.zip Thanks to myself for providing the info from my wired news feed and others from whatever sources, also to Spikeman for sending in past entries.... - Ed @HWA 01.2 MAILBAG - email and posts from the message board worthy of a read ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ (No mail worthy of posting here this issue,) Yeah we have a message board, feel free to use it, remember there are no stupid questions... well there are but if you ask something really dumb we'll just laugh at ya, lets give the message board a bit more use eh? i'll be using a real message board when the hwa-iwa.org domain comes back online (soon) meanwhile the beseen board is still up... Since theres nothing to print here, here's the Mentor's last words direct from Phrack7 file 003 complete and unabridged... send in your mail/questions etc! - Ed ==Phrack Inc.== Volume One, Issue 7, Phile #3 of 10 The following was written shortly after my arrest. I am currently groupless, having resigned from the Racketeers, so ignore the signoff... The Conscience of a Hacker... by The Mentor... 1/8/86 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us will- ing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this indiv- idual, but you can't stop us all... after all, we're all alike. +++The Mentor+++ Racketeers ============================================================================== 02.0 From the editor. ~~~~~~~~~~~~~~~~ #include #include #include main() { printf ("Read commented source!\n\n"); /* This issue includes an article by Dragos Ruiu that is well worth the read * it is entitled "Stealth Coordinated Attack HOWTO" as mentioned in the header * and outlines various attack methods employed by todays hacker used to scope * out and penetrate your systems. The article can be found in section 42.0 * * As always we welcome your stories, articles and poetry, please send them with any * information about yourself you see fit or would like included to the address below... * * Please, send your submissions to: hwa@press.usmc.net thank you. * * Cruciphux */ printf ("EoF.\n"); } Congrats, thanks, articles, news submissions and kudos to us at the main address: hwa@press.usmc.net complaints and all nastygrams and mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to 127.0.0.1, private mail to cruciphux@dok.org danke. C*:. 03.0 DOJ contemplates secret searches ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ SECRET SEARCHES FROM DOJ by BHZ, Tuesday 24th August 1999 on 2:34 pm CET InfoWar published a briefing on public policy issues written by Center for Democracy and Technology (www.cdt.org). "The Justice Department is planning to ask Congress for new authority allowing federal agents armed with search warrants to secretly break into homes and offices to obtain decryption keys or passwords or to implant 'recovery devices' or otherwise modify computers to ensure that any encrypted messages or files can be read by the government". Read the briefing here. 8/23/99 DOJ Proposes Secret Searches C D T P O L I C Y P O S T A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE from THE CENTER FOR DEMOCRACY AND TECHNOLOGY Volume 5, Number 19 August 20, 1999 CONTENTS: (1) Justice Department Proposes Secret Searches of Homes, Offices (2) If the Government Wants Your Data, It Should Come to You For It (3) Proposal Also Sets Standards for Access to Escrowed Keys (4) Subscription Information (5) About the Center for Democracy and Technology ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ari@cdt.org This document is also available at: http://www.cdt.org/publications/pp_5.19.html (1) JUSTICE DEPARTMENT PROPOSES SECRET SEARCHES OF HOMES, OFFICES The Justice Department is planning to ask Congress for new authority allowing federal agents armed with search warrants to secretly break into homes and offices to obtain decryption keys or passwords or to implant "recovery devices" or otherwise modify computers to ensure that any encrypted messages or files can be read by the government. With this dramatic proposal, the Clinton Administration is basically saying: "If you don't give your key in advance to a third party, we will secretly enter your house to take it if we suspect criminal conduct." The full text of the Justice Department proposal, a section-by-section analysis prepared by DOJ lawyers, and related materials are available at: http://www.cdt.org/crypto/CESA. The proposal has been circulating within the Clinton Administration since late June. On August 5, the Office of Management and Budget circulated it for final interagency review. In the normal course, after all potentially interested agencies have been consulted, the proposal would be transmitted to Capitol Hill, where it could be introduced by any Member, or offered as an amendment to pending legislation. (2) IF THE GOVERNMENT WANTS YOUR DATA, IT SHOULD COME TO YOU FOR IT The proposal is intended to eliminate a core element of our civil liberties. Normally, under the Fourth Amendment in the Bill of Rights, when the government wants to search your home or office, the government must obtain a court order issued by a judge based on a finding of probable cause to believe that a crime is being committed AND the government must provide you with contemporaneous notice of the search -- show you the warrant and leave an inventory of the items seized. This notice requirement has ancient roots. It is based on the notion that the judicial warrant (issued on the basis of the government agent's untested assertions presented to a judge in private) does not provide adequate protection against abuse. Notice is important because it gives you the opportunity to observe the conduct of the government agents and protect your rights. If the agents are exceeding the scope of the warrant, for example, you can even rush down to the courthouse and ask a judge to stop the search. And after the search, you can exercise your rights for return of your property and otherwise defend yourself. Over time, our society has tolerated exceptions to this rule. For example, the government can enter secretly to plant bugs to pick up oral communications or to bug your phone, but that is quite rare. Most wiretaps do not involve entry into the home. A few courts in a few cases have allowed so-called "sneak and peek" searches, in which government agents can enter surreptitiously, provided they don't take anything. And in the name of foreign counterintelligence, the government has long conducted "black bag jobs," such as the one in which they searched the home and computer of CIA employee Aldrich Ames. The new DOJ proposal is a huge expansion of these previously narrowly defined exceptions. The proposal takes extraordinary cases at the fringes of the law and makes them routine, given the increasingly ubiquitous nature of computers. Thus, the encryption debate, which up until now has been about privacy and security in cyberspace, is becoming a struggle over the sanctity of the home. (3) PROPOSAL ALSO SETS STANDARDS FOR ACCESS TO ESCROWED KEYS The proposal also includes detailed procedures for government access to keys and other forms of decryption assistance stored with third parties. Again, the essence of the DOJ proposal is government access to keys without the knowledge or cooperation of the crypto user. The DOJ claims that these key recovery provisions provide greater protection for lawful users of encryption, by making it clear that a third party holding a decryption key or other recovery information cannot disclose it or use it except in accordance with the procedures set forth in the Act. The DOJ-drafted procedures are complicated and unique, turning on unanswered questions of what is "generally applicable law" and what is a "constitutionally protected expectation of privacy." They fall far short of protections proposed by Sen. Patrick J. Leahy (D-VT) in the Electronic Rights for the Twenty-First Century (E-RIGHTS) bill, S. 854, described at http://www.cdt.org/crypto/legis_106/ERIGHTS/ In any case, few individuals use third party key recovery, and there seems to be little individual or corporate interest in key recovery for communications, so even the strictest procedures for access to escrowed keys would be vastly outweighed by the proposed secret searches of homes and offices. In the small comfort department, the DOJ proposal makes it clear that key escrow or third party key recovery would not be mandatory. (4) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center for Democracy and Technology, are received by Internet users, industry leaders, policymakers, the news media and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to majordomo@cdt.org In the BODY of the message (leave the SUBJECT LINE BLANK), type subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with NOTHING IN THE SUBJECT LINE and a BODY TEXT of: unsubscribe policy-posts (5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info@cdt.org World Wide Web: http://www.cdt.org/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 End Policy Post 5.19 Aleksandr Gembinski Webmaster etc. Center for Democracy and Technology 1634 Eye Street, NW 11th Floor Washington, DC 20006 (v) +1.202.637.9800 (f) +1.202.637.0968 http://www.cdt.org/ @HWA 04.0 FIRST NET CONVICT WILL DO NO TIME ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ by Thejian, Monday 23rd August 1999 on 9:30 pm CET The University of Oregon student who last Friday pled guilty to felony cyber-crime charges and in so doing became the first-ever person convicted under the No Electronic Theft (NET) Act, will not do any jail time. The student will be sentenced Nov. 2 - and although he faces a maximum of three years in jail for his conviction on one count of "criminal infringement or reproduction" of commercial software - his plea arrangement assures that he will not see the inside of a jail cell, altough he still is saddled with a felony conviction according to the deputy chief of DOJ's computer crime division. Story on Newsbytes First NET Convict Will Do No Time - Update By David McGuire, Newsbytes WASHINGTON, DC, U.S.A., 23 Aug 1999, 12:31 PM CST A University of Oregon student convicted of distributing pirated software over the Internet will not spend any time in jail under a plea agreement with Department of Justice attorneys. The student last Friday pled guilty to felony cyber-crime charges and in so doing became the first-ever person convicted under the decade-old the No Electronic Theft (NET) Act, Newsbytes reported last week. The student was accused of pilfering thousands of business and entertainment programs and posting them, free-of-charge, on his Website, said David Greene, deputy chief of Justice's computer crime division. Before the NET Act was passed, prosecutors had to prove that cyber- thieves received "commercial benefits" from their thefts in order to win convictions. But the NET Act closed that loophole. The student will be sentenced Nov. 2 - and although he faces a maximum of three years in jail for his conviction on one count of "criminal infringement or reproduction" of commercial software - his plea arrangement assures that he will not see the inside of a jail cell, Greene said. Still, he is saddled with a felony conviction, and Greene hopes coverage of the case will deter other software pirates, he said. Earlier this year, some congressional Republicans questioned why there had been no Department of Justice prosecutions under the NET Act. DoJ called yesterday's conviction a clear message that Justice is enforcing the law. "We are not going to bring hundreds of these cases," Greene said. But DoJ is "trying to discourage (computer piracy) as a hobby." While such thefts may seem comparatively innocuous, they have "done some real damage to software companies," Greene said. Reported by Newsbytes.com, http://www.newsbytes.com . 12:31 CST Reposted 12:31 CST ZD Net http://www.zdnet.com/zdnn/stories/news/0,4586,2318386,00.html?chkpt=hpqs014 -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnet.com/zdnn. -------------------------------------------------------------- Feds convict first Internet pirate By Reuters August 20, 1999 5:22 PM PT URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2318386,00.html?chkpt=hpqs014 WASHINGTON -- An Oregon college student who gave away music, movies and software on the Web has become the first person convicted of a felony under a law punishing Internet copyright piracy, the government said Friday. Jeffrey Gerard Levy, 22, a senior at the University of Oregon in Eugene, pleaded guilty to violating the No Electronic Theft Act of 1997, the U.S. Justice Department announced. The Justice Department said Levy admitted that in January of this year he "illegally posted computer software programs, musical recordings, entertainment software programs and digitally recorded movies on his Internet Web site, allowing the general public to download and copy these copyrighted products." A Justice Department official said there was no evidence that Levy had made any profit from the freely available works. Anybody who distributes 10 or more copyrighted works with a value of more than $2,500 can face up to three years in prison and a fine of up to $250,000. Levy faces sentencing Nov. 2. @HWA 05.0 NORTON ANTIVIRUS 2000 IS OUT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ by BHZ, Tuesday 24th August 1999 on 3:17 pm CET Symantec (www.symantec.com) published Norton Utilities 2000, Norton AntiVirus 2000, and Norton CleanSweep 2000. Norton AntiVirus 2000 has two new features - support for automatic scanning of incoming e-mail attachments from POP-based applications such and it can automatically eliminate viruses in multiple compressed file levels, such as a Zip file inside another Zip file. @HWA 06.0 SSL CPU CONSUMPTION CAUSES CONCERNS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From http://www.net-security.org/ by Thejian, Tuesday 24th August 1999 on 11:50 am CET A recently released study by research and consulting firm Networkshop, found that various combinations of servers, processors, operating systems and online content used in conjunction with Secure Sockets Layer (SSL) can hamper the performance of Web servers. SSL helps secure e-commerce transactions, but these new findings suggest that its CPU consumption may end up impeding those same transactions. Full story SSL's CPU appetite causes concern Amy Rogers Washington, D.C. - Secure Sockets Layer (SSL) technology helps secure E-business transactions, but its voracious consumption of CPU space may end up impeding those same transactions. In a study released this summer, research and consulting firm Networkshop, Ottawa, found that various combinations of servers, processors, operating systems and online content used in conjunction with SSL can hamper the performance of Web servers. Networkshop paired Linux, Windows NT and Sun Microsystems Inc. Solaris with Web servers including Apache, Stronghold and Microsoft Corp.'s Internet Information Server. Windows NT plus Intel Corp. processors tended to better handle the task of processing SSL's complex algorithms, he said. Slow performance could lead to frustrated or lost customers, so VARs implementing E-business solutions might want to examine several types of products that offload encryption processing from the server itself to another device. These products include PC cards or server cards, such as Rainbow Technologies Inc.'s CryptoSwift; encryption-offloading units that sit on the network, such as those from nCipher Corp.; and so-called Internet Commerce Appliances, such as IPivot Inc.'s Commerce Director 8000. Such devices, including IPivot's Commerce Accelerator 1000, an entry-level version of Commerce Director, free up Web servers to perform tasks other than crunching numbers. CryptoSwift offloads 200 SSL transactions per second, said Bob Bova, director of business development at Rainbow Technologies, Irvine, Calif. Rainbow is seeking resellers that add "significant value to security technology" to add to its stable of partners. Already 15 VARs and integrators are on board, he said. Copyright ® 1999 CMP Media Inc. 07.0 Bug in Bill Gate's Anus? ~~~~~~~~~~~~~~~~~~~~~~~~ Aug 27th SmoG sent this in... http://support.microsoft.com/isapi/support/pass.idc?Product=Bill%20Gates%20Anus In case it has been replaced by the time you read this the following headlined a bug report form on Microsoft's tech support page "Do you think you've found a bug in Microsoft Bill Gates Anus?" With the submission form following the header... @HWA 08.0 CESA Causing Outrage In Libertarians ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by AlienPlague The 'Cyberspace Electronic Security Act', which HNN has previously reported on, is drawing much criticism and causing outrage amongst civil libertarians and high-tech industry trade groups. They say that the act not only violates Civil Rights, but "would make police break-ins far more common than they are now." While law enforcement agencies claim that encryption is detrimental to their job of tracking criminals and crime, most seem to feel that it is just another way the current administration will attempt to impose 'big brother' monitoring powers over American citizens. MSNBC http://www.msnbc.com/news/302945.asp Furor rising over PC wiretap plan Civil libertarians, trade groups outraged by DOJ proposal that would ‘booby-trap’ PCs. But will Congress go ‘ballistic’? By Maria Seminerio ZDNN Aug. 20 — A U.S. Department of Justice proposal to make it easier for police to break into homes and access computers is drawing a furious reaction from civil libertarians and high-tech industry trade groups. THE DRAFT LEGISLATION, for which the DOJ hopes to find a sponsor in Congress, is dubbed the Cyberspace Electronic Security Act. The law would make it easier for law enforcement officials to obtain from judges a now-rarely-used authorization to break into a suspect’s home and plant a hidden listening device. But in this case, the computer equivalent of the “listening device” is the authorization for investigators to disable data-scrambling encryption programs on PCs. (In order to actually copy data from the computer, police would still need a separate warrant from a judge.) DOJ wants clearance to bug PCs ”(The proposal) strikes at the heart of the Bill of Rights,” said David Sobel, general counsel for the Electronic Privacy Information Center. Noting that judges in all federal and state courts combined only issued 50 warrants for so-called “surreptitious physical entries” last year, Sobel said extending such authorization to cases involving computer files “would make police break-ins far more common than they are now.” ‘BOOBY-TRAP YOUR COMPUTER’ The proposal would “basically allow investigators to booby-trap your computer ahead of time” by disabling encryption, he said. The proposal was most likely spurred by the frustration investigators have experienced when finding encrypted data on computers used by suspected drug dealers and other criminals, he added. DOJ officials did not respond to requests for interviews Friday. But in a letter to House Speaker Dennis Hastert, Acting Assistant Attorney General Jon Jennings said the new law would aid investigators when information needs to be deciphered “in a timely manner.” “While under existing law, law enforcement is provided with different means to collect evidence of illegal activity, these means are rendered wholly insufficient when encryption is used,” wrote Jennings in the letter. “In the context of law enforcement operations, stopping a terrorist attack or seeking to recover a kidnapped child, time is of the essence and may mean the difference between success and catastrophic failure. “While existing means of obtaining evidence would remain applicable in a fully-encrypted world, the failure to provide law enforcement with the necessary ability to obtain the plain-text version of the evidence makes existing authorities useless,” he wrote. EPIC: CONGRESS WILL GO ‘BALLISTIC’ Noting that the proposal would need to find a sponsor in Congress and then be passed into law before it could take effect, EPIC’s Sobel said it could encounter resistance by lawmakers. “I think people in Congress are going to go ballistic over this, particularly since it’s coming right on the heels of the FIDNET” controversy, he said. FIDNET — the controversial proposal to monitor government and some private networks for hacking activity — came to light earlier this summer and remains in limbo. Barry Steinhardt, president of the American Civil Liberties Union, said that the Federal Bureau of Investigation has often misused its powers in the past, and could do so again under the DOJ proposal. “There’s every reason to believe they’re not just going to look at the Mob using the powers sought under the proposal,” Steinhardt said. “They’ll use this power to interfere with protected speech.” Also condemning the plan were the Computer and Communications Industry Association, the Center for Democracy and Technology, and Americans for Computer Privacy. CLINTON ADMIN: BIG BROTHER? The plan is “an unprecedented attempt by the Clinton administration to impose ‘big brother’ monitoring powers over American citizens,” ACP officials said in a statement. “The fact is that current laws provide law enforcement broad powers to obtain information.” “This is another attempt by law enforcement to do an end-run (around encryption),” said Ed Black, president of the CCIA. “It offers a real temptation for investigators to overreach and overextend” the current limits on searches and seizures, he said. “Anybody’s vulnerable,” Black added. ”(This) resembles something the KGB would propose.” @HWA 09.0 ReDaTtAcK Arrested, Questioned, Charged, Released ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Wizzy24 After electronically breaking into the General Bank of Belgium, ReDaTtAcK has been apprehended. He was traced via his cell phone and then arrested and later released. He has not been charged with computer intrusion as Belgium has no such law. Instead he will be charged with electronic eavesdropping charges after breaking into SkyNet a Belgian ISP run by the state owned telephone company Belgacom. ReDaTtAcK has stated that he will continue to do what he does. The Standard - Dutch http://www.standaard.be @HWA 10.0 Some GPS Systems Fail With Date Rollover ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid While the GPS satellites themselves and most GPS receivers continued to function normally some units failed when the GPS date rolled over this past weekend. Many Japanese users of in car navigation systems experienced complete systems failure when the date rolled over. Four Japanese manufacturers of GPS systems have completed updating a little over half of the GPS systems sold in the country since 1996. Yahoo News http://dailynews.yahoo.com/h/nm/19990822/tc/gps_japan_1.html Sunday August 22 1:10 AM ET Irate Japanese Car Drivers Hit By GPS Bug TOKYO (Reuters) - A steady stream of irate customers called Japanese car navigation makers Sunday after their automotive directional devices failed due to a computer flaw. The screens on some car navigation systems went blank while others froze up as a computer bug struck Global Positioning System (GPS) devices, electronics company Pioneer Electronic Corp said. Pioneer, one of several car navigation system makers battling the bug, had received several hundred phone calls since the problem started at 9 a.m., a spokeswoman said. About 450 Pioneer workers manned telephone lines and staffed service centers over the weekend to help customers with the GPS problem, she said. Some 95,000 car navigation units sold in Japan may be unable to cope with an internal date change in the system, the Ministry of International Trade and Industry said. Four Japanese manufacturers of GPS systems have completed updating only about 170,000 of the estimated 260,000 units sold in Japan since 1996 and believed to be still in operation. Japanese drivers are heavily reliant on the navigational devices because most streets in urban centers such as Tokyo are unnamed and follow curving paths laid out among a tangle of property lines. Japan's Maritime Safety Agency has received reports that ships with older GPS systems are in or near territorial waters but has not received any distress calls as of Sunday noon, a spokesman said. At midnight GMT, the 24 satellites of the Global Positioning System, which provide navigational data from 17,700 kilometers (11,000 miles) out in space, switched their timing system back to zero. The rollover is because the system, which uses radio signals from satellites to provide navigation data, was designed to ignore calendar dates but keep precise time measured in seconds and weeks. Only 1,024 weeks were allotted from January 6, 1980, before the system is reset to zero. @HWA 11.0 Security Search Engine MindSec Goes Online ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Erik www.mindsec.com goes live today, providing a search engine to search 90 different sites that are security and administration related. MindSec will also have product reviews on admin and security applications and hardware. MindSec http://www.mindsec.com @HWA 12.0 CIA Ex-Director Security Clearance Revoked ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Erik John Deutch, former director of the CIA, has had his security clearance revoked after it was found that he kept classified material on his home PC. Yahoo News http://dailynews.yahoo.com/h/nm/19990822/tc/cia_3.html Sunday August 22 12:02 AM ET CIA Suspends Ex-Director Deutch Security Clearance WASHINGTON (Reuters) - The CIA has suspended security clearance for its former director, John Deutch, who was found to have kept classified material on a computer at his home. A CIA statement Friday said clearance for Deutch, the Central Intelligence Agency director for 20 months up to December 1996, had been suspended ``for an indefinite period of time.'' The decision followed a review of the case by the current director, George Tenet, and a decision by the Justice Department in April not to prosecute Deutch. The statement said that although a report by the CIA's Inspector General ``found no evidence that national security information was lost, the potential for damage to U.S. security existed.'' Newsweek reported in April that 31 classified documents were discovered on a computer at his home in a routine check after Deutch, a pillar of the Washington establishment for decades, left the agency. Deutch issued a statement through the CIA Friday saying: ''...I erred in using CIA-issued computers that were not configured for classified work to compose classified documents and memoranda.'' He said: ``Although I accept responsibility for my mistake, I want to make clear that I never considered the information to be at risk or intended to violate security precautions. But good intentions simply are not enough. Strict compliance is the standard.'' Earlier this year Deutch was appointed to head a commission reviewing security at science laboratories after reports of Chinese spying at nuclear facilities but he withdrew as reports of his own misuse of classified materials emerged. @HWA 13.0 GAO Releases Report on Risk Assement ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench In an attempt to give federal agencies some sort of guideline on how to secure their systems the Government Accounting Office has released the Information Security Risk Assessment: Practices of Leading Organizations report. The report details security programs used by four unnamed organizations, which included oil, financial and computer companies and one federal regulatory agency. The report goes on to identify seven critical factors of a successful ongoing security risk-assessment program. Federal Computer Week http://www.fcw.com:80/pubs/fcw/1999/0823/fcw-newsgao-08-23-99.html General Accounting Office http://www.gao.gov FCW; AUGUST 23, 1999 GAO report tries to sort out risk-assessment confusion BY DIANE FRANK (diane_frank@fcw.com) Facing growing security threats to increasingly complex government computer systems, the General Accounting Office last week released a report to help federal agencies determine how vulnerable their systems are and how to make them more secure. Although GAO's report, "Information Security Risk Assessment: Practices of Leading Organizations," does not present specific suggestions for agencies to determine how to secure systems from cyberattacks, it identifies seven critical factors of a successful ongoing security risk-assessment program, including defining and documenting procedures and results. The report details programs put in place by four unnamed organizations, which included oil, financial and computer companies and one federal regulatory agency. GAO did not name the organizations because it feared that hackers might target them. The report also includes diagrams detailing the risk-assessment process for each organization and a description of how they made their decisions. For example, the regulatory agency conducts risk assessments "to determine the applicable security controls," the GAO reported. "This is done by determining which of a pre-defined set of controls is appropriate for individual business operations and comparing what is appropriate to controls already in place to identify and address gaps." The best practices outlined in the report will be helpful, especially at smaller civilian agencies that do not have the resources that department-level agencies have, said John Gilligan, chief information officer at the Energy Department and co-chairman of security on the CIO Council's Critical Infrastructure, Privacy and Security Committee. "I think it will be useful for people who are charged with risk management to have examples of what others are doing," he said. This is especially true because security and risk assessment are not one-size-fits-all concepts, said Mike Lortz, vulnerability assessment product manager at Internet Security Systems Inc. "The process needs to be different from agency to agency...but the agencies need to be able to use something as a guideline," he said. GAO intends the report to be a supplement to last year's executive guide on information security management. Risk assessment is only one of the five areas outlined in last year's guide, but GAO decided to focus its latest guide on that area because it is what most people in government seem to be worried about, GAO said. "When we did the original guide, during the exposure draft period we got some comments that [said] we should dig deeper into some of these areas, and more comments mentioned risk assessment than any others," said Jean Boltz, assistant director of governmentwide and defense information systems within GAO's Accounting and Information Management Division. Agencies have been confused about how to conduct risk assessment and apply that to the security needs they have, Boltz said, especially after the Office of Management and Budget revised its computer security regulations in 1996 and eliminated the requirement to perform risk assessments. Agencies have been confused about what to do because, although OMB no longer requires risk assessments, it still requires agencies to measure their systems' vulnerability to cyberattacks and unauthorized access and then base their security architecture on that knowledge, Boltz said. Agencies' confusion about risk assessment has heightened because of the increasing use of the Internet and because computer systems are becoming more interdependent, Gilligan said. "Risk assessment is a big deal because it has not been institutionalized," Gilligan said. "In the past, there had been great emphasis on doing risk assessment, but [it] tended over time to not be used or not be done well." @HWA 14.0 CESA Drives People to Freedom ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Jordan The Cyberspace Electronic Security Act, a recent proposal, which if it became law, would allow law enforcement agents to break into your personal PC, is forcing people to seek out ways to protect themselves. One of the methods people have been looking at is Freedom from Zero Knowledge Systems. While the software is still in Beta it promises complete anonymity on the internet. Freedom Beta 3 is nearing completion and is slated for release during the first week in September. The new beta will have increased functionality, stability and ease of use. Freedom http://www.zks.net/clickthrough/click.asp?partner_id=542 Zero Knowledge CESA Info Page http://www.zeroknowledge.com/cesa/ CNN http://www.cnn.com/TECH/computing/9908/18/freedom/ Total digital privacy may be on the horizon August 18, 1999 Web posted at: 5:32 p.m. EDT (2132 GMT) In this story: How it works Freedom gets high marks U.S. encryption policy has its pros and cons RELATED STORIES, SITES By Robin Lloyd CNN Interactive Senior Writer (CNN) -- If American software developers were to touch any of the code in the 10,000 released beta versions of an Internet privacy solution that is getting good preliminary marks, they would be subject to prosecution. In fact, if Zero-Knowledge Systems were based in the United States, it would be illegal for the company to export its Internet privacy software, dubbed 'Freedom.' Instead, the Montreal-based start-up, headed up by 26-year-old Austin Hill, is set to release the first product of its kind -- a comprehensive Internet privacy package that offers multiple online pseudonyms and Byzantine encrypted rerouting that even Zero-Knowledge couldn't crack if it wanted to. No more cookies, e-mail trails and digital identity stealing. At least, that's the idea. More than a dozen "cookie killers" already exist, along with several e-mail and browser anonymity services such as anonymizer.com. Those all rely on what Hill calls a "trust-me" mechanism. A third party server holds users' identity and data. Freedom makes it so the end-user has sole possession of that data. "If there was a gun to my head, I still could not reveal or break the privacy of my users," Hill says. The user has the only "key" to their pseudonyms, which can be linked to independent e-mail addresses, geographic locations and encryption keys. Freedom is designed to protect the e-mail, chats, browsing and newsgroup searches of anyone from a Chinese dissident posting pro-democracy messages to an employee checking out listings for Alcoholics Anonymous. The software can encrypt private chats and newsgroup discussions, ensures anonymous Web browsing and can even block spam, Hill says. Each digital identity relies on full strength encryption that ranges from 128 to 4,096 bits. Freedom 1.0, which works only on Windows platforms, is set for release in late October or early November. It will be downloadable for $49.95. Macintosh and Linux versions are due out next year. Freedom doesn't work with America Online, however, since AOL is an online service separate from the Internet. Zero-Knowledge released 1,000 beta copies of Freedom at the DefCon 7 convention in Las Vegas last month. Since then, it has released thousands more via its Web site. A total of 50,000 people have requested copies since then. How it works Web users leave traces of their identity behind every time they visit a Web site or send e-mail. To get a sense of the process, visit the Center for Democracy and Technology's site and use its demo. Freedom allows users to set up separate pseudonyms for different aspects of their lives -- an identity for an online chat about health care, another for interactions with friends and family, others for Internet browsing and finally a 'true' identity for e-commerce. Zero-Knowledge is working on an e-commerce identity protection solution for future versions. Freedom scrambles data coming from a user's PC and hides the source and destination of Internet traffic routed through the service. The message or data packet is first sent to Zero-Knowledge's servers where it is wrapped in a layer of encryption. That initiates a delivery process where the data bounces from one independently owned relay station to the next and can only be opened by one specific user who then forwards it to another specific user, with that process repeating several times. Eventually a data packet goes to its intended target but neither snoopers, nor the final recipient, have any way of tracing its origins. Third-party protections, the approach relied upon by Freedom's predecessors, can be hacked or bought away when the company makes a new acquisition, as was the case when Double Click acquired Abacus, Hill said. Or, civil lawsuits can force ISPs to turn over their records. Freedom gets high marks David Sobel, general counsel for the Electronic Privacy Information Center, and Ari Schwartz, a policy analyst with the Center for Democracy and Technology, agree that Freedom is a good solution. "I suspect that it is one of the best solutions that we've seen," Sobel said. Freedom's strength comes from Hill's philosophical commitment to preserving privacy and anonymity on the Internet, Sobel said. Schwartz underlined the Center's stance on Internet privacy -- software solutions combined with self-regulation among service providers and legislation will be needed to protect privacy online. The U.S. Congress has introduced several bills this session relating to online privacy but advocates say they may not go far enough. A CDT report concludes that online privacy is the exception, not the rule, in the private sector. U.S. encryption policy has its pros and cons The U.S. policy that prohibits encryption exports and labor is based on protecting security codes produced and cracked by the FBI and other national security agencies. The downside is that we may lose out on what has turned into a $1.5 billion cryptography business for Canada, where limits are less strict, Hill says. The U.S. approach could backfire and result in a brain drain of encryption experts, EPIC's Sobel said. "The end result will be that American companies will lose leadership in this field," he said, "and it is not going to result in encryption being out of the hands of anyone our government might be concerned about." @HWA 15.0 Who's doing the Scanning? ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid Netsentry.net and all IPs in the 38.x.x.x range appear to be systematically scanned. Owners of machines in that range, which is controlled by PSINet want action to be taken, but what action? So far scanning is not illegal, so what can be done? And who is doing the scans and why? MSNBC http://www.msnbc.com/news/302835.asp Scanning for trouble Relentless computer ‘probes’ cause concern, but no damage yet By Bob Sullivan MSNBC Aug. 23 — Dragos Ruiu was just minding his own business, a Vancouver software start-up, when it started. Day after day, relentlessly, someone or some group out there on the Internet is banging away at his servers, sneaking in and gaining full access. A security expert, he knows what’s happening: He’s being probed. Is this mere sport, or a “casing,” like a bank robber who visits the bank several times to study its security systems before the heist? EVERY DAY they come, they lurk — then they leave without doing damage. And Ruiu is powerless to stop it. Every method he has tried, they have trumped. They’re toying with him. “They must feel like gods,” he says. They come at him through clients’ computers, through Canadian ISPs, once even through one of the largest Canadian banks. They hack into Linux boxes, NT boxes, Unix boxes. Hack by day or night. No matter. And all for no apparent reason. They look, but don’t touch. Ah, the life of a network administrator these days. There are thousands of ways to break into a computer, and there are now several downloadable software packages designed to scan the Internet for Web sites and servers that have just one flaw. According to Peter Tippett at computer security research firm ICSA, a new box connected to the Net will almost certainly be “scanned” before one week goes by. And the amount of scanning activity has doubled in the past six months. That’s about when the scanning started for Brandon Pepelea, a former employee at PSINet who says his collection of Web sites has been scanned systematically several times a week since January. In another example of a victimless probe, Pepelea thinks someone or something has been banging through all the Internet addresses between 38.240.x.x and 38.200.x.x, a so-called Class-B range of addresses that constitute about 16,000 possible computers. In his case, the scans were unsuccessful. Whoever or whatever it is, they haven’t been able to break into Pepelea’s computers. Still, the relentless, systematic nature of the probe has him spooked. He’s been demanding that PSINet, which owns all the addresses in the 38.x.x.x range, chase down the scanner and prosecute. “I don’t think they understand how serious it is,” Pepelea said. “The threat not so much being the nature of the scan but the scope of the scan… If you’re between 38.240 and 38.200 you’ve had the scans. They’ve walked through and gotten to you.” NOSE FOR TROUBLE The attack itself involves use of the Simple Network Management Protocol, frequently used on network routers. Pepelea owns machines between the 38.240 and 38.200 address range, and concluded scans spanned that range by studying patterns of hits to his own and his client’s machines. Dancing tantalizingly over the edge of the law, they show an ability to do far more damage. This is not the first time Pepelea, now CEO of a small security company he calls “Designer’s Dream,” has done a hefty amount of personal cybersleuthing. Last December, he compiled information on a virus writer named VicodinES, and shared it with the FBI, the CIA and other law enforcement agencies. His tips fell on deaf ears, and VicodinES, who the world now knows as Dave Smith, went on to release the Melissa virus. Pepelea’s hell bent on being heard this time around. “Once again, nobody cares,” he laments. PSINet said early last week the scans were being generated by an account serviced by the company, and that it had dealt with the matter by canceling the account. But by Friday, the company had canceled three more accounts in an effort to stop the probes. While officials there say they take the matter seriously, they are not convinced it’s an organized hacker attack. “It’s not possible to characterize whether this is a mistake, a malicious event, was planned, or it just happened,” said Cole Libby, Director of Network Engineering. For example, it could a wrongly configured piece of hardware searching a section of the Internet for a new printer. “There are lots of examples of technology out of control in the world.” NO HARM, NO FOUL? Scanning, the cyberspace equivalent of walking down Main Street and jiggling handles to see who leaves the front door unlocked, brings up murky legal issues. Entering someone else’s computer is illegal, but scanning, which amounts to asking a computer how it’s been set up, probably isn’t. Pepelea says PSINet told him to pursue legal action against his cyberpest — but for what? Meanwhile, Pepelea thinks PSINet should be liable if any real trouble ever comes from his suspected hacker, particularly since the Net provider was warned. That’s not likely, says Internet law expert Dorsey Morrow. PSINet would almost certainly face no criminal liability for the actions of a hacker on their network, and wouldn’t likely face civil liability either. “As long as they can show ‘We were doing everything we can. We’ve got security policies in place. We’re using the latest software.’ That mounts up to a pretty good defense,” Morrow said. So there’s no consequences for scanning, either to the hacker or the company that provides the means. But what of Ruiu’s hackers, who go just one step further than Pepelea’s scanners? They scan, then enter, lurk around, and leave. Dancing tantalizingly over the edge of the law, they show an ability to do far more damage. Their methods are painstakingly deliberate, designed to avoid detection. They launch attacks from multiple sites, sometimes sending no more than a packet per day from any site, in order to hide the kind of suspicious activity protective “sniffer” programs look for. “We saw one new machine coming at us every five minutes,” Ruiu said. “They must have felt like gods because they could break into any machine they wanted.” That includes a collection of Canadian ISPs, and even one major Canadian bank, the hackers broke into. When he called, Ruiu often had a tough time convincing victimized ISP administrators they’d been hacked. “The reaction of ISPs was disbelief,” he said. “One didn’t believe us until a marketing guy had his laptop taken out and it started sending weird packets.” Ruiu is convinced the hacks are coming from a coordinated team, because of their speed and variety. But while the cat-and-mouse game continues, he can only speculate on motive. His company, a 15-person startup called Netsentry.net, is hardly a big target. So Ruiu thinks his outside efforts in the security community are likely to blame. He recently worked on project called “Trinux,” which aimed to create a security-enhanced version of Linux that fits on one floppy disk. Among his partners was Ken Williams, who until recently ran Packet Storm Security, perhaps the most popular reference site in the hacker community. “I suspect these guys are targeting security software,” he said, but added they have not revealed their intentions. “This is really bugging me. The lack of a motive really disturbs me…it gave me the creeps.” The attacks have also been humbling for Ruiu, who has spent a lot of time chasing the hackers when he could be working to get his business off the ground. “There are a lot of assumptions we’re all making about Internet security that we shouldn’t,” he said. ”“There’s a lot of things we don’t know.” For example, these hackers made a habit of hijacking machines Ruiu’s computers normally talked to, then initiated attacks from these supposedly “friendly” computers. That made them almost impossible to detect. “If they get a machine that’s close to your machine, that’s almost as bad as taking over your Web server. It’s a great place to launch an attack on your firewall,” he said. Nothing about Ruiu or Pepelea’s stories surprised ICSA’s Tippett, who expects security problems to get worse before they get better. “It’s the wild, wild West out there,” he said. “The tools are pervasive and so common. The chance of getting caught is pretty slim… Our neighbors are now very close and enough of them don’t have a great social conscience.” A more extensive report on the one of these attacks, written by Ruiu, can be found at www.securityfocus.com. If you have more information about this story, e-mail tipoff@msnbc.com. @HWA 16.0 Japanese Police Go After Copyright Infringers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Hosimi The Akita Prefectural Police are investigating the activities of a civil servant who allegedly posted accounting software and MP3s to the internet in violation of copyright law. The suspect had all of his computer equipment confiscated last month. Asia Biz Tech http://www.nikkeibp.asiabiztech.com/wcs/leaf?CID=onair/asabt/moren/79863 Akita Prefecture Police Pursue Internet Crime August 24, 1999 (TOKYO) -- The Akita Prefectural Police on Aug. 19 sent papers alleging unauthorized Internet program delivery to the Akita District Prosecutor's Office, for prosecution. The case is being pursued by the Kisakata Police Station. In the case, a male civil servant residing in Akita Prefecture is believed to have been engaged in unauthorized free delivery of personal computer programs and digital music data over the Internet. The man is suspected of infringing on the right of public transmission under the Copyright Law. According to the prefectural police, the man had registered accounting software of Obic Business Consultants Ltd. and MP3-based musical data on his home PC. He is suspected of having posted these programs on the Internet so that PC users can download them free of charge.

In June, the Kisakata Police Station investigated the man's house and confiscated his PCs and peripheral equipment. The police decided to send papers pertaining to the case to the district public prosecutor's office because the free delivery of PC software was deemed to be illegal, it said. The Japan Society of Rights of Authors and Composers has already accused the man of unauthorized delivery of musical data. The Akita Prefectural Police's task force specializing in high-tech crimes played a significant role in this investigation. To combat the increasing number of high-tech crimes, the National Police Agency is calling on prefectural police stations to organize task forces specializing in high-tech crimes, starting in the current fiscal year. The task force set up by the Akita police has reportedly contributed substantially to analysis of communications records and other matters related to the case. (BizTech News Dept.) @HWA 17.0 Anti-Gay Web domain Returned to Original Owner ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ contributed by Code Kid Last week the web domain registration of www.godhatesfags.com was altered to point to the same people who own the www.godlovesfags.com. The change was accomplished by someone using an anonymous remailer with the internic registration database. The admins of www.godlovesfags.com has returned the domain to the original owner. CNN http://cnn.com/TECH/computing/9908/23/hack.folo/index.html Anti-gay site goes back to rightful owners August 23, 1999 Web posted at: 4:52 PM EDT (2052 GMT) By D. Ian Hopper CNN Interactive Technology Editor As slowly as it came, the road to love veered back to hate on an anti-gay Web site run by Pastor Fred Phelps of the Westboro Baptist Church in Topeka, Kansas. Last Wednesday, domain name registrar Network Solutions’ Internic directory was fooled to associate the godhatesfags.com domain name with the server containing godlovesfags.com, a pro-gay site. Kris Haight, a systems administrator at Sugar-River.Net, a New Hampshire Internet service provider, still maintains that he did not make the change himself, and was the beneficiary of a still-anonymous hacker. His site received about 70,000 page views after the switch, which had only received a total of 7,500 page views prior to Wednesday. Haight finally relinquished the name on Friday, after pressure from his employer and his employer’s service provider, a larger Internet provider which sells connectivity to the smaller ISP. According to Haight, a lawyer from the Phelps organization contacted the larger provider, Destek Networking Group of Nashua, New Hampshire, and threatened action. Destek then contacted Haight. Haight then attempted to contact Phelps, leaving a message telling Phelps to check his e-mail for a notice from Internic that the domain name was pointed back to the original host server. Phelps' organization refused to confirm the call to Destek, and continued to downplay the incident. “It hasn’t hurt us one iota,” said Shirley Phelps-Roper, Fred Phelps’ daughter and a lawyer for the organization. “It demonstrated to the world that fags are what we said they are. These experiences confirm what the scripture says about them. They are lawless; nothing is sacred with them.” T. Parsinnen, owner of Sugar-River.Net and Haight’s employer, said he knew nothing of the change until after it happened. “We received an e-mail giving a server change to godhatesfags, “ Parsinnen explained, “But I didn’t notice anything in particular. I thought, ‘Oh, that’s Kris’s domain, I don’t have to do anything about it.’ It was so close that it didn’t register to me what it actually was.” The next day, Kris told him what he did. “I said, ‘You’re going to have to give that back,’ and he said he would.” Parssinen said he doesn’t anticipate any legal action and will continue to host the godlovesfags Web site. Haight is leaving the company for another job opportunity. According to Parssinen, it’s just in time. “To demonstrate to everybody that we had nothing to do with what took place, we would have been forced to terminate his employment.” A mystery remains, though. Who made the switch? Parssinen said he doesn’t think Haight knew how to do it himself, and Haight refuses to give any more information about the e-mail that told him to watch for the switch, other than it was from an anonymous remailer. There’s plenty of speculation, however, ranging from a Phelps ploy to sabotage himself in order to get more media attention, to a result of the recent Chaos Communication Camp in Germany, to a challenge made to hackers to reassign a set of domain names. Nevertheless, Network Solutions spokesperson Nancy Huddleston said that there are three levels of domain name security, and relatively few choose the highest level, password encryption. With that level, this sort of domain redirection wouldn’t have been nearly as easy to do. “We just sent another alert to our users telling them about the three levels of security,” Huddleston said. Even with more security, it seems almost inevitable that high-profile and controversial sites will continue to be a prime target for attention-hungry hackers. Phelps-Roper has resigned herself to that fact, reporting that the godhatesfags site has been a target many times before, usually with denial-of-service attacks. You know there’s 365 days in a year, Phelps-Roper said, If we’re down 3, we’re still up the rest. We don’t really care. (Gotta love their attitude, this kills me... bahahaha - Ed) @HWA 18.0 EXPLOIT-DEV Mailing List Started ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Ryan In an effort to promote discussion on potential or undeveloped holes a new mailing list has been created by the folks at Security Focus. The list will be dedicated to interactively developing exploits. Security Focus http://www.securityfocus.com/forums/exploit-dev/faq.html We are pleased to host a new security mailing list that may be of interest BUGTRAQ subscribers. What is EXPLOIT-DEV? There are many forums for reporting security bugs and distributing exploit code or examples. A prime example of such a forum is the BUGTRAQ mailing-list. However, nearly all of these forums exist mostly for the dissemination of fully-researched reports, and they leave little room for discussion. In addition, many bugs are spotted not written-up, due to lack of interest, time, or expertise. The EXPLOIT-DEV list exists to allow people to report potential or undeveloped holes. The idea is to help people who lack expertise, time, or information about how to exploit a hole do so. The EXPLOIT-DEV list is dedicated to the concept of full disclosure. We believe that release of exploit code serves the security community overall. Since the list is dedicated to interactively developing exploits, there will there will generally NOT be an opportunity to warn software vendors or authors. In many cases it will not be clear that there is a problem until the exploit or description is finalized, at which point all list subscribers will know. It is very appropriate to notify vendors or authors as soon as it is clear there is a problem. For more information read http://www.securityfocus.com/forums/exploit-dev/faq.html To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body of: SUBS EXPLOIT-DEV Firstname Lastname -- Elias Levy Security Focus http://www.securityfocus.com/ @HWA 19.0 NetBus - Product Under Siege ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Judd UltraAccess.net, the company that makes NetBus Pro, is lashing out against Anti-Virus vendors for restricting sales of its product by labeling the software as a virus. Net Bus Pro 2.1 is a remote administration tool similar to Back Orifice that allows an administrator to control a remote system. UltraAccess.net is claiming that AV vendors like Symantec think that NetBus is competition for their remote administration software and that is why it is being flagged by the AV software. UltraAccess says that unless some sort of agreement can be reached they may purse legal action against AV companies for defamation and restraint of trade. UltraAccess.net http://www.ultraaccess.net @HWA 20.0 Worst Security Hole Ever? ~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Weld Pond This new hole in Internet Explorer 5 allows an infocriminal to place a program on a victim's hard disk that will be executed at the next reboot. The bug can be exploited from a user opening a web page or reading an email. The problem is located with an Active X control called "Object for constructing type libraries for scriptlets". Microsoft is working on a fix, in the meantime users are urged to turn off Active X within their browsers. (Sure glad I use Netscape.) George Guninski's Home Page - Demo and Source Code Available http://www.nat.bg/~joro/ Internet News http://www.internetnews.com/prod-news/print/0,1089,9_188461,00.html New IE5 Security Bug the Worst Ever? August 24, 1999 Brian McWilliams, InternetNews.com Correspondent Product News Archives Bulgarian browser bugmeister Georgi Guninski is at it again. The 27-year-old independent computer consultant has discovered a new security flaw affecting Internet Explorer 5, which enables a malicious hacker to place a program on the victim's hard disk, to be executed at the next reboot. Guninski is credited by Microsoft with discovering and publicizing a number of significant security flaws in its Internet Explorer browser in the past year. While he's also spotted several security bugs in Netscape's Navigator, Guninski is especially fond of poking holes in Active X, the scripting technology used in IE. "I think this is the most significant of my discoveries and the most dangerous also," Guninski told InternetNews Radio. "It allows a Web page or e-mail message to take control of the computer and do anything." According to Guninski, the attack can be launched by causing IE5 users to click on a hyperlink on a web page, but it also can be transmitted by e-mail to users of Microsoft's Outlook 98. The exploit places an executable program in an HTML Application file in a Window 95 or 98 computer's start-up folder. When the victim reboots his or her computer, the program will execute. Guninski said the problem lies in an Active X control called "Object for constructing type libraries for scriptlets". He has posted a demo and source code of the exploit at his Web site. Microsoft officials were not immediately available for comment. Guninski asserts that the company has reproduced the bug and plans to issue a patch. In the meantime, concerned IE5 users can protect themselves by going into security tab of the browser's Internet Options menu, and disabling ActiveX controls or plug-ins. @HWA 21.0 IRC Banned in Malaysia ~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by AlienPlague Undernet, EFnet and DALNet, Internet Relay Chat Networks, had banned users from Malaysia for seven days last week. Both of Malaysia's Internet service providers Jaring and TMNet ISPs had been banned from using the networks effectively cutting off the entire country. The ban was due to users in the country abusing the networks services. After discussions with both ISPs the ban was lifted last Friday. South China Morning Post http://www.technologypost.com/internet/Daily/19990824110643506.asp?Section=Mai INTERNET Malaysians banned from global IRC network NEWSBYTES Undernet, a worldwide Internet Relay Chat (IRC) network that allows people to connect to its privately-run computer servers free of charge to communicate in real time over the Internet, has banned Internet users from both of Malaysia's only two Internet service providers (ISPs) for abusing its services. Although Undernet is one of many IRC networks, it is one of the largest and joins two of the other largest - DALNet and EFnet - in instituting temporary or permanent bans on Internet users logging on from the Jaring or TMNet ISPs in Malaysia. Bans typically run for several hours to days or weeks depending on the network and the level of abuse and the response of ISPs to complaints from IRC network administrators. Within the IRC community, abusive behaviour ranges from repeated offensive behaviour toward other users, automatically flooding chat rooms with multiple messages, running robot programs and launching denial of service attacks against other users or the servers themselves (basically, trying to hack the system and bring it down). Because Internet users often connect from dial-up connections it is impossible for IRC networks to identify and ban an individual user as they can just log out and return with a different IP address. This is where IRC administrators ask ISPs for assistance with serious offenders who do not respond to IRC operators requests to cease online. Since the ISP can connect an IP address at any point in time to a particular user, they are in a position to pass on a warning or even account termination if hacking is against the ISP's terms of service, which is the case for most ISPs worldwide. IRC networks do not usually take the next step and ban a whole ISP's domain, and so all of its users guilty and innocent, unless the ISP is unresponsive to abuse reports. Undernet found that Jaring and TMNet administrators ignored abuse reports and so they were forced to ban all users from both services for seven days last week. "In the last few months alone, over 182,300 global bans have been set against various address's in the *@*.my domain," read an Undernet.org e-mail sent to Jaring and TMNet. "We simply cannot afford to absorb the costs of these attacks any longer. "We must either reach some form of working, responsible relationship with the administrators of the various *.my providers, or these bans will become permanent. "Basically, we are only asking that they support and enforce their own policies they have in place already." Undernet lowered the bans against Jaring on Friday after some discussion between the two organisations. The network presented the ISP with a list of requests and suggestions for abuse management. TMNet, the ISP arm of national telco Telekom Malaysia, had not contacted Undernet on Friday and on Sunday a permanent ban was placed on the TM.net.my IP space. Undernet officials said that the bans were not about Malaysian Internet users being particularly worse behaved than any other country's. They said it was about "irresponsible and unresponsive administration of the Malaysian ISPs". "We are not singling out Malaysia, but it is in general is the most abusive domain currently accessing the Undernet," said Undernet. "Malaysian IP space and resources are being used to launch denial of service attacks and the last attack against one of our routing servers was the straw that broke the camel's back." Undernet estimated it costs its hosts US$2.2 million in bandwidth alone to run the Undernet network each year. At times more than 30,000 users are connected simultaneously from all around the world. @HWA 22.0 I want my, I want my, I want my HNN - more goodies from HNN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Space Rogue Monday HNN announced that the new Java HNN News Ticker is available on the Affiliate Resources page. Today we are happy to announce several new ways which you can receive your HNN. With our new XML backend we now have channels on My Netscape and My Userland. This is in addition to our box on Slashdot and our previously announced PQA for the Wireless Palm Pilot. We've got even more features in the works so keep your eyes open. I want my HNN http://www.hackernews.com/misc/myhnn.html @HWA 23.0 Melissa Creator Admits Guilt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Code Kid David L. Smith, the man who has been charged with creating and disseminating the Melissa virus, admitted to investigators that he did it, according to court papers. Lawyers for the defense dispute that an admission of guilt was made. Smith has pleaded not guilty to charges of interrupting public communication, conspiracy, theft of computer service, and wrongful access to computer systems. David Smith remains free on $100,000 bail. C|Net http://www.news.com/News/Item/0,4,40912,00.html?st.ne.fd.mdh.ni Nando Times http://www.nandotimes.com/technology/story/body/0,1634,85786-135501-944958-0,00.html CNN http://www.cnn.com/US/9908/25/melissa.virus.ap/index.html C|Net; Court papers: Smith admits to creating Melissa virus By Erich Luening Staff Writer, CNET News.com August 25, 1999, 8:25 a.m. PT update The New Jersey man charged with creating the Melissa virus, which disrupted computers around the world, admitted to investigators that he did it, according to court papers. On April 1, David L. Smith was arrested by federal and state officials and charged with creating and disseminating the Melissa virus that began spreading across the Internet March 26. Smith, 30, a resident of Aberdeen Township, New Jersey, was arrested at the home of his brother in Eatontown, New Jersey. Smith was tracked down with the help of America Online and by traced phone calls. A spokesman for the New Jersey Attorney General's office told CNET's News.com that the prosecution "expects to see some kind of resolution by September." He would not elaborate further. A brief filed in state superior court by supervising deputy attorney general Christopher G. Bubb said Smith waived his Miranda rights and spoke to investigators when police arrived at his apartment, according to a courthouse spokesperson. Smith admitted to writing the "Melissa" macro virus, illegally accessing America Online for the purpose of posting the virus onto the Internet, and destroying the personal computer he used to post the virus, Bubb stated. The state attorney filed his brief in response to a motion made by Smith’s attorney Edward F. Borden Jr. seeking certain prosecution documents. The FBI continues to provide assistance to New Jersey prosocuters in the case. Federal charges have not been levied against Smith. "The decision to bring federal charges against Smith is at the descretion of the U.S. Attorney," said FBI spokesperson Debbie Weierman. In April, Smith pleaded not guilty to charges of interrupting public communication, conspiracy to commit the offense, and the attempt to commit the offense. He also pleaded not guilty to charges of two lesser offenses: theft of computer service and wrongful access to computer systems. If convicted on the state charges, Smith faces a maximum of 40 years in prison and fines of $480,000. AOL tipped the New Jersey attorney general's office to the virus's originator. AOL said it had tracked the source through a listserver to Monmouth County, New Jersey. Since his arrest, Smith has changed attorneys. The Melissa virus was first introduced on an "alt.sex" newsgroup using the AOL account of Scott Steinmetz, whose username was "skyroket." Steinmetz, a civil engineer in Lynnwood, Washington, told CNET News.com that he had nothing to do with writing or introducing the virus. The virus used a combination of Microsoft's Outlook and Word programs to spread, taking advantage of users' email address book entries to gain the appearance of coming from a known person. Smith remains free on $100,000 bail. Nando Times; Accused admitted creating 'Melissa' virus, prosecutor says Copyright © 1999 Nando Media Copyright © 1999 Associated Press From Time to Time: Nando's in-depth look at the 20th century. FREEHOLD, N.J. (August 25, 1999 10:57 a.m. EDT http://www.nandotimes.com) - The man charged with creating the Melissa computer virus that clogged e-mail systems around the world last spring admitted he created the bug, a prosecutor alleges in court papers. David L. Smith, a former computer programmer, was arrested in April. A brief filed in state Superior Court by Supervising Deputy Attorney General Christopher G. Bubb says Smith waived his Miranda rights and spoke to investigators when police arrived at his apartment. "Smith admitted, among other things, to writing the 'Melissa' macro virus, illegally accessing America Online for the purpose of posting the virus onto cyberspace, and destroying the personal computers he used to post 'Melissa,'" Bubb wrote. Defense lawyer Edward P. Borden Jr. told the Asbury Park Press of Neptune that he disputes Bubb's assertions. He refused to comment further, the newspaper reported Wednesday. The Melissa virus was disguised as an e-mail marked "important message" from a friend or colleague of each recipient. It caused affected computers to create and send 50 additional infected messages. The volume of messages generated slowed some systems to a crawl. Authorities say the virus was named after a topless dancer in Florida. Bubb's brief was filed in response to a defense motion seeking additional prosecution documents. Borden says he needs the prosecution documents to file a motion to suppress evidence seized during the search of Smith's apartment. A hearing on his motion was to be held Wednesday afternoon. Smith is charged with interruption of public communications, conspiracy and theft of computer service. The maximum penalty for the offense is 40 years in prison. He remains free on $100,000 bail. CNN; Prosecutor says man admitted creating 'Melissa' computer virus August 25, 1999 Web posted at: 10:49 AM EDT (1449 GMT) FREEHOLD, New Jersey (AP) -- The man charged with creating the Melissa computer virus that clogged e-mail systems around the world admitted he created the bug, a prosecutor alleges in court papers. David L. Smith, a former computer programmer, was arrested in April. A brief filed in state Superior Court by Supervising Deputy Attorney General Christopher G. Bubb says Smith waived his Miranda rights and spoke to investigators when police arrived at his apartment. "Smith admitted, among other things, to writing the 'Melissa' macro virus, illegally accessing America Online for the purpose of posting the virus onto cyberspace, and destroying the personal computers he used to post 'Melissa,' " Bubb wrote. Defense lawyer Edward P. Borden Jr. told the Asbury Park Press of Neptune that he disputes Bubb's assertions. He refused to comment further, the newspaper reported today. The Melissa virus was disguised as an e-mail marked "important message" from a friend or colleague of each recipient. It caused affected computers to create and send 50 additional infected messages. The volume of messages generated slowed some systems to a crawl. Authorities say the virus was named after a topless dancer in Florida. Bubb's brief was filed in response to a defense motion seeking additional prosecution documents. Borden says he needs the prosecution documents to file a motion to suppress evidence seized during the search of Smith's apartment. A hearing on his motion was to be held Wednesday afternoon. Smith is charged with interruption of public communications, conspiracy and theft of computer service. The maximum penalty for the offense is 40 years in prison. He remains free on $100,000 bail. @HWA 24.0 cDc Responds to Allegations About HKBs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Evil Wench Oxblood Ruffin, from the Cult of the Dead Cow, gives an interview about the existence of the Hong Kong Blondes. The HKBs are a group of Chinese dissidents who are trying to destabilize the Chinese Government through the Internet. Last week a report was issued that there was no evidence to support their existence and concluded that therefore they must not exist. IT Daily http://www.itdaily.com/daily.lasso?-database=dailybasepublic&-layout=today&-response=itdailyfree.htm&-recid=39830&-search Thursday, August 25, 1999 Cult claims Hong Kong hackers are real threat US hackers respond to itdaily.com story By Neil Taylor Leading US hacker group the Cult of the Dead Cow has told itdaily.com that elusive Chinese hackers the Hong Kong Blondes are operating in Asia. According to the CDC, the Blondes are a group of Chinese dissidents who aim to destabilise the Chinese Government through the Internet. Along with an offshoot named the Yellow Pages, the group threatened to use information warfare to attack China's information infrastructure. The group threatened to attack both Chinese state-owned organisations and Western companies investing in the country. When the group was first reported, the CDC claimed to be training the Blondes in encryption and intrusion techniques. A recent investigation by itdaily.com found no evidence of the group's existence. Despite approaching the Hong Kong ISP Association, the Hong Kong Government, Police, universities, security experts and hackers alike, nobody contacted by itdaily.com knew anything about the group. However, CDC foreign minister OXblood Ruffin told itdaily.com that the Hong Kong Blondes are for real, and that they are operating in Asia. The chief organisers, nicknamed Blondie Wong and Lemon Li, were last reported to be based in India. "The Blondes do exist, although the CDC has truncated our official relationship with them," said Ruffin. "The Yellow Pages on the other hand briefly existed but were shut down by me." Ruffin said that the reason the group has been so low-key is that they operate secretly to avoid compromising members in China "They're hyper secure. They're organised in cells of three members with no one but Blondie and Lemon knowing the entire membership." The CDC has portrayed the Hong Kong Blondes as "hacktivists"; meaning they break into computer networks for political ends. "The Yellow Pages got together and they were gonna do support work to draw attention to social justice issues in China linked to current trading practices on the Western side..." Ruffin said that he later learned that the group planned to shut down the networks of a number of large US corporations, at which point he decided to disband the group and disassociate himself with the Hong Kong Blondes. "The American public would not have supported any such adventure and it would have worked seriously against the cause," he said. He added that the CDC no longer maintains any relationship with the group. As previously reported in itdaily.com, the first and only Hong Kong Blondes interview was leaked to the press by the CDC just one month before the group released its well-known remote administration tool Back Orifice. BO can be installed on a Windows PC without the user's knowledge, giving full control over the machine to unauthorised third parties. Since then, Back Orifice has become widespread internationally, particularly in China. There is still no evidence beyond the word of OXblood Ruffin that the Hong Kong Blondes do, in fact, exist, but as Ruffin's e-mail signature notes: "First we take the networks, then we take Peking." @HWA 25.0 $50G Offered in 'Hacker Challenge' Publicity Stunt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From HNN http://www.hackernews.com/ contributed by Yazmon Global Markets Research (GMR), a UK company, has offered $50,000(US) to anyone who can break their proprietary email system within three months. The company designed 1on1 e-mail "to guarantee complete confidentiality", the program uses 2048 bit encryption while email is in transit and can autodelete email after it has been read. BBC http://news.bbc.co.uk/hi/english/sci/tech/newsid_430000/430084.stm 1 on 1 Mail http://1on1mail.com HNN has stated its feelings about these 'Hacker Challenges' before. These should not be considered adequate testing methods. Reasons, 1) Most people with the knowledge to break systems like this are busy making bigger money elsewhere, 2) The real bad guys don't want to give away their secrets, 3) this is not a controlled environment conducive to good research. If companies want publicity and a good test of their security then they should hire someone li